XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scriptsRead More

Packer-Fuzzer – A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call, which is also convenient for us to quickly discoverRead More

Js-X-Ray – JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you to have aRead More

Webscan – Browser-based Network Scanner And local-IP Detection

webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate timeouts (TCP RSTRead More

Tfsec – Security Scanner For Your Terraform Code

tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. Example Output Installation Install with brew/linuxbrew: brew install tfsec Install with Chocolatey: choco install tfsec You can also grab the binary for your system from the releases page. Alternatively, install with Go: go get -u github.com/tfsec/tfsec/cmd/tfsec UsageRead More

Kraken – Cross-platform Yara Scanner Written In Go

Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD and Linux. It is primarily intended for incident response, research and ad-hoc detections (not for endpoint protection). Following are the core features: Scan running executables and memory of running processes with provided Yara rules (leveraging go-yara). Scan executables installed forRead More

Webshell-Analyzer – Web Shell Scanner And Analyzer

Web shell analyzer is a cross platform stand-alone binary built solely for the purpose of identifying, decoding, and tagging files that are suspected to be web shells. The web shell analyzer is the bigger brother to the web shell scanner project (http://github.com/tstillz/webshell-scan), which only scans files via regex, no decoding or attribute analysis. Disclaimer TheRead More

Grype – A Vulnerability Scanner For Container Images And Filesystems

A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubuntu Find vulnerabilities for language-specific packages Ruby (Bundler) Java (JARs, etc)Read More

Nuubi Tools – Information Ghatering, Scanner And Recon

Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/–help | Show help message and exitArguments: -b/–banner | Banner grabing of target ip address -s/–subnet | Subnetlookup of target -c/–cms | Cms detect with headers -d/–dns | Dnslookup of target domain -e/–extract | Extract links from target url(https/http) -H/–http | Httpheaders of target url -n/–nmap | Nmapscan of target domainRead More

X