autoSSRF – Smart Context-Based SSRF Vulnerabiltiy Scanner

autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSRF (?url=, ?uri=, ..) and doesn’t interfere with everything else.Read More

Bopscrk – Tool To Generate Smart And Powerful Wordlists

bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists for targeted attacks. Included in BlackArch Linux pentesting distribution and Rawsec’s Cybersecurity Inventory since August 2019.  Targeted-attack wordlist creator: introduce personal info related to target, combines every word and transforms results into possible passwords. The lyricpass module allows to search lyricsRead More

Ghidra-Evm – Module For Reverse Engineering Smart Contracts

In the last few years, attacks on deployed smart contracts in the Ethereum blockchain have ended up in a significant amount of stolen funds due to programming mistakes. Since smart contracts, once compiled and deployed, are complex to modify and update different practitioners have suggested the importance of reviewing their security in the blockchain whereRead More

Extended-SSRF-Search – Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get…

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters). First stepRename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp collaborator. Then you can add your urls to config/url-to-test.txt. Here the script acceptsRead More

Mimir – Smart OSINT Collection Of Common IOC Types

Smart OSINT collection of common IOC types. OverviewThis application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledgeRead More

X