This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information. The second phase has a different approach to common lessons of theRead More
What is sandfly-entropyscan? sandfly-entropyscan is a utility to quickly scan files or running processes and report on their entropy (measure of randomness) and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed or encrypted and shows very high entropy. This tool can quickly find high entropy executable files and processesRead More
Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| S|Q|L|i| |D|e|t|e|c|t|o|r|| Coded By: Eslam Akl @eslam3kll & Khaled Nassar @knassar702| Version: 1.0.0| Blog: eslam3kl.medium.com+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Description The main idea for the toolRead More
Strengthen the security posture of your GitHub organization! Detect and remediate misconfigurations, security and compliance issues across all your GitHub assets with ease Installation You can download the latest legitify release from https://github.com/Legit-Labs/legitify/releases, each archive contains: Legitify binary for the desired platform Built-in policies provided by Legit Security From source with the following steps:Read More
System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website – Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow youRead More
Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. How to use Packj accepts two input args: name of theRead More
WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator nano novahot phpencode tenncRead More
Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven). Intended Audiences The framework can beRead More
This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. The request is (presumably) converted to HTTP/1.1 and transmitted toRead More
