Wprecon – A Vulnerability Recognition Tool In CMS WordPress, 100% Developed In Go

Hello! Welcome. Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Notice: Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner. Branch Dev Compile and Install Features Random Agent Detection WAF User Enumerator Plugin Scanner Theme Scanner TorRead More

Vulmap – Web Vulnerability Scanning And Verification Tools

Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulmap to detect whether the target has a specific vulnerability, and can use the vulnerability exploitation function to verify whether the vulnerabilityRead More

Fortiscan – A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool

(CVE-2018-13379) Exploitation Tool, You can use this tool to check the vulnerability in your FortiGate SSL-VPN. https://www.fortinet.com/blog/business-and-technology/fortios-ssl-vulnerability Usage v 0.6 File List ./fortiscan ip.txt Usage v 0.5 (One Liner to Initiate the Scan : Host|IP:Port(443 or 10443 or 8443) ./fortiscan Requirements Tested with Parrot & Debian Operating Systems and Windows 10 Download Fortiscan

Bulwark – An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira Integration Note Please keep in mind, this project is in early development. Launch with Docker Install Docker Create a .env file and supply the following properties: MYSQL_DATABASE=”bulwark”MYSQL_PASSWORD=”bulwark”MYSQL_ROOT_PASSWORD=”bulwark”MYSQL_USER=”root”MYSQL_DB_CHECK=”mysql”DB_PASSWORD=”bulwark”DB_URL=”″DB_ROOT=”root”DB_USERNAME=”bulwark”DB_PORT=3306DB_NAME=”bulwark”DB_TYPE=”mysql”NODE_ENV=”production”DEV_URL=”http://localhost:4200″PROD_URL=”http://localhost:5000″JWT_KEY=”changeme”JWT_REFRESH_KEY=”changeme”CRYPTO_SECRET=”changeme”CRYPTO_SALT=”changeme” Build and start Bulwark containers: docker-compose up -d Start/Stop Bulwark containers:Read More

Grype – A Vulnerability Scanner For Container Images And Filesystems

A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubuntu Find vulnerabilities for language-specific packages Ruby (Bundler) Java (JARs, etc)Read More

NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do “some” CVE checks, but this is primarily coming fromRead More

PwnXSS – Vulnerability XSS Scanner Exploit

A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSSchmod 755 -R PwnXSScd PwnXSSpython3 pwnxss.py –help Usage Basic usage: python3 pwnxss.py -u http://testphp.vulnweb.com Advanced usage: python3 pwnxss.py –help Main features crawling all links on a website ( crawler engine ) POSTRead More

CRLFuzz – A Fast Tool To Scan CRLF Vulnerability Written In Go

A fast tool to scan CRLF vulnerability written in Go Installation from Binary The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with $ curl -sSfL http://git.io/get-crlfuzz | sh -s — -b /usr/local/bin from Source If you have go1.13+ compiler installed and configured: $ GO111MODULE=on go getRead More

Faraday v3.12 – Collaborative Penetration Test and Vulnerability Management Platform

 There are better ways than managing vulnerabilities with spreadsheets, especially when you are working with several tools. We know it’s easy to lose trail of your efforts. In faraday you can keep track of your scanners and your team in one place, This update is focused on improving your everyday tasks in managing information. TheRead More