Scan4All – Vuls Scan: 15000+PoCs; 21 Kinds Of Application Password Crack; 7000+Web Fingerprints; 146 Protocols And 90000+ Rules Port Scanning; Fuzz, HW, Awesome BugBounty…

What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。red team tools Code-level optimization, parameter optimization, and individual modules, such as vscan filefuzz, have been rewritten for these integrated projects. In principle, do not repeat the wheel, unless there are bugs, problems Cross-platform: based on golang implementation, lightweight, highly customizable, open source,Read More

Authcov – Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different user account, the “intruder”, and attempts toRead More

AutoPWN Suite – Project For Scanning Vulnerabilities And Exploiting Systems Automatically

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. How does it work? AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database.Read More

CRLFsuite – Fast CRLF Injection Scanning Tool

CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone$ cd CRLFsuite$ sudo python3 install$ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported Concurrency Best Payloads list Headers supported Fast and efficient scanning with negligible false-positive Usage Single URL scanning: $Read More

Ostorlab – A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the process less painful withRead More

Skrull – A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It’s a proof-of-concept of the talk of ROOTCON & HITCON 2021, checkRead More

ChopChop – ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers. “Chop chop” is a phraseRead More

Xmap – A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the “5 minutes” probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes. WithRead More

Vailyn – A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python

Vailyn Phased Path Traversal & LFI Attacks Vailyn 3.0 Since v3.0, Vailyn supports LFI PHP wrappers in Phase 1. Use –lfi to include them in the scan. About Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal and file inclusion vulnerabilities. It is built to make it as performant as possible, andRead More

PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool

Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration. Example scan of ““: Scanned subdomain, IPs and ports Grabbed banner for each IP and port whoisRead More