Ruse – Mobile Camera-Based Application That Attempts To Alter Photos To Preserve Their Utility To Humans While Making Them Unusable For Facial Recognition Systems

Mobile camera-based application that attempts to alter photos to preserve their utility to humans while making them unusable for facial recognition systems. Installation (1) Easy Method: Wait and download app from appropriate app store. (2) Download and run ios app via XCode (see Development setup for more detail) Usage example App is developed as aRead More

Allsafe – Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts IRead More

WAF-A-MoLE – A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls

A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessing the robustness of yourRead More

ABPTTS – TCP Tunneling Over HTTP/HTTPS For Web Application Servers

A Black Path Toward The Sun (TCP tunneling over HTTP for web application servers) https://www.blackhat.com/us-16/arsenal.html#a-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS uses a Python client script and a web application server page/package[1] to tunnel TCP traffic over an HTTP/HTTPS connection to a web application server. In other words, anywhere that one could deploy a webRead More

Mole – A Framework For Identifying And Exploiting Out-Of-Band Application Vulnerabilities

A framework for identifying and exploiting out-of-band (OOB) vulnerabilities. Installation & Setup Mole Install Python >= 3.6 virtualenv -p /usr/bin/python3 venv source venv/bin/activate ./venv/bin/pip3 install -r requirements.txt git submodule update –init –recursive Set an API key in config.yml (must be the same for the client and server) DNS Configuration You’ll need to configure the DNSRead More

Damn-Vulnerable-GraphQL-Application – Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook’s GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook’s GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test for vulnerabilities. DVGA has numerousRead More

Sigurlx – A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does …: Categorize URLs URLs’ categories: > endpoint > js {js} > style {css} > data {json|xml|csv} > archive {zip|tar|tar.gz} > doc {pdf|xlsx|doc|docx|txt} > media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff} Next, probe HTTP requests to the URLs for status_code, content_type, e.t.c Next, for every URL of category endpoint with aRead More

Damn-Vulnerable-Bank – Vulnerable Banking Application For Android

Damn Vulnerable Bank Android Application aims to provide an interface for everyone to get a detailed understanding with internals and security aspects of android application. How to Use Application Clone the repository and run the Backend Server as per instructions in the link. We have released the Apk so after downloading install it via adbRead More

Bulwark – An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note Please keep in mind, this project is in early development. Launch with Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”172.16.16.3″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop Bulwark containers:Read More

Octopus WAF – Web Application Firewall Made In C Language And Use Libevent

OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections. First step Instal lib-pcre, if you use RPM based distros search pcre-devel package, in BSD based search in ports or brew… Need libevent-dev, on RPM distros libevent-devel, Openssl-dev and openssl-devel. To compile and run OctopusWAF followRead More

X