A tool made for specially scanning nearby devices[BLE,Bluetooth & Wifi] and execute our given command on our system when the target device comes in between range. NOTE:- RadareEye Owner will be not responsible if any user performs malicious activities using this tool. Use it for Learning purpose only. Installation of RadareEye : git […]
sigurls is a reconnaissance tool, it fetches URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h _ _ ___(_) __ _ _ _ _ __| |___ / __| |/ _` | | | | ‘__| / __| […]
Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious […]
Scanning APK file for URIs, endpoints & secrets. Installation To install apkLeaks, simply: $ git clone https://github.com/dwisiswant0/apkleaks $ cd apkleaks/ $ pip install -r requirements.txt Or download at release tab. Dependencies This package works in Python2 (not Python3). Install global packages: Linux $ sudo apt-get install libssl-dev swig -y OSX $ brew install openssl […]
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the […]
Information security researchers often require plugins for vulnerability scanners in Kali Linux, although due to licensing restrictions these tools are not included in the distribution. Fortunately Kali includes OpenVAS, which is free and open source, as mentioned by vulnerability testing specialists from the International Institute of Cyber Security (IICS). In this article we’ll show you […]
Other leaked data included a range of personal information such as names, addresses and personal healthcare information.
XSpear XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected(or all) params Reflected Params All… The post XSpear v1.3 releases: Powerfull XSS Scanning and Parameter Analysis tool appeared first on Penetration Testing.
This has only been tested on Kali.It depends on the msfrpc module for Python, described in detail here: https://www.trustwave.com/Resources/SpiderLabs-Blog/Scripting-Metasploit-using-MSGRPC/Install the necessary Kali packages and the PostgreSQL gem for Ruby: apt-get install postgresql libpq-dev git-core gem install pgInstall current version of the msfrpc Python module from git: git clone git://github.com/SpiderLabs/msfrpc.git msfrpc cd msfrpc/python-msfrpc python setup.py installUsageBefore […]
ReconPi – A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.Start using that Raspberry Pi — I know you all have one laying around somewhere ? InstallationCheck the updated blogpost here for a complete guide on how to set up your own ReconPi: ReconPi GuideIf you prepared your […]
A simple CORS misconfiguration scannerBased on the research of James KettleCORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential vulnerabilities are detected by sending a certain Origin […]
What issues would face scanning attached to a mobile device resolve and, if used correctly, would it make the incursion into my privacy acceptable?
Turbolist3r is a subdomain enumeration tool which can identify subdomain takeovers. It is heavily based on sublist3r: https://latesthackingnews.com/2016/01/27/sublist3r-free-tool-to-enumerate-subdomains-for-pentester/ Installation and usage git clone https://github.com/fleetcaptain/Turbolist3r cd Turbolist3r/ pip3 install -r requirements.txt There are various options such as port scanning, brute force on subdomains, input and output files, dns resolvers: The following command shows how a typical […]
Following various rumors, China will now start scanning faces before issuing a new mobile phone or a new SIM card to people living in the country. The new rule is introduced by China’s Ministry of Industry and Information Technology and was announced back in September. This mandate is to ensure that the rights and interests […]
tfsec tfsec uses static analysis of your terraforms templates to spot potential security issues. Now with terraform v0.12+ support. Features Checks for sensitive data inclusion across all providers Checks for violations of AWS, Azure and GCP security best practice recommendations Scans modules (currently only local modules are supported) Evaluates expressions as well as literal values […]
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. UsageUsing Corsy is pretty simplepython corsy.py -u https://example.comA delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON output and scanning multiple hosts will be added later. Tests implemented Pre-domain bypass […]
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network.Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan […]
Corsy Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Tests implemented Pre-domain bypass Post-domain bypass Backtick bypass Null origin bypass Invalid value Wild card value Origin reflection test Third-party allowance test HTTP allowance test Install git clone https://github.com/s0md3v/Corsy.git Use python corsy.py -u https://example.com Copyright (C) 2019 s0md3v Source: https://github.com/s0md3v/ […]
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. […]
Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning. Installation steps The installation process is similar to installation for every github tool: Go to the repository: Github […]
LiveTargetsFinder Generates lists of live hosts and URLs for targeting, automating the usage of Massdns, Masscan, and nmap to filter out unreachable hosts Given an input file of domain names, this script will automate the usage of MassDNS to filter out unresolvable hosts, and then pass the results on to Masscan to confirm that the […]