pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a file...
Cloud Privilege Escalation Awesome Script Suite The current goal of Cloud PEASS is simple: Once you manage to get some credentials to access Azure, GCP or AWS, use different techniques to get the permissions the principal has and highlight...
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Feature A curated list...
DLL Sideloading Scanner A lightweight PowerShell-based scanner designed to identify missing or unresolved DLLs, helping you detect potential DLL sideloading vulnerabilities on your Windows system. Features Dynamic Process Analysis 🔄 Scans all running processes and...
SessionProbe SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible,...
gubble gubble is a tool designed to audit Google Workspace group settings. It analyzes settings such as who can join, view membership, post messages, view conversations, and more to help identify potential security risks associated...
LEAKEY LEAKEY is a tool for validation of leaked API tokens/keys found during pentesting and Red Team Engagements. The script is really useful for Bug Hunters in order to validate and determine the impact...
Ingram This is a webcam device vulnerability scanning tool, that already supports Hikvision, Dahua, and other devices. Installation Firstly, clone this repo: git clone https://github.com/jorhelp/Ingram.git Then, go to the repo dir, create a virtual...
NucleiFuzzer = Nuclei + Paramspider NucleiFuzzer is an advanced automation tool designed to streamline and optimize web application security testing by integrating a suite of powerful URL discovery and vulnerability scanning tools. It combines...
TInjA – the Template INJection Analyzer TInjA is a CLI tool for testing web pages for template injection vulnerabilities. It supports 44 of the most relevant template engines (as of September 2023) for eight different programming languages. Features...
YATAS – Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won’t check for all best practices but only...
GPT_Vuln-analyzer This is a Proof Of Concept application that demonstrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT made...
JSpector JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs and endpoints found on the JS files. Prerequisites Before installing JSpector, you need to have Jython...
Callisto An Intelligent Automated Binary Vulnerability Analysis Tool Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the pseudo code output looking...
GCP Scanner This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a...
What is Akto? Akto is an instant, open source API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test...
