Search the Community

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. The profile is the type of scan that will be executed by the nmap subprocess. The Ip or target will be provided via argparse. At first the custom nmap scan is run which has all the curcial arguments for the scan to continue. nextly the scan data is extracted from the huge pile of data which has been driven by nmap. the "scan" object has a list of sub data under "tcp" each labled according to the ports opened. once the data is extracted the data is sent to openai API davenci model via a prompt. the prompt specifically asks for an JSON output and the data also to be used in a certain manner. The entire structure of request that has to be sent to the openai API is designed in the completion section of the Program def profile(ip): nm.scan('{}'.format(ip), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln') json_data = nm.analyse_nmap_xml_scan() analize = json_data["scan"] # Prompt about what the quary is all about prompt = "do a vulnerability analysis of {} and return a vulnerabilty report in json".format(analize) # A structure for the request completion = openai.Completion.create( engine=model_engine, prompt=prompt, max_tokens=1024, n=1, stop=None, ) response = completion.choices[0].text return response [Hidden Content]

Description Welcome to the “Ethical Hacking: Network Scan Nmap& Nessus| Network Security” course. Scan networks with vulnerabilities by using Nmap& Nessus. Master Cyber Security, ethical hacking, network hacking skills This is our 3rd course in our Ethical Hacking series. Whether you want to get your first job in IT security, become a white hat hacker, or prepare to check the security of your own home network, Oak Academy offers practical and accessible ethical hacking courses to help keep your networks safe from cybercriminals. Cyber security is one that is definitely trending with a top-notch salary to match! Ethical hackers and cyber security professionals are some of the most in-demand professionals today as the world is experiencing a major skill shortage in the field of cyber security. It’s predicted we’ll have a global shortfall of 3.5 million cyber security jobs. The average salary for Cyber Security jobs is $80,000. If you are ready to jump in cyber security career, this course is a great place for you to start. During this ethical hacking course, I will teach you beautiful side of the hacking. Penetration testing skills make you a more marketable IT tech. Understanding how to exploit servers, networks, and applications means that you will also be able to better prevent malicious exploitation. From website and network hacking, to pen testing in Python and Metasploit, Udemy has a course for you. I wanted to use “Hacking Essentials” in front of the name of the course, but size limit didn’t allow it in Ethical Hacking . Why “hacking essentials”? To be able to perform a successful penetration testing or ethical hacking, first, you have to know all the secrets of your targets. You should find all the systems and network devices of your target network before proceeding an ethical hacking operation. On my complete course, you`ll discover the secrets of ethical hacking and network discovery, using Nmap . You’ll learn all the details of Nmap , which is the most known and de facto network scanning tool. After downloading and installing nmap by hands on lessons, you will be able to use it as an ip port scanner, open port tester and checking for devices’ operating system and other features in ethical hacking . Then in further lessons, we’ll scan the vulnerabilities of the network we discovered by using Nessus. Nessus is the most known vulnerability scanner and is in the third place of the most popular cyber security tools. This course starts at beginner levels so you don’t need to have a previous knowledge of network scanning, finding vulnerabilities in devices, using Nmap & using Nessus in Ethical Hacking. In this course I tried to show the importance of using free tools and platforms, so you don’t need to buy any tool or application. By registering the course you will have lifetime access the all resources, practice videos and will be able to ask questions about related topics whenever you want. In this course, we will learn how to use, Nmap, an active information collection tool and in this case which is the second step. On my complete Nmap course, you`ll discover the secrets of ethical hacking and network discovery, using Nmap. You’ll learn all the details of Nmap, which is the most known and de facto network scanning tool. After downloading and installing Nmap by hands-on lessons, you will be able to use it as an IP port scanner, open port tester and checking for devices’ operating systems and other features. A step by step approach will help you to track your progress on the go and learn needed skills gradually at your own pace. At the end of this course, you will both have a knowledge and a practical skill set about using network scanning, finding vulnerabilities on systems and learning the general competencies of ethical hackers. In this course you will learn; What is the TCP/IP model and how does it work What is OSI model? How does it work What is Port? What is the TCP/UDP port How to scan TCP or UDP services How active services are detected How to scan without getting caught in IPS & IDS systems How to interpret Nmap outputs Nmap scripting (NSE) and more Network Hacking Network Security ethical Ethical Intelligence nmap nessus nmap course nmap metaspolit Complete nmap Kali linux nmap ethical hacking penetration testing bug bounty hack cyber security kali linux android hacking network security hacking security security testing nmap Here’s just some of what you’ll learn by the end of course, Understand the main terminology of Network Scanning and Finding Vulnerabilities in devices in a network Using Nmap with full knowledge and experience How to scan a network for scripts Learn about network scan types Learn how to use Hping And much, much more….We have also added practical lab sessions in our course for sharping up your skills. Also after completion of the course, a certificate will be created for your arsenal. In this course, you will find the clean and pure information. When preparing the training, we especially avoided unnecessary talk and waiting; we have found these parts for you and gotten them out. I have been working as a cyber security specialist and college instructor for 10 years after a decade of software engineering experience. I am the cyber security expert and the mentor of junior penetration testers as a Certified Ethical Hacker. I performed and managed internal/external/on-site/remote penetration tests & vulnerability assessments at top level financial institutions including global banks HSBC, City Bank, ING Bank; and much other public & private organisations. As a result of this expertise, I’m working with a handcrafted detail for creating the best and necessary content for my students. This approach also can be seen in my previous course’s reviews. See what my fellow students have to say: “Very good experience, I always wanted such type of training which is filled with deep explanation and demo. I am interested in the security field and want to make my career in this domain, I really enjoy the learning.” – Pragya Nidhi “Easy teaching, no unnecessary statements. Just telling what is needed… An effective real introduction to pentest.” – Ben Dursun “All applied and easy to grasp the content. Looking forward to getting next training of the lecturer.” – Jim Dowson “I liked this course! Lots of topics were covered. What I liked the most is the variety of tools used in this course. This way, someone who is willing to learn can pick up the tool that he is interested in and dive more into details. The most important thing is the experienced instructor who takes comments and reviews into consideration and gets back to you whenever there is room for improvement or new topics that might be interesting to you. I can summarise all in two words. I learned!” – Rami Zebian This is the best tech-related course I’ve taken and I have taken quite a few. Having limited networking experience and absolutely no experience with hacking or ethical hacking, I’ve learned, practiced, and understood how to perform hacks in just a few days. I’m always updating this course with fresh content, too FAQ regarding Ethical Hacking : What is Ethical Hacking and what is it used for ? Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system or network to expose potential vulnerabilities. An ethical hacker is also sometimes referred to as a white hat hacker. Many depend on ethical hackers to identify weaknesses in their networks, endpoints, devices, or applications. The hacker informs their client as to when they will be attacking the system, as well as the scope of the attack. An ethical hacker operates within the confines of their agreement with their client. They cannot work to discover vulnerabilities and then demand payment to fix them. This is what gray hat hackers do. Ethical hackers are also different from black hat hackers, who hack to harm others or benefit themselves without permission. Is Ethical Hacking a good career? Yes, ethical hacking is a good career because it is one of the best ways to test a network. An ethical hacker tries to locate vulnerabilities in the network by testing different hacking techniques on them. In many situations, a network seems impenetrable only because it hasn’t succumbed to an attack in years. However, this could be because black hat hackers are using the wrong kinds of methods. An ethical hacker can show a company how they may be vulnerable by levying a new type of attack that no one has ever tried before. When they successfully penetrate the system, the organization can then set up defenses to protect against this kind of penetration. This unique security opportunity makes the skills of an ethical hacker desirable for organizations that want to ensure their systems are well-defended against cybercriminals. What skills do Ethical Hackers need to know? In addition to proficiency in basic computer skills and use of the command line, ethical hackers must also develop technical skills related to programming, database management systems (DBMS), use of the Linux operating system (OS), cryptography, creation and management of web applications and computer networks like DHCP, NAT, and Subnetting. Becoming an ethical hacker involves learning at least one programming language and having a working knowledge of other common languages like Python, SQL, C++, and C. Ethical hackers must have strong problem-solving skills and the ability to think critically to come up with and test new solutions for securing systems. Ethical hackers should also understand how to use reverse engineering to uncover specifications and check a system for vulnerabilities by analyzing its code. Why do hackers use Linux? Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS, meaning that anyone can modify it. It’s easy to access and customize all parts of Linux, which allows a hacker more control over manipulating the OS. Linux also features a well-integrated command-line interface, giving users a more precise level of control than many other systems offer. While Linux is considered more secure than many other systems, some hackers can modify existing Linux security distributions to use them as hacking software. Most ethical hackers prefer Linux because it’s considered more secure than other operating systems and does not generally require the use of third-party antivirus software. Ethical hackers must be well-versed in Linux to identify loopholes and combat malicious hackers, as it’s one of the most popular systems for web servers. Is Ethical Hacking Legal? Yes, ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system. An ethical hacker operates within constraints stipulated by the person or organization for which they work, and this agreement makes for a legal arrangement. An ethical hacker is like someone who handles quality control for a car manufacturer. They may have to try to break certain components of the vehicle such as the windshield, suspension system, transmission, or engine to see where they are weak or how they can improve them. With ethical hacking, the hacker is trying to “break” the system to ascertain how it can be less vulnerable to cyberattacks. However, if an ethical hacker attacks an area of a network or computer without getting expressed permission from the owner, they could be considered a gray hat hacker, violating ethical hacking principles. What is the Certified Ethical Hacker ( CEH ) Certification Exam? The Certified Ethical Hacker (CEH) certification exam supports and tests the knowledge of auditors, security officers, site administrators, security professionals, and anyone else who wants to ensure a network is safe against cybercriminals. With the CEH credential, you can design and govern the minimum standards necessary for credentialing information that security professionals need to engage in ethical hacking. You can also make it known to the public if someone who has earned their CEH credentials has met or exceeded the minimum standards. You are also empowered to reinforce the usefulness and self-regulated nature of ethical hacking. The CEH exam doesn’t cater to specific security hardware or software vendors, such as Fortinet, Avira, Kaspersky, Cisco, or others, making it a vendor-neutral program. What is the Certified Information Security Manager ( CISM ) exam? Passing the Certified Information Security Manager (CISM) exam indicates that the credentialed individual is an expert in the governance of information security, developing security programs and managing them, as well as managing incidents and risk. For someone to be considered “certified,” they must have passed the exam within the last five years, as well as work full-time in a related career, such as information security and IT administration. The exam tests individuals’ knowledge regarding the risks facing different systems, how to develop programs to assess and mitigate these risks, and how to ensure an organization’s information systems conform to internal and regulatory policies. The exam also assesses how a person can use tools to help an organization recover from a successful attack. What are the different types of hackers? The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems, black hat hackers who are cybercriminals, and grey hat hackers, who fall in-between and may not damage your system but hack for personal gain. There are also red hat hackers who attack black hat hackers directly. Some call new hackers green hat hackers. These people aspire to be full-blown, respected hackers. State-sponsored hackers work for countries and hacktivists and use hacking to support or promote a philosophy. Sometimes a hacker can act as a whistleblower, hacking their own organization in order to expose hidden practices. There are also script kiddies and blue hat hackers. A script kiddie tries to impress their friends by launching scripts and download tools to take down websites and networks. When a script kiddie gets angry at It’s no secret how technology is advancing at a rapid rate. New tools are released every day, and it’s crucial to stay on top of the latest knowledge for being a better security specialist. For keeping up with that pace I’m always adding new, up-to-date content to this course at no extra charge.After buying this course, you’ll have lifetime access to it and any future updates. I’ll personally answer all your questions As if this course wasn’t complete enough, I offer full support, answering any questions. See you in the “Ethical Hacking: Network Scan Nmap& Nessus| Network Security” course. Scan networks with vulnerabilities by using Nmap& Nessus. Master Cyber Security, ethical hacking, network hacking skills IMPORTANT: This course is created for educational purposes and all the information learned should be used when the attacker is authorized. Who this course is for: Anyone who wants to learn network scan techniques by using Nmap Anyone who wants to learn finding vulnerabilities in devices in a network by using Nessus Anyone who to learn script scanning in a network People who are willing to make a career in Cyber Security Cyber Security Consultants who support / will support organizations for creating a more secure environment Anyone who wants to be a White Hat Hacker People who want to take their ethical hacking skills to the next level Requirements 4 GB (Gigabytes) of RAM or higher (8 GB recommended) for ethical hacking and penetration testing 64-bit system processor is mandatory 10 GB or more disk space for ethical hacking and Nmap Nessus course Enable virtualization technology on BIOS settings, such as “Intel-VTx” Modern Browsers like Google Chrome (latest), Mozilla Firefox (latest), Microsoft Edge (latest) All items referenced in this course are Free A computer for installing all the free software and tools needed to practice A strong desire to understand hacker tools and techniques in ethical hacking Be able to download and install all the free software and tools needed to practice in hacking A strong work ethic, willingness to learn and plenty of excitement about the back door of the digital world Nothing else! It’s just you, your computer and your ambition to get started today [Hidden Content] [Hidden Content]

Juumla is a python tool created to identify the Joomla version, scan for vulnerabilities and search for config or backup files. ✨ Features Fast scan Low RAM and CPU usage Detect Joomla version Find config and backup files Scan for vulnerabilities based on the Joomla version Open-Source Changelog v0.1.4 Improved the code Removed useless checks Changed Juumla banner Changed status messages [hide][Hidden Content]]

GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets, as well as other potential security vulnerabilities or policy breaks. GitGuardian shield uses our public API through py-gitguardian to scan and detect potential secrets on files and other text content. Only metadata such as call time, request size, and scan mode is stored from scans using GitGuardian shield, therefore secrets and policy breaks incidents will not be displayed on your dashboard and your files and secrets won’t be stored. You’ll need an API Key from GitGuardian to use ggshield. Currently supported integrations Azure Pipelines Bitbucket Pipelines Circle CI Orbs Docker Drone GitHub Actions GitLab Jenkins Pre-commit hooks Pre-push hooks Pre-receive hooks Travis CI Changelog v1.4.2 Add dead link checker action by @RemakingEden in #303 Adjust link-check run & fix last broken link by @commjoen in #304 Challenge 18: New challenge – MD5 hashing by @RemakingEden in #298 Bump peter-evans/create-issue-from-file from 3 to 4 by @dependabot in #306 Challenge 18-pre-alpha fixes by @commjoen in #305 [hide][Hidden Content]]

Zscan is an open-source collection of Intranet port scanners, blasting tools, and other utilities. Based on host discovery and port scanning, you can blow up mysql, MSSQL, Redis, Mongo, Postgres, FTP, SSH, and other services. Other scanning functions include NetBIOS, SMB, OXID, SOCKS Server (scanning proxy servers on the Intranet), SNMP, and MS17010. Each module has its own unique functions such as SSH, which also supports user name, password, and public key login, traverses the host based on the private key and can execute commands after all services are blown up successfully. In addition to basic scanning and service blasting, Webtitle capture and fingerprint recognition are also supported, ZScan integrates the nc module (connect and listen), HTTPServer module (support for downloading files, uploading files, and authentication), SOcks5 module (start a proxy server). There is also the ALL module, which calls all the other scanning and blasting modules during the scan. Built-in proxy functionality. Module Existing modules： ping: Ping is invoked for common users, and ICMP packets are used for root users ps: Port scan and get httptitle all: Call all scan and burst modules for scanning ssh: Username and password blasting, SSH username and password login, public key login mysql/mssql/mongo/redis/postgres/ftp:Username password blasting and execute simple commands proxyfind: Scan the proxy in the network, currently support SOCKS4/5, later add HTTP ms17010: ms17010 Vulnerability batch scanning snmp: snmp scan winscan: Includes OXID, SMB, NETBIOS scanning functions nc: A simple nc, can start the port to connect the port socks5: Start a SOcks5 server httpserver: Start an HTTP server that supports identity authentication and file uploading Tool edge🚀 The command is simple and convenient, and the function of the module is simple and clear, which is convenient to expand and add various new functions Not just a scanner, but also integrated with a variety of common utility features, built-in proxy capabilities, can be called a toolkit Port scanning and blasting are seamlessly connected, greatly improving the scanning speed: This advantage is fully reflected in the ALL module. In the process of multi-threaded port scanning, open ports will be judged. If a port can be blasted, another multi-thread will be immediately opened in the current thread for blasting. Significantly increase speed. The procedure of obtaining an open port before blasting is reduced Beautiful and easy to read output format: through color differentiation, not only output during the process, but also generate scan results at the end of the scan, showing all scan and blasting results during the process (introduce), and support to record the scan results to a file Not only can the service be blasted, but the command can be executed successfully Under development, if you find any problems or bugs, or any novel and interesting functional requirements can contact me [hide][Hidden Content]]

Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Changelog v5.2 added custom DNS --dns [hide][Hidden Content]]

Silver is a front-end that allows complete utilization of (masscan,nmap) programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more. Features Resumable scanning Slack notifcations Multi-core utilization Supports: IPs, CIDR & hostnames Vulnerability data caching Shodan integration Dependencies nmap masscan Python libraries psutil requests [Hidden Content]

Hi, I want to take advantage of my inactivity to ask, what services are currently left where samples can be scanned without being shared with AV companies?

EDRHunt scans Windows services, drivers, processes, the registry for installed EDRs (Endpoint Detection And Response). Detections EDR Detections Currently Available Windows Defender Kaspersky Security Symantec Security Crowdstrike Security Mcafee Security Cylance Security Carbon Black SentinelOne FireEye [hide][Hidden Content]]

A tool to find open S3 buckets and dump their contents The tool takes in a list of bucket names to check. Found S3 buckets are output to file. The tool will also dump or list the contents of ‘open’ buckets locally. Features ⚡️ Multi-threaded scanning 🔭 Supports tons of S3-compatible APIs 🕵️‍♀️ Scans all bucket permissions to find misconfigurations 💾 Dump bucket contents to a local folder 🐳 Docker support Changelog v2.0.2 Fixes #122 – CVE-2021-32061: Path Traversal via dump of malicious bucket [hide][Hidden Content]]

Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Changelog v5.2 added asynchronous execution [hide][Hidden Content]]

dokrscout is a tool to automate the finding of vulnerable applications or secret files around the internet through google searches, dorkscout first starts by fetching the dorks lists from [Hidden Content], and then it scans a given target or everything it founds. [hide][Hidden Content]]

FindYara Use this IDA python plugin to scan your binary with Yara rules. All the Yara rule matches will be listed with their offset so you can quickly hop to them! Using FindYara The plugin can be launched from the menu using Edit->Plugins->FindYara or using the hot-key combination Ctrl-Alt-Y. When launched the FindYara will open a file selection dialogue that allows you to select your Yara rules file. Once the rule file has been selected FindYara will scan the loaded binary for rule matches. All rule matches are displayed in a selection box that allows you to double click the matches and jump to their location in the binary. [hide][Hidden Content]]

Features Fast scan Low RAM and CPU usage Identify Joomla version Config files detection Open-Source Vulnerability Scanner Improve Joomla detection Config files detection Improve code [hide][Hidden Content]]

Burp Automation Performing automated scan using Burp Suite Pro & Vmware Burp Rest API with Robot Framework using Python3. It can be also used in Jenkins to perform automated UI tests. This will initiate an automated spider and crawler by leveraging the power of the Burp Scanner along with the burp extender. Once the scan is complete the report is generated in HTML & CSV which is automatically uploaded in the GDrive What it does One-click run using bash installs all the dependencies with verbose prerequisites. Uses python3 and robot framework which is easy to automate. Uses Burp Suite Rest API and runs Burp Suite Professional (pre-activated) in the headless mode along with multiple Burp Suite extensions like additional-scanner-checks, BurpJSLinkFinder, and active-scan-plus-plus. Automatically performs pentest of API/Web endpoint including scope addition and deletion using robot script. Automatically upload reports in CSV & HTML into Google Drive in YYYY-MM-DD format. Slack integration for real-time alerts. [hide][Hidden Content]]

Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files. Features Fast scan Low RAM and CPU usage Identify Joomla version Config files detection Open-Source [hide][Hidden Content]]

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Changelog v5.1 added show report --report added csv report --csv added plot report --plot added set apikey --set apikey-virustotal= [hide][Hidden Content]]

Command-line utility for using websites that can perform port scans on your behalf. Useful for early stages of a penetration test or if you’d like to run a port scan on a host and have it not come from your IP address. Supported Online Port Scanners hackertarget ipfingerprints pingeu spiderip standingtech t1shopper viewdns yougetsignal Changelog v2.1.5 Update nmap services file from 2019-05-28 to 2020-10-02 (latest) Fix PyPi long description to display README and as Markdown properly Reviewed scanners still functioning as intended [hide][Hidden Content]]

Tool to scan for secret files on HTTP servers. snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. Changelog v0.0.9 Fix problems with dnspython 2.x, see #54. Add .orig extension to backupfiles test. Add new tests for wordpress debug.log files and url-encoded HTTP header. Minor bugfixes. [hide][Hidden Content]]

A fast tool to scan CRLF vulnerability written in Go Changelog v1.2 Bump to 1.2.0 Update default concurrency to 25 (depends on escape lists) Trim double-quoted string safely escaped URLs Add escape lists [hide][Hidden Content]]

ohmybackup Scans backup folders on target sites. Searches archived files in the folders it finds. With the 2-file scanning system, it adds extensions and filenames in different ways, making it more likely to be found. 1 - files/extensions.txt - This adds new extensions to the file, for example: by adding in the form of .example allows you to retry all the possibilities tried in the new extensions. 2 - files/files.txt - It can scan these folders according to the extensions you added, by giving them new file names. 3 - files/folders.txt - Recursively scans the specified folders. You can add to this list yourself. [hide][Hidden Content]]

snallygaster Tool to scan for secret files on HTTP servers. snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. [hide][Hidden Content]]

Fast Google Dorks Scan A script to enumerate web-sites using Google dorks. Usage example: ./FGDS.sh megacorp.one Version: 0.035, June 07, 2020 Features: Looking for the common admin panel Looking for the widespread file types Path traversal Prevent Google banning [HIDE][Hidden Content]]

snallygaster Tool to scan for secret files on HTTP servers what? snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities. As an introduction to these kinds of issues you may want to watch this talk: Attacking with HTTP Requests See the TESTS.md file for an overview of all tests and links to further information about the issues. [HIDE][Hidden Content]]

snallygaster Tool to scan for secret files on HTTP servers what? snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities. As an introduction to these kinds of issues you may want to watch this talk: Attacking with HTTP Requests See the TESTS.md file for an overview of all tests and links to further information about the issues. [HIDE][Hidden Content]]