HttpDoom – A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface

Validate large HTTP-based attack surfaces in a very fast way. Heavily inspired by Aquatone. Why? When I utilize Aquatone to flyover some hosts, I have some performance issues by the screenshot feature, and the lack of extension capabilities – like validating front-end technologies with a plugin-like system -, also, my codebase is mainly C# andRead More

Social-Analyzer – API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)

An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0Read More

Packer-Fuzzer – A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call, which is also convenient for us to quickly discoverRead More

Scripthunter – Tool To Find JavaScript Files On Websites

[*] Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpost Setup To install scripthunter, clone this repository.Read More

Gitjacker – Leak Git Repositories From Misconfigured Websites

Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only. Installation curl -s “https://raw.githubusercontent.com/liamg/gitjacker/master/scripts/install.sh” | bash …or grab a precompiled binary. You will needRead More

ReconSpider – Most Advanced Open Source Intelligence (OSINT) Framework For Scanning IP Address, Emails, Websites, Organizations

ReconSpider is most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations and find out information from different sources.ReconSpider can be used by Infosec Researchers, Penetration Testers, Bug Hunters and Cyber Crime Investigators to find deep information about their target.ReconSpider aggregate all the raw data, visualize it on a dashboard andRead More

Sitedorks – Search Google/Bing/DuckDuckGo/Yandex/Yahoo For A Search Term With Different Websites

Search Google, Bing, Yahoo or Yandex for a search term with different websites. A default list is already provided, which contains Github, Gitlab, Surveymonkey, Trello etc etc. Currently, a default list of 231 dorkable websites is available. Current categories on file are: analysis(10) cloud(34) code(35) comm(27) companies(3) docs(36) edu(2) forms(11) orgs(11) other(4) remote(1) shortener(15) social(39)Read More

Formphish – Auto Phishing Form-Based Websites

Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page.Features: Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Formphish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws.Read More

Git-Scanner – A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public

This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of the .git repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list. Installation – git clone https://github.com/HightechSec/git-scanner- cd git-scanner- bash gitscanner.shRead More

Bing-Ip2Hosts – Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. DescriptionBing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to search engines – it allows searching by IP address. Bing-ip2hostsRead More

X