DNSObserver – A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends notifications with the received request’s details via Slack. DNSObserver can help you find bugs such as blind OS command injection, blind SQLi, blind XXE, and manyRead More

Gotestwaf – Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let’s say you defined 2 payloads, 3 encoders (Base64, JSON, and URLencode) and 1 placeholder (HTTP GET variable). In thisRead More

Vulnx v2.0 – An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (WordPress , Joomla , Drupal , Prestashop …)

Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target websiteRead More

Extended-XSS-Search – Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as “xssfinder”. This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel.First stepsRename the example.app-settings.conf to app-settings.conf and adjust the settings. It should work out ofRead More

Mimir – Smart OSINT Collection Of Common IOC Types

Smart OSINT collection of common IOC types. OverviewThis application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledgeRead More