.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Bandit : Tool Designed To Find Common Security Issues In Python Code
Bandit is a tool designed to find common security issues in Python code. To do this it processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once it has finished scanning all the files it generates a report. It was originally developed within the OpenStack Security Project and later rehomed to PyCQA. Installation It...
Brutemap : Let’s Find Someone’s Account
Brutemap is an open source penetration testing tool that automates testing accounts to the site's login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also no longer need to ask CMS What is this? only to find parameter forms, because it will do it automatically. It is also equipped with an attack method that makes...
Intrigue Core : Discover Your Attack Surface
Intrigue Core is a framework for external attack surface discovery and automated OSINT. There are a number of use cases: Application and Infrastructure (Asset) DiscoverySecurity Research and Vulnerability DiscoveryMalware Campaign Research & Indicator EnrichmentExploratory OSINT Research Developers To get started setting up a development environment, follow the instructions below! Setting up a development environment Follow the appropriate setup guide: Vagrant (preferred) - http://core.intrigue.io/getting-started-with-intrigue-core-on-vagrant-virtualbox/Docker - https://core.intrigue.io/2017/03/07/using-intrigue-core-with-docker/ Now that you...
Spiderfoot : The Most Complete OSINT Collection & Reconnaissance Tool
SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN, e-mail address or person's name. It can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or...
Miteru : An Experimental Phishing Kit Detection Tool
Miteru is an experimental phishing kit detection tool. Following are the features that can be used for the tool; Phishing kit detection & collection. Slack notification. Threading. How it works? It collects phishy URLs from the following feeds:CertStream-Suspicious feed via urlscan.ioOpenPhish feed via urlscan.ioPhishTank feed via urlscan.ioAyashige feedIt checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file)...
Security RAT : Tool For Handling Security Requirements In Development
OWASP Security RAT (Requirement Automation Tool) is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developingbased on this information, list of common security requirements is generatedgo through the list of the requirements and choose how you want to handle the requirementspersist the...
Rogue : An Extensible Toolkit Providing Penetration Testers An Easy-To-Use Platform
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By using Rogue, penetration testers can easily perform targeted evil twin attacks against a variety of wireless network types. Rogue was originally forked from s0lst1c3's eaphammer project. The fundamental idea...
SecureTea Project : OWASP Application Designed To Help Secure Unauthorised Access
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac &...
DeepSearch – Advanced Web Dir Scanner For Bruteforce
DeepSearch is a simple command line tool for bruteforce directories and files in websites. you can also use Dark web browser to surf anonymously. DeepSearch Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Also ReadInvisi-Shell : Hide Your Powershell Script In Plain Sight(Bypass all Powershell security features) Usage Basic: python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt Force extension for...
JWT Tool : A Toolkit For Testing, Tweaking & Cracking JSON Web Tokens
JWT Tool(jwt_tool.py) is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a tokenTesting for the RS/HS256 public key mismatch vulnerabilityTesting for the alg=None signature-bypass vulnerabilityTesting the validity of a secret/key/key fileIdentifying weak keys via a High-speed Dictionary AttackForging new token header and payload values and creating a new signature with...
