Arjun : HTTP Parameter Discovery Suite
Arjun is a web applications use parameters (or queries) to accept user input, take the following example into consideration. http://api.example.com/v1/userinfo?id=751634589 This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when set to True makes the endpoint provide more information about the user? This is what Arjun does, it finds...
HomePWN : Swiss Army Knife for Pentesting of IoT Devices
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can...
Femida : Automated blind-XSS Search For Burp Suite
Femida is automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp -> Extender -> Add -> find and select blind-xss.py Also Read - IoT Implant : Toolkit For Implant Attack Of IoT Devices How to use? Settings First of all you need to setup your callback URL in field called "Your url" and press Enter to automatically save it inside config.py file. After you set...
Slither : Static Analyzer for Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. It enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses. Features Detects vulnerable Solidity code with low false positivesIdentifies where the error...
AutoMacTC : Automated Mac Forensic Triage Collector
AutoMacTC is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for analysis. The output may provide valuable insights for incident response in a macOS environment. Automactc can be run against a live system or dead disk (as a mounted volume.) Requirements Python 2.7 (Mac systems ship...
Password Lense: Reveal Character Types In A Password
Certain characters in passwords ('O' and '0', 'I' and 'l', etc.) can be hard to identify when you need to type them in (and copy-paste is unavailable). Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Features Color codes each character in your password with a corresponding legend/keyHover-based tooltip...
Snare : Super Next Generation Advanced Reactive HonEypot
Snare is a super next generation advanced reactive honeypot.It is a web application honeypot sensor attracting all sort of maliciousness from the Internet. Basic Concepts Surface first. Focus on the attack surface generation.Sensors and masters. Lightweight collectors and central decision maker (tanner). Getting Started You need Python3. We tested primarily with >=3.5This was tested with a recent Ubuntu based Linux. Also...
Osmedeus – Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
Osmedeus is a fully automated offensive security framework for reconnaissance and vulnerability scanning Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.sh This install only focus on Kali linux How To Use? If you have no idea what are you doing just type the command below or check out the Advanced...
Uac-A-Mola : Tool For Security Researchers To Investigate New UAC Bypasses
UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. Installation To install uac-a-mola you have to perform the following actions: Download and install python 2.7.x for Windows taking into account your particular infrastructure, you can find the binaries here: https://www.python.org/downloads/Add...
FOCA : Tool To Find Metadata & Hidden Information In The Documents
FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with the most common being Microsoft Office, Open Office, or PDF files, although it also analyses Adobe InDesign or SVG files, for...
