S3Sec – Check AWS S3 Instances For Read/Write/Delete Access

Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs. Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot 🙂 Installation CloneRead More

DNSTake – A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted.Read More

Keimpx – Check For Valid Credentials Across A Network Over SMB

keimpx is an open source tool, released under the Apache License 2.0. It can be used to quickly check for valid credentials across a network over SMB. Credentials can be: Combination of user / plain-text password. Combination of user / NTLM hash. Combination of user / NTLM logon session token. If any valid credentials areRead More

Confused – Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems

A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python (pypi) requirements.txt, JavaScript (npm) package.json, PHP (composer) composer.json or MVN (maven) pom.xml. What is this all about? On 9th of February 2021, a security researcher Alex Birsan published an article that touched different resolve order flaws inRead More

Sub404 – A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or urllib methodRead More

JWT Key ID Injector – Simple Python Script To Check Against Hypothetical JWT Vulnerability

Simple python script to check against hypothetical JWT vulnerability. Let’s say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.zbgd5BNF1cqQ_prCEqIvBTjSxMS8bDLnJAE_wE-0Cxg Above token can be decoded to the following data: { “alg”: “HS256”, “typ”: “JWT”}{ “sub”: “1234567890”, “name”: “John Doe”, “iat”: 1516239022} To calculate signature theRead More

PatchChecker – Web-based Check For Windows Privesc Vulnerabilities

This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application (running on flask) that provides output similar to that of Watson. However by using PatchChecker, one is not required to execute a binary on the target machine. Included in this project is also a web scraper thatRead More