PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool

Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration. Example scan of “www.ccc.de“: Scanned subdomain, IPs and ports Grabbed banner for each IP and port whoisRead More

Vajra – A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks

An automated web hacking framework for web applications Detailed insight about Vajra can be found at https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8  About Vajra   Vajra is an automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing. Vajra has highly customizable target scope based scan feature. Instead of runningRead More

SnitchDNS – Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery of network traffic endpoints, and it can alsoRead More

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner. Note: AWSS is the older name of ASST Introduction Web applications have become an integral part of everyday life, but many of these applications are deployed with critical vulnerabilities that can be fatally exploited. As the technology used to develop theseRead More

Darkdump – Search The Deep Web Straight From Your Terminal

Darkdump is a simple script written in Python3.9 in which it allows users to enter a search term (query) in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump wraps up the darksearch.io API. Installation git clone https://github.com/josh0xA/darkdump cd darkdump python3 -m pip install -r requirements.txt python3Read More

Sigurlx – A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does …: Categorize URLs URLs’ categories: > endpoint > js {js} > style {css} > data {json|xml|csv} > archive {zip|tar|tar.gz} > doc {pdf|xlsx|doc|docx|txt} > media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff} Next, probe HTTP requests to the URLs for status_code, content_type, e.t.c Next, for every URL of category endpoint with aRead More

MyJWT – A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)

This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc… Check Documentation for more information. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy 🙂 Documentation Documentation is available at http://myjwt.readthedocs.io Features copy new jwt to clipboard user Interface (thanks questionary)Read More

Hack-Tools v0.3.0 – The All-In-One Red Team Extension For Web Pentester

The all-in-one Red Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads inRead More

X