SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features Supported PHP Language Supported YAML Language Pass results to bug tracking services like JiraRead More
Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install the project using pipx pipx install git+https://github.com/puzzlepeaches/msprobe.git Usage The toolRead More
Zed Attack Proxy Scripts for finding CVEs and Secrets. Building This project uses Gradle to build the ZAP add-on, simply run: ./gradlew build in the main directory of the project, the add-on will be placed in the directory build/zapAddOn/bin/. Usage The easiest way to use this repo in ZAP is to add the directory toRead More
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants). Fuzzing for HTTP GET and POST methods. Automatic validation of the vulnerability upon discovery. Randomized and non-intrusive payloads. WAFRead More
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools). Fuzzing for HTTP POST Data parameters. Fuzzing for JSON data parameters. Supports DNS callback for vulnerability discovery and validation. WAF BypassRead More
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing strategy is in our paper, “FUSE: Finding File Upload Bugs via Penetration Testing”, which appeared in NDSS 2020. To see how to configure and execute FUSE, see the followings. Setup Install FUSE currently works onRead More
Reg1c1de is a tool that scans specified registry hives and reports on any keys where the user has write permissions In addition, if any registry values are found that contain file paths with certain file extensions and they are writeable, these will be reported as well. More information on this tool and it’s use canRead More
Go scripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example keyword.txt passwordusernamekeysaccess_keys Reference https://github.com/odomojuli/RegExAPI Download Git-Secret
This is “flawfinder” by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more generally. It is designed to beRead More
An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0Read More
