WSVuls – Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More

Php-Malware-Finder – Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator nano novahot phpencode tenncRead More

Combobulator – Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven). Intended Audiences The framework can beRead More

Http2Smugl – Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion

This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. The request is (presumably) converted to HTTP/1.1 and transmitted toRead More

Log4J-Detect – Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the “Log4j” Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script “log4j-detect.py” developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of theRead More

SyntheticSun – A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glassWith reflections of you,But are you feeling alive?Yeah let me ask you,Are you feeling alive?– Norma Jean, 2016 Synopsis Uses event-Read More

Jsleak – A Go Code To Detect Leaks In JS Files Via Regex Patterns

jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it’s built for this, you can use it to identify anything as long as you have a regex pattern for it. How to install Directly: {your package manager} install pkg-config libpcre++-devgo get github.com/0xTeles/jsleak/v2/jsleak Compiled: release page How to use UsageRead More

Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records

This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over. a dangling CNAME pointing to a non-existent domain name one or more wrong/typoed NS records pointing to a nameserverRead More

HoneyCreds – Network Credential Injection To Detect Responder And Other Network Poisoners

HoneyCreds network credential injection to detect responder and other network poisoners.  Requirements Requires Python 3.6+ (tested on Python 3.9)smbprotocolcffisplunk-sdk Installation git clone https://github.com/Ben0xA/HoneyCreds.gitcd HoneyCredspip3 install -r requirements.txt Running python3 honeycreds.py Settings It is advised that you change these settings to best suit your environment. Note: You can use an existing account, just change the password.Read More

Typodetect – Detect The Active Mutations Of Domains

This tool gives blue teams, SOC’s, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TLDs (Top Level Domains) published on the IANARead More

X