Browsing category
Hello! Welcome. Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Notice: Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner. Branch Dev Compile and Install Features Random Agent Detection WAF User Enumerator Plugin Scanner Theme Scanner […]
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to […]
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the […]
uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer. Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. Features very little hack and easy to build can target any specified function or code snippet coverage-guided fuzzing with considerable speed dependence resolved and […]
SMTPTester is a python3 tool to test SMTP server for 3 common vulnerabilities: Spoofing – The ability to send a mail on behalf of an internal user Relay – Using this SMTP server to send email to other address outside of the organization user enumeration – using the SMTP VRFY command to check if […]
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of […]
Mosca Manual analysis tool to find bugs like a grep unix command, Version 0.05 because is not dynamic… uses static code to search… don’t confuse with academic views hahaha don’t have graph here or CFG… is a simple “grep” *egg modules is a config to find to vulnerabilities *you can use at C, PHP, […]
tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don’t want to go through the trouble of setting this […]
Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): Hashes MD5, SHA1 and SHA256 (using md5sum, sha1sum, sha -a 256) File Names string – checked for substring of the full path, e.g. “temp/p.exe” in “/var/temp/p.exe” Strings grep in files C2 Server checking for […]
Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and inferences. The project will include the development of a […]
FAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is built in order to use for the “Offensive IoT Exploitation” training conducted by Attify. Note: As of now, it is simply a script to automate Firmadyne which is a tool used […]
Mondoo is infrastructure and security analytics your cloud-native applications. By removing the code literacy, we strive to make infrastructure operations and it’s state accessible to all. It works with bare-metal, VMs, clouds, containers and Kubernetes. Quick Start Install mondoo: Workstation export MONDOO_REGISTRATION_TOKEN=’changeme’ curl -sSL http://mondoo.io/download.sh | bash Service export MONDOO_REGISTRATION_TOKEN=’changeme’ curl -sSL http://mondoo.io/install.sh | bash […]
Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment (without any actual setup – no domain, no infrastructure, no actual email address) to assess people’s action on any given situation and gives ability to understand what is the current awareness posture What? One of the objective of […]
DetExploit is software that detect vulnerable applications and not-installed important OS updates on the system, and notify them to user. As we know, most of cyberattacks uses vulnerability that is released out year before. I thought this is huge problem, and this kind of technology should be more powerful than technology that will detect […]
Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service, SCADA systems, and more. Moreover, more specific searches are possible. As a result of the search, Shodan shows us the number of […]
Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. How to use Pocsuite with seebug PoC search and zoomeye dork Pocsuite with seebug PoC and zoomeye dork Pocsuite with […]
stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed to be enterprise ready and scalable, while also being lean […]
Utility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog – Compressed File Upload And Command Execution and from OWASP – Test Upload of Malicious Files This script will create archive which contains files with “../” in […]
celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Configurable – Some common tools are in the default config, but you can add any tool you want Service Aware – Uses nmap/nessus service names rather than port numbers to decide […]
Here’s the main new features and improvements in Faraday v3.3: Workspace archive You are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later on if needed. […]
Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information. https://www.reddit.com/r/django/comments/87qcf4/28165_thousand_django_running_servers_are_exposed/ https://twitter.com/6ix7ine/status/978598496658960384?lang=en Usage Usage: python3 djangohunter.py –key {shodan} Dorks: ‘DisallowedHost’, ‘KeyError’, ‘OperationalError’, ‘Page not found at /’ Requirements Shodan Pyfiglet Requests BeautifulSoup pip -r install requirements Demo Disclaimer Code samples are provided for educational purposes. Adequate defenses can only be built […]