Canadian Furious Beaver – A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: the “Broker” combines both a user-land agent and a self-extractable driver (IrpDumper.sys) that will install itself on the targeted system. Once running it will expose (depending on the compilation options) a remote named pipe (reachable fromRead More

Webstor – A Script To Quickly Enumerate All Websites Across All Of Your Organization’S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities

  WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your organization’s networks, storing their responses, and querying for known web technologies and versions, such as those with zero-day vulnerabilities. It is intended, in particular, to solve the unique problem presented in mid to largeRead More

DongTai – An Interactive Application Security testing(IAST) Product That Supports The Detection Of OWASP WEB TOP 10 Vulnerabilities, Multi-Request Related Vulnerabilities (Including Logic Vulnerabilities, Unauthorized Access Vulnerabilities, Etc.), Third-Party Component Vulnerabilities, Etc.

中文版本(Chinese version) About DongTai IAST DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java andRead More

Bugs-feed – A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities…

Bug’s feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities… It’s implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search in allRead More

CamRaptor – Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. Features Exploits vulnerabilities in most popular camera models such as Novo, CeNova and QSee. Optimized to exploit multiple cameras at one time from list with threading enabled. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/CamRaptor Basic usageRead More

Dent – A Framework For Creating COM-based Bypasses Utilizing Vulnerabilities In Microsoft’s WDAPT Sensors

More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This framework generates code to exploit vulnerabilties in Microsoft Defender Advanced Threat Protection’s Attack Surface Reduction (ASR) rules to execute shellcode without being detected or prevented. ASR was designed to be theRead More

Php_Code_Analysis – San your PHP code for vulnerabilities

This script will scan your code the script can find check_file_upload issues host_header_injection SQl injection insecure deserialization open_redirect SSRF XSS LFI command_injection features fast simple report usage: python code.py <file name> >>> this will scan one filepython code.py >>> this will scan full folder (.)python code.py <path> >>> scan full folder Download Php_Code_Analysis

DNSObserver – A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends notifications with the received request’s details via Slack. DNSObserver can help you find bugs such as blind OS command injection, blind SQLi, blind XXE, and manyRead More

Nginxpwner – Tool to look for common Nginx misconfigurations and vulnerabilities

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. Install: cd /optgit clone https://github.com/stark0de/nginxpwnercd nginxpwnerchmod +x install.sh./install.sh Usage: Target tab in Burp, select host, right click, copy all URLs in this host, copy to a filecat urllist | unfurl paths | cut -d”/” -f2-3 | sort -u > /tmp/pathlist Or getRead More

Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities

VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability databases, which in itself does not make sense becauseRead More

X