System Informer – A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website – Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow youRead More

Packj – Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. How to use Packj accepts two input args: name of theRead More

WSVuls – Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More

Php-Malware-Finder – Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator nano novahot phpencode tenncRead More

Combobulator – Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven). Intended Audiences The framework can beRead More

Http2Smugl – Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion

This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. The request is (presumably) converted to HTTP/1.1 and transmitted toRead More

Log4J-Detect – Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the “Log4j” Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script “log4j-detect.py” developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of theRead More

SyntheticSun – A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glassWith reflections of you,But are you feeling alive?Yeah let me ask you,Are you feeling alive?– Norma Jean, 2016 Synopsis Uses event-Read More

Jsleak – A Go Code To Detect Leaks In JS Files Via Regex Patterns

jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it’s built for this, you can use it to identify anything as long as you have a regex pattern for it. How to install Directly: {your package manager} install pkg-config libpcre++-devgo get github.com/0xTeles/jsleak/v2/jsleak Compiled: release page How to use UsageRead More

Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records

This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over. a dangling CNAME pointing to a non-existent domain name one or more wrong/typoed NS records pointing to a nameserverRead More

X