.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Novahot – A Webshell Framework For Penetration Testers
Novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals, including mysql, sqlite3, and psql. It additionally implements "virtual commands" that make it possible to...
DjangoHunter : Tool To Identify Incorrectly Configured Django Applications
Djangohunter is a tool designed to help identify incorrectly configured Django applications that are exposing sensitive information. DjangoHunter Usage Usage: python3 djangohunter.py --key {shodan} Dorks: 'DisallowedHost', 'KeyError', 'OperationalError', 'Page not found at /' Requirements ShodanPyfigletRequestsBeautifulSoup pip -r install requirements Also ReadScannerl : The Modular Distributed Fingerprinting Engine Video Tutorial Disclaimer Code samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to...
WPScan – Checks Vulnerabilities and Spots Security Issues
WPScan effectively scans your WordPress website and checks the vulnerabilities within the core version, plugins, themes, etc helping to spot the security issues. Firstly, install WPScan!Installation can be done through githubgit clone https://github.com/wpscanteam/wpscanN Go to the directory where you have downloaded wpscan and install the bundle files.bundle install && rake install Now, we are ready to use WPScan!wpscan --url http://target.tld --enumerate uUse the...
CRS – OWASP ModSecurity Core Rule Set
The OWASP ModSecurity Core Rule Set or CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. It aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. Also ReadXSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors...
Hayat – Google Cloud Platform & Auditing & Hardening Script
Hayat tool used for Google Cloud Platform Auditing & Hardening Script. What does that mean Hayat? Well, I had a hard time finding a unique name, honestly. "Hayat" is a Turkish word which means "Life" in English and also my niece's name. Are you ready to meet her? Hayat is a auditing & hardening script for Google Cloud Platform services such as: ...
Secret Keeper : Python Script To Encrypt & Decrypt Files With A Given Key
Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard (AES). CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. Also ReadXSS Fuzzer : Tool Which Generates XSS Payloads Based On User-Defined Vectors & Fuzzing Lists Secret Keeper Features Secret Keeper has...
Lightbulb Framework : Tools For Auditing WAFS
LightBulb Framework is an open source python framework for auditing web application firewalls and filters. LightBulb Framework Synopsis The framework consists of two main algorithms: GOFA: An active learning algorithm that infers symbolic representations of automate in the standard membership/equivalence query model. Active learning algorithms permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program...
PENTOL – Pentester Toolkit for Fiddler2 2018
PENTOL is a pentester Toolkit is built as a plugin for the Fiddler HTTP debugging proxy. Pentol Features CORS DETECTED Cross-Origin Resource Sharing CRLF DETECTED HTTP response splitting JSON DETECTED CSP DETECTED Headers DETECTED (X-Frame-Options) Also ReadKamerka – Build Interactive Map Of Cameras From Shodan USAGE Install Fiddler2 Open Fiddler2 Press Key CTRL + R or Rules > Customize Rules... Copy all...
theHarvester – Tool To Gather Email Address, Sub Domain and Hosts
“theHarvester Tool” is a simple and effective tool to gather the Email Address, Employee Names, Hostnames, Sub Domains, IP addresses, and Virtual Hosts, from different public sources (eg: Google, LinkedIn) How do we do it? - theHarvester git clone https://github.com/laramies/theHarvester.git Open the directory where the files are cloned to: Also read Mcreator – Encoded Reverse Shell Generator With Techniques To Bypass AV’s Run the...
Triton – Dynamic Binary Analysis (DBA) Framework
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools,...
