AttackSurfaceMapper : Tool That Aims To Automate The Reconnaissance Process
AttackSurfaceMapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive ...
HuskyCI : Performing Security Tests Inside Your CI
HuskyCI is an open source tool that orchestrates security tests and centralizes all results into a database for further analysis and metrics. It can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), and Java (SpotBugs plus Find Sec Bugs). It can also audit repositories for secrets...
Shelly : Simple Backdoor Manager With Python
Shelly adalah sebuah tool sederhana yang ditulis menggunakan Python, yang berfungsi untuk meremote sebuah website. Installation $ git clone https://github.com/tegal1337/Shelly $ cd Shelly $ python3 shell.py Also Read - Secretx : Extracting API keys & Secrets By Requesting Each URL At The Your List Requirements sudo pip install -r requirements.txt Example : Download
Spraykatz : Credentials Gathering Tool Automating Remote Procdump & Parse Of Lsass Process
Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detection by antivirus software as much as possible. Installation This tool is written for python>=3. Do not use this on production environments! Ubuntu On a fresh updated Ubuntu. apt update apt install...
BetterBackdoor : A Backdoor With A Multitude Of Features
BetterBackdoor is a backdoor is a tool used to gain remote access to a machine. Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response. This is useful, but it is also limited. BetterBackdoor overcomes these limitations by including the ability to inject keystrokes, get screenshots, transfer...
Okadminfinder : Admin Panel Finder / Admin Login Page Finder
OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x, for admins/pentesters who want to find admin panel of a website. There are many other tools but not as effective and secure. Yeah, Okadminfinder has the the ability to use tor and hide your identity. Requirements Linux sudo apt install tor sudo apt install python3-socks (optional) pip3 install...
Lazyrecon : Automate Your Reconnaissance Process In An Organized Fashion
LazyRecon is a script written in Bash, it is intended to automate some tedious tasks of reconnaissance and information gathering. This tool allows you to gather some information that should help you identify what to do next and where to look. Main Features Create a dated folder with recon notes Grab subdomains using: * Sublist3r, certspotter and cert.sh *...
Path Auditor : Detecting Unsafe Path Access Patterns
The Path Auditor is a tool meant to find file access related vulnerabilities by auditing libc functions. Path Auditor idea is roughly as follows: Audit every call to filesystem related libc functions performed by the binary.Check if the path used in the syscall is user-writable. In this case an unprivileged user could have replaced a directory or file with a symlink.Log all violations...
Most Important Security Tips to Protect Your Website From Hackers
Do you think they need your date? Do you think they need access to your credit cards? There is something more valuable for hackers than you think. One of the main targets of modern hackers is to get access to your servers. It allows them to use it as an email relay for spam. But what else they can do...
Automatic API Attack Tool 2019
Automatic API Attack Tool is a imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output. Automatic API Attack tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint...