Search the Community

Web Cache Vulnerability Scanner Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines. Features Support for 9 web cache poisoning techniques: Unkeyed header poisoning Unkeyed parameter poisoning Parameter cloaking Fat GET HTTP response splitting HTTP request smuggling HTTP header oversize (HHO) HTTP meta character (HMC) HTTP method override (HMO) Analyzing a web cache before testing and adapting to it for more efficient testing Generating a report in JSON format Crawling websites for further URLs to scan Routing traffic through a proxy (e.g., Burp Suite) Limiting requests per second to bypass rate limiting [hide][Hidden Content]]

NoSQL scanner and injector. It aims to be fast, accurate, and highly usable, with an easy to understand command-line interface. Features Nosqli currently supports nosql injection detection for Mongodb. It runs the following tests: Error based – inject a variety of characters and payloads, searching responses for known Mongo errors Boolean Blind injection – inject parameters with true/false payloads and attempt to determine if an injection exists Timing injection – attempt to inject timing delays in the server, to measure the response. Changelog v0.5.4 Includes bug fix for open file error. [hide][Hidden Content]]

NoSQL scanner and injector. It aims to be fast, accurate, and highly usable, with an easy to understand command-line interface. Features Nosqli currently supports nosql injection detection for Mongodb. It runs the following tests: Error based – inject a variety of characters and payloads, searching responses for known Mongo errors Boolean Blind injection – inject parameters with true/false payloads and attempt to determine if an injection exists Timing injection – attempt to inject timing delays in the server, to measure the response. Changelog v0.5.3 Include an option to ignore certificate warnings [hide][Hidden Content]]

This tool only extracts information that is public, not use for private or illegal purposes. [hide][Hidden Content]]

Interactive CLI Web Crawler. Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. VIEWS URL: In this view, you should enter the URL string. Options: This view is for setting options. Headers: This view is for setting the HTTP Headers. Keys: This view is used after the crawling web. It will be used to extract the data(docs, URLs, etc) from the web pages that have been crawled. Regex: This view is useful to search the Regexes in web pages that have been crawled. Write your Regex in this view and press Enter. Response: All of the results write in this view Search: This view is used to search the Regexes in the Response content. [hide][Hidden Content]]

Penta (PENTest + Automation tool) Penta is a Pentest automation tool using Python3. Main menu Port scanning To check ports for a target. Log output supported. Nmap To check ports by additional means using nmap Check HTTP option methods To check the methods (e.g. GET, POST) for a target. Grab DNS server info To show the info about DNS server. Shodan host search To collect host service info from Shodan. Request Shodan API key to enable the feature. FTP connect with anonymous To check if it has anonymous access activated in port 21. FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it. Anyone can log in to the server if the administrator has allowed an FTP connection with anonymous login. SSH connect with Brute Force To check ssh connection to scan with Brute Force. Dictionary data is in data/dict. [HIDE][Hidden Content]]