Search the Community

Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [hide][Hidden Content]]

Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x) This script uses “WafW00f” to detect the WAF in the first step. This script uses “Sublist3r” to scan subdomains. This script uses “waybacktool” to check in waybackmachine. Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak, index.php~ …) Check header information Check DNS information Check whois information User-agent random or personal Extract files Keep a trace of the scan Check @mail in the website and check if @mails leaked CMS detection + version and vulns Subdomain Checker Backup system (if the script stopped, it take again in the same place) WAF detection Add personal prefix Auto-update script Auto or personal output of scan (scan.txt) Check Github Recursive dir/file Scan with an authentication cookie Option –profil to pass profil page during the scan HTML report Work it with py2 and py3 Add option rate-limit if the app is unstable (–timesleep) Check-in waybackmachine Response error to WAF Check if DataBase firebaseio exist and accessible Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30 Search S3 buckets in source code page Testing bypass of waf if detected Testing if it’s possible scanning with “localhost” host Changelog v1.6.6 Faster Updated: Less FP with bypass forbidden function Updated: Less errors in principal script Updated: Little modifications in report Fixed: Style and system bugs Added: Auto resize relative to window [hide][Hidden Content]]

Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a wide variety of access points and WPS implementations. reaver-wps-fork-t6x version 1.6b is a community forked version, which has included various bug fixes and additional attack method (the offline Pixie Dust attack). Depending on the target’s Access Point (AP), to recover the plaintext WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes. Changelog v1.6.6 several improvements have been made: improved bruteforce mode using .wpc save files. automatic pixiewps pin retrieval and live injection in current session if pin is cracked before the timeout happens, experimental uptime command line switch -u lots of bugfixes and improvements [HIDE][Hidden Content]]

JD-Core and JD-GUI are written in Java. JD-Core works with most current compilers including the following: JDK 1.1.8, JDK 1.3.1, JDK 1.4.2, JDK 1.5.0, JDK 1.6.0, JDK 1.7.0, JDK 1.8.0, JDK 9.0.1, JDK 10.0.2 jrockit90_150_06 jikes-1.22 harmony-jdk-r533500 Eclipse Java Compiler v_677_R32x, 3.2.1 release JD-GUI supports Drag and Drop. JD-GUI supports CLASS, JAR, WAR, EAR, AAR, KAR, JMOD & ZIP files. JD-GUI displays color coded Java source code. JD-GUI allows you to browse the CLASS files and Java modules hierarchy. JD-GUI lets you drag and drop LOG files, decompile CLASS files, and display the line of code that appears in Java stack traces. [HIDE][Hidden Content]]