Category: Open Source Tool

REST API fuzzer

cats: REST API Fuzzer and negative testing tool

cats REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number of scenarios and cover...

discover endpoints

xnLinkFinder: discover endpoints for a given target

xnLinkFinder This is a tool used to discover endpoints for a given target. It can find them by: crawling a target (pass a domain/URL) crawling multiple targets (pass a file of domains/URLs) searching files...

Personal Identifiable Information scanner

Octopii: AI-powered Personal Identifiable Information scanner

Octopii Octopii is an open-source AI-powered Personal Identifiable Information (PII) scanner that can look for image assets such as Government IDs, passports, photos, and signatures in a directory. Working Octopii uses Tesseract’s Optical Character...

execute complete pentesting

rekono: Execute complete pentesting processes

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email...

risky open-source software packages

packj: detect malicious/risky open-source software packages

Packj flags malicious/risky open-source packages Packj (pronounced package) is a command-line (CLI) tool to vet open-source software packages for “risky” attributes that make them vulnerable to supply chain attacks. This is the tool behind...

REST API fuzzing tool

restler-fuzzer: first stateful REST API fuzzing tool

RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service...

ROP Gadget finder

ropr: blazing fast multithreaded ROP Gadget finder

ropr ropr is a blazing fast multithreaded ROP Gadget finder What is an ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which...

TerraformGoat

TerraformGoat: “Vulnerable by Design” multi cloud deployment tool

TerraformGoat TerraformGoat is HuoCorp research lab’s “Vulnerable by Design” multi-cloud deployment tool. Currently, supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Scenarios ID...

relaying attacks

pretender: relaying attacks featuring DHCPv6 DNS takeover

pretender pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily targets Windows hosts, as it is intended to be used...

web vulnerability lab

VulnLab: web vulnerability lab project

VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross-Site Scripting (XSS) Command Injection Insecure Direct Object References (IDOR) Cross-Site Request Forgery (CSRF) XML External Entity (XXE) Insecure Deserialization File Upload...

detects misconfigured MX records

mx-takeover: detects misconfigured MX records

mx-takeover mx-takeover focuses on DNS MX records and detects misconfigured MX records. It currently supports three-technique. These are, MX domains that will expire soon Unregistered MX domains Domains that point to not currently in...