Tag Archives: Vulnerability Scanner

Request_Smuggler : Http Request Smuggling Vulnerability Scanner

Request_Smuggler is a Http request smuggling vulnerability scanner. Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE:request_smuggler [OPTIONS] –urlFLAGS:-h, –help Prints help information-V, –version Prints version informationOPTIONS:–amount-of-payloads low/medium/all [default: low]-t, –attack-types[ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: “ClTeTime” “TeClTime”]–filesend request from a …

Continue reading “Request_Smuggler : Http Request Smuggling Vulnerability Scanner”

Red-Shadow : Lightspin AWS IAM Vulnerability Scanner

Red-Shadow is a tool for Lightspin AWS IAM Vulnerability Scanner. Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups discovered by Lightspin’s Security Research Team. The tool detects the misconfigurations in the following IAM Objects: Managed Policies Users Inline Policies Groups Inline Policies …

Continue reading “Red-Shadow : Lightspin AWS IAM Vulnerability Scanner”

Sifter : OSINT, Recon & Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewall, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir …

Continue reading “Sifter : OSINT, Recon & Vulnerability Scanner”

Jshole : A JavaScript Components Vulnerability Scanner

Jshole is a simple JavaScript components vulnrability scanner, based on RetireJS. Why use JShole instead of RetireJS? By default, RetireJS only searches one page, but JShole tries to crawl all pages. Requirements requests Install git clone https://github.com/callforpapers-source/jshole.gitcd jsholepip3 install -r requirementspython3 jshole.py usage: jshole [-h] -u URL [-d] [-l LIMIT] [-t THREAT]optional arguments:-h, –help show …

Continue reading “Jshole : A JavaScript Components Vulnerability Scanner”

Sifter : A Osint, Recon & Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir …

Continue reading “Sifter : A Osint, Recon & Vulnerability Scanner”

TakeOver : Sub-Domain TakeOver Vulnerability Scanner

Sub-domain TakeOver vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if subdomain.example.com was pointing to a GitHub page …

Continue reading “TakeOver : Sub-Domain TakeOver Vulnerability Scanner”

Trivy : Simple & Comprehensive Vulnerability Scanner

Trivy is a Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). It is easy to use. Just …

Continue reading “Trivy : Simple & Comprehensive Vulnerability Scanner”

DSSS – Damn Small SQLi Scanner

DSSS (Damn Small SQLi Scanner) is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie. Also Read – SQLMap : Automatic SQL Injection & Database Takeover Tool Requirements Python version 2.6.x or 2.7.x is required for running this program. …

Continue reading “DSSS – Damn Small SQLi Scanner”

Yaazhini – Free Android APK & API Vulnerability Scanner

Yaazhini is a free vulnerability scanner for android APK and API. It is a user-friendly tool that you can easily scan any APK and API of android application and find the vulnerabilities. It includes vulnerability scan of API, the vulnerability of APK and reporting section to generate a report. System Requirements Operating Systems : Mac …

Continue reading “Yaazhini – Free Android APK & API Vulnerability Scanner”

Whitewidow : SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, ability to launch sqlmap from the program, and a fun environment. This program …

Continue reading “Whitewidow : SQL Vulnerability Scanner”