Cdb – Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications From The Command-Line And Actively Monitor And Intercept HTTP Requests And Responses

Pown CDB is a Chrome Debug Protocol utility. The main goal of the tool is to automate common tasks to help debug web applications from the command-line and actively monitor and intercept HTTP requests and responses. This is particularly useful during penetration tests and other types of security assessments and investigations. Credits This tool isRead More

WebView2-Cookie-Stealer – Attacking With WebView2 Applications

Please read this blog post to get more information. Source Code This code is a modified version of Microsoft’s WebView2 Code. The current code can be cleaned up and made much better. Demo Launch Example Usage Example Usage Tested on Windows 10 & 11. When the binary is executed https://office.com/login is loaded up. A JavaScriptRead More

MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the same host, in which caseRead More

DOMDig – DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively. Unlike other scanners, DOMDig can crawl any webapplication (including gmail) by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a real user interaction by firing events. During this process,Read More

NodeSecurityShield – A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

A Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder. To achieveRead More

Njsscan – A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Your Node.js Applications

njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Installation pip install njsscan Requires Python 3.6+ and supports only Mac and Linux Command Line Options $ njsscanusage: njsscan [-h] [–json] [–sarif] [–sonarqube]Read More

Mininode – A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine. Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializesRead More

Mariana Trench – Security Focused Static Analysis Tool For Android And Java Applications

Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our website. Prerequisites Mariana Trench requires a recent versionRead More

Vimana – An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications

Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks (in addition to the generic ones for web), trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework emerged, is to identify, through a blackboxRead More

0D1N v3.4 – Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directory disclosure ( use PATH list to brute, andRead More

X