Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some "XSS Vulnerability" Challenges And Bypass Examples

This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic XSS validation bypass Double encode bypass of WAF to exploit XSS Exploiting XSS by bypassing escape characters Quick Start Using Docker Using docker hub (Quickest): ToRead More

Nightingale – Docker Environment For Pentesting Which Having All The Required Tool For VAPT

In today’s technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber security, DevOps, Automation, or Infrastructure. Considering the demand of the industry, I would like to introduce my idea to create a NIGHTINGALE: docker image for pentesters. This docker image is ready to use environment willRead More

PEzor-Docker – With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!

With the help of this kali linux image, you can easily access PEzor on your system! Basically, this image is built from the kalilinux/kali-rolling image and then the PEzor shellcode and PE packer is installed on top of it. Sometimes, it’s vital to have access to PEzor, specially in a post exploit phase, but installingRead More

Dive – A Tool For Exploring Each Layer In A Docker Image

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run dive with an image tag/id/digest: dive <your-image-tag> or if you want to build your image then jump straight into analyzing it: dive build -t <some-tag> . Building onRead More

RAUDI – A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions

RAUDI (Regularly and Automatically Updated Docker Images) automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers. What is RAUDI RAUDI is what will save you from creating and managing a lot of Docker Images manually. Every time a software is updated youRead More

Web-Hacking-Toolkit – A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support

A multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support. Installation Docker Pull the image from Docker Hub: docker pull signedsecurity/web-hacking-toolkit Run a container and attach a shell: docker run –rm -it –name web-hacking-toolkit signedsecurity/web-hacking-toolkit /usr/bin/zsh Docker Compose Docker-Compose can also be used. version: “3.9”services: web-hacking-toolkit: image: signedsecurity/web-hacking-toolkit container_name: web-hacking-toolkit hostname: web-hacking-toolkitRead More

Gorsair – Hacks Its Way Into Remote Docker Containers That Expose Their APIs

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk, as it can let malicious agents get informationRead More

Dwn – D(Ockerp)Wn – A Docker Pwn Tool Manager

dwn is a “docker-compose for hackers”. Using a simple YAML “plan” format similar to docker-compose, image names, versions and volume / port mappings are defined to setup a tool for use. features With dwn you can: Configure common pentest tools for use in a docker container Have context aware volume mounts Dynamically modify port bindingsRead More

Redcloud – Automated Red Team Infrastructure Deployement Using Docker

Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud’s speed for your tools. Deploys in minutes. Use and manage it with its polished web interface. Ideal for your penetration tests, shooting ranges, red teaming and bug bounties! Self-host your attack infrastructure painlessly, deploy yourRead More

BugBountyScanner – A Bash Script And Docker Image For Bug Bounty Reconnaissance

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output. Helpful? BugBountyScanner helped you net a bounty? Description Note: Using the script over a VPN is highly recommended. It’s recommended to run BugBountyScanner from a server (VPS or home server), and not from yourRead More