SUB 404 : A Fast Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why? During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib method …

Wprecon : A Vulnerability Recognition Tool In CMS WordPress

Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Status Features ✅ Random Agent ✅ Detection WAF ✅ User Enumerator ✅ Plugin Scanner ✅ Theme Scanner ✅ Tor Proxy’s ✅ Detection Honeypot ✅ Fuzzing Backup Files ? Fuzzing Passwords ? Vulnerability Scanner Usage Flag(s) Description -u, –url string …

Bulwark : An Organizational Asset & Vulnerability Management Tool

Bulwark is an organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note: Please keep in mind, this project is in early development. Launch With Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”172.16.16.3″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop …

Grype : A Vulnerability Scanner For Container Images And Filesystems

Grype is a vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubuntu Find vulnerabilities for language-specific packages Ruby (Bundler) Java …

vPrioritizer : Tool To Understand The Contextualized Risk (vPRisk)

As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry and it’s safe to assume that count is going to increase furthermore. It’s a huge number of vulnerabilities to assess and remediate effectively and quickly. So today organizations are focusing (or should focus) on reducing …

Sifter : OSINT, Recon & Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewall, enumerate remote and local hosts, and scan for the ‘blue’ vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir …

Token Breaker : JSON RSA To HMAC & None Algorithm Vulnerability POC

Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokens Try out this vulnerability here TheNone Usage Usage: TheNone.py [-h] -t TOKENTokenBreaker: 1.TheNoneAlgorithmOptional Arguments:-h, –help show this help message and exitRequired Arguments:-t TOKEN, …

Purify : All-In-One Tool For Managing Vulnerability Reports

The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools. Purify is designed to analyze the report of any tool, if the report is in JSON or XML format. This means you don’t need any special plug-ins to process reports from your selection …

Faraday : Collaborative Penetration Test & Vulnerability Management Platform

Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit. Made for true pentesters! It was made to let you take advantage of the available tools in the community in a truly multiuser way. It crunches the …

Tentacle : A POC Vulnerability Verification & Exploit Framework

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. Install pip3 install -r requestment.txt Also Read – DigiTrack : Attacks For $5 or Less Using Arduino Usage …