NodeJsScan – Static Security Code Scanner For Node.js Applications
NodeJsScan is a static security code scanner (SAST) for Node.js applications. Configure & Run Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py pip3 install -r requirements.txt python3 migrate.py # Run once to create database entries required python3 app.py # Testing Environment gunicorn -b 0.0.0.0:9090 app:app --workers 3 --timeout 10000 # Production Environment This will run it on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in...
Vba2Graph – Generate Call Graphs From VBA Code For Easier Analysis Of Malicious Documents
Vba2Graph is a tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. Vba2Graph Features Keyword highlighting VBA Properties support External function declarion support Tricky macros with "_Change" execution triggers Fancy color schemes! Pros Pretty fast ...
Ache – Web Crawler For Domain-Specific Search
ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant pages in a given domain. A page classifier can be from a simple regular...
SSH Auditor – Scan For Weak SSH Passwords On Your Network
SSH Auditor is the best way to scan for weak ssh passwords on your network. SSH Auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known host whose ssh version or key...
Hassh : Tool Used To Identify Specific Client & Server SSH Implementations
HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint. Also ReadWebMap : Nmap Web Dashboard and Reporting HASSH help with? Use in highly controlled, well understood environments, where any fingerprints outside of a known good...
Pastego – Scrape/Parse Pastebin Using GO & Expression Grammar
Pastego Scrape/Parse Pastebin using GO and grammar expression (PEG). Pastego Installation $ go get -u github.com/edoz90/pastego Also ReadHackertarget: Tools And Network Intelligence To Help Organizations With Attack Surface Discovery Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && ~earthquake, password && ~(php || sudo || Linux || '<body>')" This command will search for bins...
CloudBunny – CloudBunny Is A Tool To Capture The Real IP Of The Server
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection. How CloudBunny Works In this tool...
Osmedeus – Automatic Reconnaisance and Scanning in Penetration Testing
Osmedeus is a automatic Reconnaisance and Scanning in Penetration Testing. Osmedeus allow you to do boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools. Osmedeus Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux. How to use If you have no idea what are you doing just type the command below ./osmedeus.py -t...
BabySploit – Beginner Pentesting Toolkit/Framework Written in Python
BabySploit is a penetration testing toolkit aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit. With a very easy to use UI and toolkit, anybody from any experience level will find use out of BabySploit. Below are some screenshots of the framework. BabySploit Installation BabySploit is best run out of the home directory so...
Manticore : Symbolic Execution Tool
Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Beginning with version 0.2.0, Python 3.6+ is required. Manticore Features Input Generation: Manticore automatically generates inputs that trigger unique code paths Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations Execution Tracing: Manticore records an instruction-level trace of execution for each generated input Programmatic...
