celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Configurable – Some common tools are in the default config, but you can add any tool you want Service Aware – Uses nmap/nessus service names rather than port numbers to decide […]
Joomscan is a scanner by OWASP, which aims to automate the task for vulnerability assessments for Joomla based sites. Based in perl, this tool can enumerate the version, vulnerabilities, components, firewalls and more, all in one friendly to use interface. Installing Joomscan First, let’s clone the repository to our machine. git clone https://github.com/rezasp/joomscan.git All the […]
dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box: […]
Knock is a python based tool for enumerating subdomains on a targeted domain. You can use a custom wordlist and also you can scan a domain for DNS zone transfers. It also supports queries to Virus Total subdomains. Installing Knock First things first, you have to install the dependencies manually. apt-get install python-dnspython After that […]
Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports. Install # Requires ruby, ruby-dev, gem, python3 and git git clone […]
MASSBLEED:- Massbleed is a SSL vulnerability scanner. Its mainly check vulnerability in ssl of the target sites, as per ethical hacking investigators. Massbleed is an open source project and can be modified according to requirement. It does not contain any license. Massbleed scans the website/ip address and try to find the SSL vulnerability. Massbleed is […]
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost-effective and secure, Linux is the server operating system of choice for many large organizations including Facebook, Twitter, and Google. Acunetix is one of the first commercial, automated web vulnerability scanners to be released […]
TOR EXIT RELAY SCANNER:- As we all know tor is used for anonymous communication in anonymity network. Exitmap modules implement tasks that are run over of subset of all exit relays. It’s fast and modular python-based scanner for tor exit relays. Exitmap is useful to monitor the accuracy of all exit relays. As per ethical hacking […]
DeepSearch is a simple command line tool for bruteforce directories and files in websites. Installation $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch $ cd deepsearch $ pip3 install requests $ python3 deepsearch.py Screenshots UsageBasic: python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt Force extension for every wordlist entry (support one extension): python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php […]
Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Below is an example gif of Armor being used with a simple Netcat payload. A Netcat listener is started on port 4444. The “payload.txt” file is read and shown to contain a simple Bash one-liner that, when executed, […]
Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning. Scannerl works on Debian/Ubuntu/Arch (but will probably work on other distributions as well). It […]
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby >= 2.2.2 – Recommended: 2.3.3 Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault RubyGems – Recommended: latest From RubyGems: gem install […]
Wapiti is an open source tool that scans web applications for multiple vulnerabilities including data base injections, file disclosures, cross site scripting, command execution attacks, XXE injection, and CRLF injection. The database injection includes SQL, XPath, PHP, ASP, and JSP injections. Command execution attacks include eval(), system(), and passtru() vulnerabilities. Besides identifying the aforesaid vulnerabilities, […]
There is a huge difference between an Android antivirus and an Android app that offers vulnerability scans. The former has questionable effectiveness due to the way Google developed Android as a Linux-based system with a sandbox app system. APK files do not interact with other Android apps on a deep level, as each app is […]
XenoScan is a memory scanner which can be used to scan the memory of processes to locate the specific locations of important values. These types of tools are typically used when hacking video games, as they allow one to locate the values representing the game’s state in memory. XenoScan is written in C++ with a […]
In today’s world, automation is the name of the game. People expect a faster way to do the job, to meet deadlines and settle obligations. Same goes with the security industry, the system administrator profession, and web development jobs; automation lessens the time to finish the tasks. PHP, a well-known language in web development is […]
Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web […]
Zeus scanner is an open source tool used for reconnaissance and vulnerability assessments of web applications. The tool is equipped with a powerful parsing engine to extract cached web pages from multiple search engines. During parsing, the robots.txt and sitemap.xml files information of target host is saved in a file on the local system. The […]
Droopescan is a python based scanner that is used to scan the web applications that utilise Drupal, SilverStripe, and WordPress. The types of information that can be analyzed with Droopescan are those of plugins, themes, versions, and urls like admin panels. This information is useful in identifying known vulnerabilities associated with specific themes and plugins. […]
RapidScan is a python based scanning tool used for analyzing vulnerabilities in web applications. The tool is equipped with scanning utilities, such as Nmap, Golismero, Nikto, Uniscan, and Dnsrecon. The tool runs these utilities to find vulnerabilities in web applications. Some well-known checks performed by the tool include XSS, SQLi, DNS zone transfer, Local File […]
Webpwn3r is a powerful scanning tool, written in Python, to detect remote command execution vulnerabilities, cross site scripting attacks, and database weaknesses in the web applications. The current version of the tool has the ability to scan a single url or list of urls provided in a text file. The tool is able to provide […]