Janusec – Golang Based Application Security Solution Which Provides WAF
Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Also ReadPastego – Scrape/Parse Pastebin Using GO & Expression Grammar Janusec Key Features WAF (Web Application Firewall), block SQL Injection, Cross-site Scripting, Sensitive Data Leakage, CC...
Sheepl – Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments
Sheepl is a tool for creating realistic user behaviour for supporting tradecraft development within lab environments. There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current solutions tend to lack one important aspect in representing real world network configurations. A network...
ZIP File Raider – Burp Extension for ZIP File Payload Testing
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps. ZIP File Raider Installation Set up Jython standalone Jar in Extender > Options...
NodeJsScan – Static Security Code Scanner For Node.js Applications
NodeJsScan is a static security code scanner (SAST) for Node.js applications. Configure & Run Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py pip3 install -r requirements.txt python3 migrate.py # Run once to create database entries required python3 app.py # Testing Environment gunicorn -b 0.0.0.0:9090 app:app --workers 3 --timeout 10000 # Production Environment This will run it on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in...
Vba2Graph – Generate Call Graphs From VBA Code For Easier Analysis Of Malicious Documents
Vba2Graph is a tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. Vba2Graph Features Keyword highlighting VBA Properties support External function declarion support Tricky macros with "_Change" execution triggers Fancy color schemes! Pros Pretty fast ...
Ache – Web Crawler For Domain-Specific Search
ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant pages in a given domain. A page classifier can be from a simple regular...
SSH Auditor – Scan For Weak SSH Passwords On Your Network
SSH Auditor is the best way to scan for weak ssh passwords on your network. SSH Auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known host whose ssh version or key...
Hassh : Tool Used To Identify Specific Client & Server SSH Implementations
HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint. Also ReadWebMap : Nmap Web Dashboard and Reporting HASSH help with? Use in highly controlled, well understood environments, where any fingerprints outside of a known good...
Pastego – Scrape/Parse Pastebin Using GO & Expression Grammar
Pastego Scrape/Parse Pastebin using GO and grammar expression (PEG). Pastego Installation $ go get -u github.com/edoz90/pastego Also ReadHackertarget: Tools And Network Intelligence To Help Organizations With Attack Surface Discovery Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && ~earthquake, password && ~(php || sudo || Linux || '<body>')" This command will search for bins...
CloudBunny – CloudBunny Is A Tool To Capture The Real IP Of The Server
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection. How CloudBunny Works In this tool...
