Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials. URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once. KeyRead More
This tools test generated ShellCodes. Usage Exemple ShellCode Tester Linux Instalation git clone https://github.com/helviojunior/shellcodetester.gitcd shellcodetester/Linuxmake Usage Without break-point: shellcodetester [file.asm] With break-point (INT3). The break-point will be inserted before our generated shellcode: shellcodetester [file.asm] –break-point Download Shellcodetester
We present a framework to more easily perform Wi-Fi experiments. It can be used to create fuzzers, implement new attacks, create proof-of-concepts to test for vulnerabilities, automate experiments, implement test suites, and so on. The main advantage of the framework is that it allows you to reuse Wi-Fi functionality of Linux to more easily implementRead More
Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. While Haptyc accomplishes these goals fairly well it also introduces a simpler way to express test sequences in general. While this library was meant to target Turbo Intruder it has no hard dependencies on TurboRead More
Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support (SOCKS4 / SOCKS5) with automatic proxy-scraper and checker, e-mail delivery / inbox check and DNS lookup for unknown SMTP-hosts. Made for easy usage and always working! Overview Legal Notices You are ONLY allowed to use the following code for educational purposes! Mail.RipRead More
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims (kid, jku, x5u) Verify a token Retrieve the public key of your target’s ssl connection and try to use it in a key confusionRead More
Created by David French (@threatpunter) at Elastic Security Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and actions that security teams should be able to audit. TheRead More
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. If this is not properly configured, unauthorised domains can access to those resources. What isRead More
A script to test credentials against Active Directory Federation Services (ADFS), calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list of proxies or Tor to make the detectionRead More
An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let’s say you defined 2 payloads, 3 encoders (Base64, JSON, and URLencode) and 1 placeholder (HTTP GET variable). In thisRead More
