Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different user account, the “intruder”, and attempts toRead More
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. How does it work? AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database.Read More
CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git$ cd CRLFsuite$ sudo python3 setup.py install$ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported Concurrency Best Payloads list Headers supported Fast and efficient scanning with negligible false-positive Usage Single URL scanning: $Read More
The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the process less painful withRead More
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It’s a proof-of-concept of the talk of ROOTCON & HITCON 2021, checkRead More
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers. “Chop chop” is a phraseRead More
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the “5 minutes” probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes. WithRead More
Vailyn Phased Path Traversal & LFI Attacks Vailyn 3.0 Since v3.0, Vailyn supports LFI PHP wrappers in Phase 1. Use –lfi to include them in the scan. About Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal and file inclusion vulnerabilities. It is built to make it as performant as possible, andRead More
Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration. Example scan of “www.ccc.de“: Scanned subdomain, IPs and ports Grabbed banner for each IP and port whoisRead More
Script For AutomRDPatic Scanning And Brute-Force. Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. The script is tuned for Kali linux 2.0, Kali linux 2016.2 и Kali linux 2017.1, 2017.2 systemsRead More
