Scan4All – Vuls Scan: 15000+PoCs; 21 Kinds Of Application Password Crack; 7000+Web Fingerprints; 146 Protocols And 90000+ Rules Port Scanning; Fuzz, HW, Awesome BugBounty…

What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。red team tools Code-level optimization, parameter optimization, and individual modules, such as vscan filefuzz, have been rewritten for these integrated projects. In principle, do not repeat the wheel, unless there are bugs, problems Cross-platform: based on golang implementation, lightweight, highly customizable, open source,Read More

Admin-Panel_Finder – A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)

A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration and Deployment Management Testing OTG v4: OWASP OTG-CONFIG-005 WSTG: WSTG-CONF-05 Why should I use this extension? Multi-thread Different and configurable levels of test. Includable status codes Excludable status codes More than 1000 built-in payloads. YouRead More

BWASP – BoB Web Application Security Project

The BoB Web Application Security Project (BWASP) is an open-source, analysis tool to support for Web Vulnerability Manual Analysis hackers. The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack. BWASP supports performing automated analysis and manual analysis. The BWASP Project supports: Find Attack vector automatically. (e.g. SQL Injection, Cross-siteRead More

Spring4Shell-POC – Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello worldRead More

Spock SLAF – A Shared Library Application Firewall "SLAF"

Spock SLAF is a Shared Library Application Firewall “SLAF”. It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks like buffer overflow, path traversal, XXE and SQL injection. So to detect anomalies, Spock uses DeterministicRead More

OWASP Coraza WAF – A Golang Modsecurity Compatible Web Application Firewall Library

Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset.     Prerequisites Linux distribution (Debian and Centos are recommended, Windows is not supported yet) Golang compiler v1.16+ Migrate from v1 Rollback SecAuditLog to theRead More

Boko – Application Hijack Scanner For macOS is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for application executables, as well as scripts an application may use that have the potential to be backdoored. The tool also calls out interesting files and lists them instead of manually browsing the file system forRead More

Shellcodetester – An Application To Test Windows And Linux Shellcodes

This tools test generated ShellCodes. Usage Exemple ShellCode Tester Linux Instalation git clone shellcodetester/Linuxmake Usage Without break-point: shellcodetester [file.asm] With break-point (INT3). The break-point will be inserted before our generated shellcode: shellcodetester [file.asm] –break-point Download Shellcodetester

Ninjasworkout – Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo => run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex Implementation Race Condition CSRF -Cross Site Request Forgery Weak Bruteforce ProtectionRead More

SourceLeakHacker – A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage  dictionary scale –output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss –threads THREADS, -t THREADS threads numbers, default: 4 –timeout TIMEOUT HTTP request timeout –level {CRITICAL,ERROR,WARNING,INFO,DEBUG}, -v {CRITICAL,ERROR,WARNING,INFO,DEBUG} log level –version, -V show program’s version number and exit “> usage: [options]optional arguments: -h,Read More