Burp Suite Tutorial – A Web Application Penetration Testing Tool – Beginners Guide

In this Burp Suite Tutorial, we are going to elaborately describe the Burp Suite tool and its features that are bundled in a single suite made for Web Application Security assessment as well as Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Burp Suite free edition installed. There is …

Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App

Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like: Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion …

OWASP Coraza WAF : A Golang Modsecurity Compatible Web Application Firewall Library

OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution (Debian and Centos are recommended, Windows is not supported yet) Golang compiler v1.16+ Migrate from v1 Rollback SecAuditLog to the legacy syntax (serial/concurrent) Attach …

SourceLeakHacker : A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a multi-threads web directories scanner. Installation pip install -r requirements.txt Usage usage: SourceLeakHacker.py [options]optional arguments:-h, –help show this help message and exit–url URL url to scan, eg: ‘http://127.0.0.1/’–urls URLS file contains urls to scan, one line one url.–scale {full,tiny} build-in dictionary scale–output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss–threads THREADS, -t THREADSthreads numbers, default: …

Cumulus : Web Application Weakness Monitoring, It Would Be Working By Add Just 3 Codelines

Cumulus is a service that helps you monitor and fix security weakness in realtime. The issues will be reported on web dashboard. It’s very simple and powerful. Key features Just install SDK to web front, can be found security weakness on service SDK detect weakness from Inner Layer, dynamically (ex_ DOM Event, XHR Request) Scanner …

defenselessV1 : Just Another Vulnerable Web Application

defenselessV1 is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable application is also being developed. Please let …

0l4bs : Cross-Site Scripting Labs For Web Application Security Enthusiasts

Ol4bs is a cross-site scripting labs for web application security enthusiasts. List of Chall ~ Chall 1 | URL ~ Chall 2 | Form ~ Chall 3 | User-Agent ~ Chall 4 | Referrer ~ Chall 5 | Cookie ~ Chall 6 | LocalStorage ~ Chall 7 | Login Page ~ Chall 8 | File …

Jaeles : The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get -u github.com/jaeles-project/jaeles Usage Example commands: – jaeles scan -u http://example.com– jaeles scan …

Hakrawler : Discovery Of Endpoints & Assets Within A Web Application

Hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It can be used to discover: Forms Endpoints Subdomains Related domains JavaScript files The goal is to create the tool in a way that it can be easily chained with other tools such as subdomain enumeration …

Kirjuri : Web Application For Managing Cases & Physical Forensic Evidence Items

Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large (or small!) number of devices submitted for forensic analysis. Kirjuri requires PHP7. …