Category: Open Source Tool

SSTI detection tool

SSTImap: About Automatic SSTI detection tool

SSTImap SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to...

BloodHound Attack

BARK: BloodHound Attack Research Kit

BloodHound Attack Research Kit BARK stands for BloodHound Attack Research Kit. It is a PowerShell script built to assist the BloodHound Enterprise team with researching and continuously validating abuse primitives. BARK currently focuses on...

Vulnerable AWS Infrastructure

AWSGoat: Damn Vulnerable AWS Infrastructure

Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire...

detect SQL injection Error based

SQLiDetector: detect SQL injection Error based

SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...

Android Botnet malicious applications

appshark: scan vulnerabilities in an Android app

AppShark Appshark is a static analysis tool for Android apps. Its goal is to analyze very large apps (Douyin currently has 1.5 million methods). Appshark supports the following features: JSON-based customized scanning rules to...

XSS exploitation

toxssin: POST-XSS exploitation tool

toxssin toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by...

execute arbitrary javascript

jscythe: execute arbitrary javascript code

jscythe jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any...