BatchQL – GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations

BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however no tool to perform GraphQL batching attacks.Read More

Solr-GRAB – Steal Apache Solr Instance Queries With Or Without A Username And Password

Steal Apache Solr instance Queries with or without a username and password. DISCLAIMER: This project should be used for authorized testing and educational purposes only. Download git clone https://github.com/GnosticPlayers/Solr-GRAB Usage You can search for Apache Solr Instances via Censys, with the dork “Welcome To Solr” or “Apache Solr Admin”. To grab queries, simply go toRead More

Dnspeep – Spy On The DNS Queries Your Computer Is Making

dnspeep lets you spy on the DNS queries your computer is making. Here’s some example output: $ sudo dnspeepquery name server IP responseA incoming.telemetry.mozilla.org 192.168.1.1 CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com, A: 52.39.144.189, A: 54.191.136.131, A: 34.215.151.143, A: 54.149.208.57, A: 44.226.235.191, A: 52.10.174.113, A: 35.160.138.173, A: 44.238.190.78AAAA incoming.telemetry.mozilla.org 192.168.1.1 CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.comA www.google.com 192.168.1.1 A: 172.217.13.132AAAARead More

Cypheroth – Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound’s Neo4j Backend And Saves Output To Spreadsheets

Automated, extensible toolset that runs cypher queries against Bloodhound’s Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries through the Neo4j web interface on multiple assessments and figured there must beRead More

DNSx – A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers. dnsx is successor of dnsprobe that includes new features, multiple bugs fixes, and tailored for better user experience, few notable flagsRead More

Mihari – A Helper To Run OSINT Queries & Manage Results Continuously

Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting. How it works Mihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs and hashes) from the results. Mihari checks whether a DB (SQLite3 or PostgreSQL)Read More

DNSProbe – A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers

DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. Features Simple and Handy utility to query DNS records. Usage dnsprobe -h This will display help for the tool. Here are all the switches it supports. Flag DescriptionRead More

X