JSPanda – Client-Side Prototype Pullution Vulnerability Scanner

JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries’ source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple payloads for prototype pollution vulnerability. Gathers all the links in the targets for scanning and add payloads toRead More

Plution – Prototype Pollution Scanner Using Headless Chrome

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: https://github.com/BlackFan/client-side-prototype-pollution/tree/master/pp What this is not This is not a one stop shop. PrototypeRead More

Reg1c1de – Registry Permission Scanner For Finding Potential Privesc Avenues Within Registry

Reg1c1de is a tool that scans specified registry hives and reports on any keys where the user has write permissions In addition, if any registry values are found that contain file paths with certain file extensions and they are writeable, these will be reported as well. More information on this tool and it’s use canRead More

Red-Shadow – Lightspin AWS IAM Vulnerability Scanner

Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups discovered by Lightspin’s Security Research Team. The tool detects the misconfigurations in the following IAM Objects: Managed Policies Users Inline Policies Groups Inline Policies Roles Inline Policies Research Summary AWS IAM evaluation logic forRead More

BlobHunter – Find Exposed Data In Azure With This Public Blob Scanner

An opensource tool for scanning Azure blob storage accounts for publicly opened blobs. BlobHunter is a part of “Hunting Azure Blobs Exposes Millions of Sensitive Files” research: https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files Overview BlobHunter helps you identify Azure blob storage containers which store files that are publicly available to anyone with an internet connection. The tool will help mitigateRead More

FireStorePwn – Firestore Database Vulnerability Scanner Using APKs

fsp scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication. If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill. Install fsp sudo wget https://raw.githubusercontent.com/takito1812/FireStorePwn/main/fsp -O /bin/fspsudo chmod +x /bin/fsp Running fsp Scanning an APK withoutRead More

APSoft-Web-Scanner-v2 – Powerful Dork Searcher And Vulnerability Scanner For Windows Platform

APSoft Webscanner Version 2 new version of APSoft Webscanner Version 1 Software pictures What can i do with this ? with this software, you will be able to search your dorks in supported search engines and scan grabbed urls to find their vulnerabilities. in addition , you will be able to generate dorks, scan urlsRead More

DLLHSC – DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking

DLL Hijack SCanner – A tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking Contents of this repository This repository hosts the Visual Studio project file for the tool (DLLHSC), the project file for the API hooking functionality (detour), the project file for the payload and last but notRead More

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner. Note: AWSS is the older name of ASST Introduction Web applications have become an integral part of everyday life, but many of these applications are deployed with critical vulnerabilities that can be fatally exploited. As the technology used to develop theseRead More

Zmap – A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes. ZMapRead More

X