firefly: advanced black-box fuzzer
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in...
Category: Web AppSec
ghauri: automates the process of detecting and exploiting SQL injection
Ghauri An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Features Supports the following types of injection payloads: Boolean based. Error Based Time-Based Stacked Queries Support SQL...
faction: Pen Test Report Generation and Assessment Collaboration
FACTION PenTesting Report Generation and Collaboration Framework FACTION is your entire assessment workflow in a box. With FACTION you can: Automate pen testing and security assessment Reports Peer review and track changes for reports...
cloud_enum: Multi-cloud OSINT tool
cloud_enum Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. Currently enumerates the following: Amazon Web Services: Open / Protected S3 Buckets awsapps (WorkMail, WorkDocs, Connect, etc.) Microsoft Azure: Storage Accounts...
GraphQLer: The Smart, Schema-Aware GraphQL API Security Tester
GraphQLer GraphQLer is a cutting-edge tool designed to dynamically test GraphQL APIs with a focus on awareness. It offers a range of sophisticated features that streamline the testing process and ensure robust analysis of...
webcopilot – All-in-One Web Vulnerability Scanner: Find XSS, SQLi, RCE, and More
WebCopilot WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerates all the subdomains of the given target domain using assetfinder, sublister,...
jwt_tool: A toolkit for testing, tweaking and cracking JSON Web Tokens
The JSON Web Token Toolkit jwt_tool.py is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for known exploits: (CVE-2015-2951) The alg=none signature-bypass vulnerability...
Bypass Url Parser: Tests MANY url bypasses to reach a 40X protected page
Bypass Url Parser Tool that tests MANY url bypasses to reach a 40X protected page. If you wonder why this code is nothing but a dirty curl wrapper, here’s why: Most of the Python...
SQLiDetector: Python Script Simplifies Error-Based SQL Injection Detection
SQLiDetector Simple Python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
reconftw: automates the entire process of reconnaissance
reconftw reconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. reconFTW uses a lot of techniques...
jSQL Injection: Java application for automatic SQL database injection
jSQL Injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the...
SubProber: powerful and efficient subdomain scanning tool
Subprober – A Fast Multi-Purpose Http Probing Tool for Penetration Testing Subprober is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new...
BrowserBruter: A powerful web form fuzzing automation tool
The Browser-Bruter The Browser-Bruter is the first ever browser-based automated web pentesting tool for fuzzing web forms by controlling the browser it self. It automates the process of sending payloads to input fields of the browser...
AzurEnum: Enumerate some Entra ID (formerly Azure AD) stuff fast
AzurEnum Enumerate some Entra ID (formerly Azure AD) stuff fast, including: General information such as number of users, groups, apps, Entra ID license, tenant ID … General security settings such as group creation, consent...
jsluice++: Burp Suite extension designed for passive and active scanning of JavaScript traffic
jsluice++ jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice. The extension utilizes jsluice’s capabilities to extract URLs, paths, and secrets from static JavaScript...
LogSnare: testing IDOR, broken access controls, and logging in Go
LogSnare LogSnare is an intentionally vulnerable web application, where your goal is to go from a basic gopher user of the LogSnare company to the prestigious acme-admin of Acme Corporation. The application, while hosting multiple vulnerabilities,...
