Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More

Intelspy – Perform Automated Network Reconnaissance Scans

Perform automated network reconnaissance scans to gather network intelligence.IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more.The tool will also launch further enumeration scans for each detected serviceRead More

Httpgrep – Scans HTTP Servers To Find Given Strings In URIs

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H–==[ httpgrep by nullsecurity.net ]==–usage httpgrep -h <args> -s <arg> [opts] | <misc>opts -h <hosts|file> – single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24, /tmp/hosts.txt -p <port> – port to connect to (default: 80)Read More

Extended-XSS-Search – Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as “xssfinder”. This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel.First stepsRename the example.app-settings.conf to app-settings.conf and adjust the settings. It should work out ofRead More

X