OWASP Threat Dragon – Cross-Platform Threat Modeling Application

Threat Dragon is a free, open-source, cross-platform threat modeling application including system diagramming and a rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project. The focus of the project is on great UX, a powerful rule engine and integration with other development lifecycle tools.There is a good overview of threat modeling and riskRead More

Jaeles v0.9 – The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.InstallationDownload precompiled version here.If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get github.com/jaeles-project/jaeles Please visit the Official Documention for more details.Read More

BlackDir-Framework – Web Application Vulnerability Scanner

Web Application Vulnerability Scanner. Spider Directories Find Sub Domain Advanced Dorks Search Scan list of Dorks Scan WebSites [Xss,Sql] Reverse Ip Lookup Port Scan Installation: git clone https://github.com/RedVirus0/BlackDir-Framework.gitcd BlackDirpip3 install -r requirements.txtpython3 BlackDir.py Download BlackDir-Framework

PayloadsAllTheThings – A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the _template_vuln folder to create a new chapter: README.md – vulnerability description and how to exploit it Intruder – a set of files to giveRead More

SharpRDP – Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

To compile open the project in Visual Studio and build for release. Two DLLs will be output to the Release directory, you do not need those because the DLLs are in the assembly. If you do not want to use the provided DLLs you will need to .NET SDK to create the AxMSTSCLib.dll DLL. ToRead More

0L4Bs – Cross-site Scripting Labs For Web Application Security Enthusiasts

Cross-site scripting labs for web application security enthusiastsList of Chall : ~ Chall 1 | URL~ Chall 2 | Form~ Chall 3 | User-Agent~ Chall 4 | Referrer~ Chall 5 | Cookie~ Chall 6 | LocalStorage~ Chall 7 | Login Page~ Chall 8 | File Upload~ Chall 9 | Base64 Encoding~ Chall 10 | RemovesRead More

InjuredAndroid – A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style

A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device Download injuredandroid.apk from Github Enable USB debugging on your Android test phone. Connect your phone and your pc with a usb cable. Install via adb. adb install injuredandroid.apk. Note: You need to useRead More

Acunetix v13 – Web Application Security Scanner

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. This release further strengthens the leading position of Acunetix onRead More

Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. InstallationDownload precompiled version here.If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get -u github.com/jaeles-project/jaeles Please visit the Official Documention forRead More

AlertResponder – Automatic Security Alert Response Framework By AWS Serverless Application Model

AlertResponder is a serverless framework for automatic response of security alert. OverviewAlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response. Inspector investigates entities that are appeaered in the alert including IP address, Domain name and store a result: reputation,Read More

X