The Nmap Scanner for Telco. With the current focus on telecom security, there used tools in day to day IT side penetration testing should be extended to telecom as well. From here came the motivation for an nmap-like scanner but for telco The current security interconnect security controls might fail against reconnaissance , although mobile […]
Cyber criminals are getting smarter and more resourceful. They are now spoofing hardware accessories to spread their malicious payloads. Recent reports have revealed that some hackers have begun sending malicious which trick the user into believing that the attachment is coming from the network printer. Researchers at Barracuda reported attacks of this nature in November […]
Loki is a free and simple IOC (Indicators of Compromise) scanner, a complete rewrite of main analysis modules of the APT Scanner THOR. Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on file data and process memory Hash check Compares known […]
Wapiti allows you to audit the security of your websites or web applications. It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and […]
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web […]
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required (python-git on Debian). Usage ./reposcanner -r <repository> Options: optional arguments: -h, –help show this help message and exit -r REPO, –repo REPO Repo to […]
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won’t damage production systems, it’s completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. It detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and […]
Use nmap to scan hidden “onion” services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS requests to port 9053. […]
XAttacker is a Website Vulnerability Scanner & Auto Exploiter developed by Mohamed Riahi Auto Cms Detect [1] WordPress : [+] Adblock Blocker [+] WP All Import [+] Blaze [+] Catpro [+] Cherry Plugin [+] Download Manager [+] Formcraft [+] levoslideshow [+] Power Zoomer [+] Gravity Forms [+] Revslider Upload Shell [+] Revslider Dafece Ajax [+] […]
A Scanner for M3UA protocol to detect Sigtran supporting nodes M3UA stands for MTP Level 3 (MTP3) User Adaptation Layer as defined by the IETF SIGTRAN working group in RFC 4666 .M3UA enables the SS7 protocol’s User Parts (e.g. ISUP, SCCP and TUP) to run over IP instead of telephony equipment like ISDN and PSTN. […]
WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework […]
This tool is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. For more info click here. Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit $ python wpsploit.py plugin_file.php or $ wget https://raw.githubusercontent.com/m4ll0k/wp_sploit/master/wpsploit.py $ python wpsploit.py plugin_file.php Example $ wget https://plugins.svn.wordpress.org/analytics-for-woocommerce-by-customerio/trunk/admin/class-wccustomerio-admin.php $ python wpsploit.py class-wccustomerio-admin.php Download […]
Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine […]
Sn1per is an automated pentest recon scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info […]
AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows. AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less […]
Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version scip VulDB. Version 2.0 of Nmap NSE Vulscan is available online. This major release […]
v3n0m is a free and open source scanner. Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Very useful for executing: Cloudflare Resolver[Cloudbuster] Metasploit Modules Scans[To be released] […]
The short answer to the headline’s question is that a UEFI scanner is all about helping you protect your computer against people who seek to take it over by abusing its Unified Extensible Firmware Interface (UEFI). A successful attack on a system’s UEFI can give the attacker complete control of that system, including persistence: the […]
Striker is an offensive information and vulnerability scanner. Features Just supply a domain name to Striker and it will automatically do the following for you: Check and Bypass Cloudflare Retrieve Server and Powered by Headers Fingerprint the operating system of Web Server Detect CMS (197+ CMSs are supported) Launch WPScan if target is using WordPress […]
Exitmap is a fast and modular Python-based scanner for Tor exit relays. Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap as a map() interface for Tor exit relays: Modules can perform any TCP-based networking task like fetching a […]
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index […]