Wordlistctl : Fetch, Install & Search Wordlist Archives From Websites & Torrent Peers
Wordlistctl is a script to fetch, install, update and search wordlist archives from websites offering wordlists with more than 2900 wordlists available. In the latest version of the Blackarch Linux it has been added to /usr/share/wordlists/ directory. Also Read : Trommel : Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators Installation pacman -S wordlistctl Usage $ wordlistctl -H --====--usage:wordlistctl -f | -s ...
Electronegativity : A Tool to Identify Misconfigurations & Security Anti-Patterns in Electron Applications
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using it, as some of the potential issues detected by the tool require manual...
SALT – SLUB ALlocator Tracer for the Linux Kernel
Welcome to salt, a tool to reverse and learn kernel heap memory management. It can be useful to develop an exploit, to debug your own kernel code, and, more importantly, to play with the kernel heap allocations and learn its inner workings. This tool helps tracing allocations and the current state of the SLUB allocator in modern linux kernels. It is written...
Reko : A General Purpose Decompiler
Reko (Swedish: "decent, obliging") is a C# project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and a ASP.NET front end exist at the time of writing....
PHP : Security Check List 2019
PHP : Hypertext Preprocessor is a web-based, server-side, multi-use, general-purpose, scripting and programming language that can be embedded in HTML. The PHP development, which was first created by Rasmus Lerdorf in 1995, is now being run by the PHP community. The PHP programming language is still used by a large developer. It is the most known...
Beef : The Browser Exploitation Framework Project
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF...
SecLists : Security Tester’s Companion For Security Assessments
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing...
WAF ByPass : Firewall Bypass Script Based On DNS History Records
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters. This script will try to find: the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...an old server which still running the same...
Pompem : Tool For Exploits & Vulnerability in Database
Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability...
Trommel : Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
TROMMEL sifts through embedded device files to identify potential vulnerable indicators. It identifies the following indicators related to: Secure Shell (SSH) key filesSecure Socket Layer (SSL) key filesInternet Protocol (IP) addressesUniform Resource Locator (URL)email addressesshell scriptsweb server binariesconfiguration filesdatabase filesspecific binaries files (i.e. Dropbear, BusyBox, etc.)shared object library filesweb application scripting variables, andAndroid application package (APK) file permissions. It has also integrated vFeed which...
.webp "RustHound : A Cross-Platform BloodHound Collector Tool")
