Kali
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why? During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib method …
Continue reading “SUB 404 : A Fast Tool To Check Subdomain Takeover Vulnerability”
Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Status Features ✅ Random Agent ✅ Detection WAF ✅ User Enumerator ✅ Plugin Scanner ✅ Theme Scanner ✅ Tor Proxy’s ✅ Detection Honeypot ✅ Fuzzing Backup Files 🔨 Fuzzing Passwords 🔨 Vulnerability Scanner Usage Flag(s) Description -u, –url string …
Continue reading “Wprecon : A Vulnerability Recognition Tool In CMS WordPress”
Bulwark is an organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note: Please keep in mind, this project is in early development. Launch With Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”172.16.16.3″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop …
Continue reading “Bulwark : An Organizational Asset & Vulnerability Management Tool”
Grype is a vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubuntu Find vulnerabilities for language-specific packages Ruby (Bundler) Java …
Continue reading “Grype : A Vulnerability Scanner For Container Images And Filesystems”
As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry and it’s safe to assume that count is going to increase furthermore. It’s a huge number of vulnerabilities to assess and remediate effectively and quickly. So today organizations are focusing (or should focus) on reducing …
Continue reading “vPrioritizer : Tool To Understand The Contextualized Risk (vPRisk)”
Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewall, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir …
Continue reading “Sifter : OSINT, Recon & Vulnerability Scanner”
Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokens Try out this vulnerability here TheNone Usage Usage: TheNone.py [-h] -t TOKENTokenBreaker: 1.TheNoneAlgorithmOptional Arguments:-h, –help show this help message and exitRequired Arguments:-t TOKEN, …
Continue reading “Token Breaker : JSON RSA To HMAC & None Algorithm Vulnerability POC”
The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools. Purify is designed to analyze the report of any tool, if the report is in JSON or XML format. This means you don’t need any special plug-ins to process reports from your selection …
Continue reading “Purify : All-In-One Tool For Managing Vulnerability Reports”
Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit. Made for true pentesters! It was made to let you take advantage of the available tools in the community in a truly multiuser way. It crunches the …
Continue reading “Faraday : Collaborative Penetration Test & Vulnerability Management Platform”
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. Install pip3 install -r requestment.txt Also Read – DigiTrack : Attacks For $5 or Less Using Arduino Usage …
Continue reading “Tentacle : A POC Vulnerability Verification & Exploit Framework”
