REcollapse REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information,...
Katana A next-generation crawling and spidering framework Feature Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control – Preconfigured field / Regex Customizable output – Preconfigured fields INPUT – STDIN, URL and LIST...
FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web...
Pinkerton Pinkerton is a Python tool created to crawl JavaScript files and search for secrets. Features Works with ProxyChains Fast scan Low RAM and CPU usage Open-Source Add more secrets regex pattern Improve the...
kanha Kanha is a tool that can help you perform, a variety of attacks based on the target domain. With just kanha, you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more. The project...
dummy Generator of static files for testing file upload functionality. When generating a png, as in the following screenshot, you can generate a png of a specified size. Motivation I often test the file...
PeCoReT PeCoReT (Pentest Collaboration and Reporting Tool) is an open-source application to manage your pentest projects. PeCoReT allows pentesters to focus on testing instead of writing the report. It can be customized and once...
Damn Vulnerable RESTaurant An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers, and security engineers. The idea of the project is to provide an environment that can...
Sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, and attacking signed tokens: Django TimestampSigner, ItsDangerous Signer, Express cookie-session middleware, OAuth2 Proxy, and Tornado’s signed cookies. It provides automatic detection and in-line editing of tokens within HTTP...
XnlReveal This is a Chrome Extension that can do the following: Show an alert for any query parameters that are reflected. Show the Wayback Archive endpoints for the path visited Show any hidden elements on the...
GAP This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters...
WPProbe is a fast and efficient WordPress plugin scanner that leverages REST API enumeration (?rest_route) to detect installed plugins without brute-force. Unlike traditional scanners that hammer websites with requests, WPProbe takes a smarter approach by querying the exposed REST API....
OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use...
SQLMap Command Generator is a web-based application designed to assist penetration testers and security enthusiasts in generating SQLMap commands with various options for testing SQL injection vulnerabilities. It provides an easy-to-use interface where users...
Cloud Privilege Escalation Awesome Script Suite The current goal of Cloud PEASS is simple: Once you manage to get some credentials to access Azure, GCP or AWS, use different techniques to get the permissions the principal has and highlight...
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Feature A curated list...
