Search the Community

This tool is very helpful for finding vulnerabilities present in Web Applications. A web application scanner explores a web application by crawling through its web pages and examines it for security vulnerabilities, which involves the generation of malicious inputs and evaluation of the application’s responses. These scanners are automated tools that scan web applications to look for security vulnerabilities. They test web applications for common security problems such as cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF). This scanner uses different tools like nmap, dnswalk, dnsrecon, dnsenum, dnsmap, etc in order to scan ports, sites, hosts, and networks to find vulnerabilities like OpenSSL CCS Injection, Slowloris, Denial of Service, etc. [Hidden Content]

The Importance of Vulnerability Management and Patching for a Strong Security Posture Learn why regular vulnerability assessments and timely patching are essential to maintaining a strong security posture. Get tips on managing software and hardware vulnerabilities effectively. The Importance of Vulnerability Management and Patching for a Strong Security Posture - LeVeL23HackTools

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. The profile is the type of scan that will be executed by the nmap subprocess. The Ip or target will be provided via argparse. At first the custom nmap scan is run which has all the curcial arguments for the scan to continue. nextly the scan data is extracted from the huge pile of data which has been driven by nmap. the "scan" object has a list of sub data under "tcp" each labled according to the ports opened. once the data is extracted the data is sent to openai API davenci model via a prompt. the prompt specifically asks for an JSON output and the data also to be used in a certain manner. The entire structure of request that has to be sent to the openai API is designed in the completion section of the Program def profile(ip): nm.scan('{}'.format(ip), arguments='-Pn -sS -sU -T4 -A -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script=vuln') json_data = nm.analyse_nmap_xml_scan() analize = json_data["scan"] # Prompt about what the quary is all about prompt = "do a vulnerability analysis of {} and return a vulnerabilty report in json".format(analize) # A structure for the request completion = openai.Completion.create( engine=model_engine, prompt=prompt, max_tokens=1024, n=1, stop=None, ) response = completion.choices[0].text return response [Hidden Content]

This tool has the following features: - Domain email spoofability checker: The tool will automatically check if a domain is email spoofable or not. This can help you identify potential vulnerabilities in your email system. - Single and multiple domain input: You can input a single domain or multiple domains at once. For multiple domain input, you'll need to have a text file with the domains listed. - Easy to use: The tool is user-friendly and easy to use, even for those who may not be tech-savvy. - Quick results: The tool generates results quickly, so you don't have to wait long to find out if a domain is email spoofable or not. - Potential email security improvement: By identifying potential email spoofing vulnerabilities, this tool can help you improve your email security and protect your organization from email-based threats. [hide]Tool is mainly supposed for Linux, posted by BLACK_SCORP10 on github here link: [Hidden Content]] Happy hunting!

Downloads Information from NIST (CVSS), first.org (EPSS), and CISA (Exploited Vulnerabilities) and combines them into one list. Reports from vulnerability scanners like OpenVAS can be enriched with this information to prioritize remediation. The repository also contains a PowerBI template to show how such a dashboard can be created. [hide][Hidden Content]]

[Hidden Content]

This isn't cutting edge news(Jan 10 2023) but it's still relevant A vulnerability in Windows' Advanced Local Procedure Call (ALPC) Exploitation of this vulnerability can lead to a browser sandbox escape and scope change allowing an attacker to gain SYSTEM privileges

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1.5 LFI: adds a payload for loknop technique (chaining PHP filters) mod_cookie: Fix bad WSTG code for bad cookie attribute Core: use proxy settings for updating Core: fix creds options Core: update most dependencies [hide][Hidden Content]]

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1.4 Crawler: Adds support for Firefox headless (using the new --headless option) Core: improve authentication. You can now pass HTTP auth (basic, ntml, etc) AND login by sending creds to an HTML form Core: remove internationalization [hide][Hidden Content]]

Zero False Positives, Without Affecting Business Each loophole has undergone real experimental evidence, using refined semantic analysis + innovative detection technology to ensure that the loophole is real and effective, to avoid massive misreporting affecting the business judgment, and to save safety resources。 The Xray community is a free white hat tool platform launched by Nagaki Technology. Currently, the community has Xray loophole scanner Radium reptile The tools were created by many experienced safety developers and tens of thousands of community contributors [hide][Hidden Content]]

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1.2 Fix a crash that may occur after the crawling and before laucnhing attacks (connection pool was closed) [hide][Hidden Content]]

[Hidden Content] [Hidden Content]

WPrecon (WordPress Recon) Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Detection WAF Fuzzing Backup Files Fuzzing Passwords Random User-Agent Plugin(s) Enumerator Theme(s) Enumerator Scripts Tor Proxy User(s) Enumerator Vulnerability Version Checking (Beta) Changelog v2.4.4 ♻️ Code refactoring 🌟 A start to Windows compatibility [hide][Hidden Content]]

WSVuls - Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers) What's WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issues outdated software version, insecures HTTP headers, the long and useless requests Why WSVuls ? WSVuls can extract the following data while crawling: First Byte Start Render FCP Speed Index LCP CLS TBT DC Time DC Requests DC Bytes Time Requests Total Bytes In Mapper : Resource Request Start Content Type DNS Lookup SSL Negotiation Error/Status Code [hide][Hidden Content]]

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. [hide][Hidden Content]]

WPScan is a black box WordPress vulnerability scanner. Changelog v3.8.21 Minor Improved plugin version detection via changelog section in the Readme – Ref #1692 Fixed deprecation warnings – Ref #1709 [hide][Hidden Content]]

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.1 Crawler: Fix passing named “button” tags in HTML forms Modules: Skip modules that fails to load properly (missing dependencies, code error, etc) Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr) CSRF: Django anti-CSRF token added to the whitelist Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports Crawler: Improved the parsing of HTML redirections (meta refresh) HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files. Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed. Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto) Core: Load correctly resources if Wapiti is running from an egg file. [hide][Hidden Content]]

WPrecon (WordPress Recon) Wprecon (WordPress Recon), is a vulnerability recognition tool in CMS WordPress, 100% developed in Go. Features Detection WAF Fuzzing Backup Files Fuzzing Passwords Random User-Agent Plugin(s) Enumerator Theme(s) Enumerator Scripts Tor Proxy User(s) Enumerator Vulnerability Version Checking (Beta) Changelog v2.3.2 alpha WPrecon: Bug fixes Higher speed Better Looking Code: Complete Code Refactoring Removed packages Project: Restructuring of packages and folders. [hide][Hidden Content]]

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) [hide][Hidden Content]]

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.0.8 CLI: prevent users from using -a without specifying –ayth-type (and vice versa) Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) [hide][Hidden Content]]

WPScan is a black box WordPress vulnerability scanner. Changelog v3.8.20 Minor: Added patch for Homebrew [hide][Hidden Content]]

Web Cache Vulnerability Scanner Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines. Features Support for 9 web cache poisoning techniques: Unkeyed header poisoning Unkeyed parameter poisoning Parameter cloaking Fat GET HTTP response splitting HTTP request smuggling HTTP header oversize (HHO) HTTP meta character (HMC) HTTP method override (HMO) Analyzing a web cache before testing and adapting to it for more efficient testing Generating a report in JSON format Crawling websites for further URLs to scan Routing traffic through a proxy (e.g., Burp Suite) Limiting requests per second to bypass rate limiting [hide][Hidden Content]]

Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors. General features Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…). Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases). Can give you colors in the terminal to highlight vulnerabilities. Different levels of verbosity. Fast and easy way to activate/deactivate attack modules. Adding a payload can be as easy as adding a line to a text file. Browsing features Support HTTP, HTTPS, and SOCKS5 proxies. Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM. Ability to restrain the scope of the scan (domain, folder, page, url). Automatic removal of one or more parameters in URLs. Multiple safeguards against scan endless-loops (for example, limit of values for a parameter). Possibility to set the first URLs to explore (even if not in scope). Can exclude some URLs of the scan and attacks (eg: logout URL). Import of cookies (get them with the wapiti-getcookie tool). Can activate / deactivate SSL certificates verification. Extract URLs from Flash SWF files. Try to extract URLs from javascript (very basic JS interpreter). HTML5 aware (understand recent HTML tags). Several options to control the crawler behavior and limits. Skipping some parameter names during attack. Setting a maximum time for the scan process. Adding some custom HTTP headers or setting a custom User-Agent. Supported attacks Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections) Cross Site Scripting (XSS) reflected and permanent File disclosure detection (local and remote include, require, fopen, readfile…) Command Execution detection (eval(), system(), passtru()…) XXE (Xml eXternal Entity) injection CRLF Injection Search for potentially dangerous files on the server (thank to the Nikto db) Bypass of weak htaccess configurations Search for copies (backup) of scripts on the server Shellshock DirBuster like Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload). Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities. Module names The aforementioned attacks are tied to the following module names : backup (Search for copies and scripts) blindsql (SQL injection vulnerabilities detected with time-based methodology) buster (DirBuster like a module) crlf (CR-LF injection in HTTP headers) delay (Not an attack module, prints the 10 slowest to load web pages of the target) exec (Code execution or command injection) file (Path traversal, file inclusion, and XXE) htaccess (Misconfigured htaccess restrictions) nikto (Look for known vulnerabilities by testing URL existence and checking responses) permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads) shellshock (Test Shellshock attack, see [Hidden Content] ) sql (Error-based SQL injection detection) xss (XSS injection module) Changelog v3.0.7 Fix stupid mistake in mod_takeover [hide][Hidden Content]]

RapidScan – The Multi-Tool Web Vulnerability Scanner It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof. Features one-step installation. executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously. some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismeroetc executes under one entity. saves a lot of time, indeed a lot of time!. checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively. legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed. vulnerability definitions guide you what the vulnerability actually is and the threat it can pose. (under development) remediations tell you how to plug/fix the found vulnerability. (under development) executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development) artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development) Vulnerability Checks ✔️ DNS/HTTP Load Balancers & Web Application Firewalls. ✔️ Checks for Joomla, WordPress, and Drupal ✔️ SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling). ✔️ Commonly Opened Ports. ✔️ DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum). ✔️ Sub-Domains Brute Forcing. ✔️ Open Directory/File Brute Forcing. ✔️ Shallow XSS, SQLi, and BSQLi Banners. ✔️ Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution). & more coming up… [hide][Hidden Content]]

crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. The built-in URL de-duplication module filters out a large number of pseudo-static URLs, still maintains a fast parsing and crawling speed for large websites, and finally gets a high-quality collection of request results. crawlergo currently supports the following features: chrome browser environment rendering Intelligent form filling, automated submission Full DOM event collection with automated triggering Smart URL de-duplication to remove most duplicate requests Intelligent analysis of web pages and collection of URLs, including javascript file content, page comments, robots.txt files and automatic Fuzz of common paths Support Host binding, automatically fix and add Referer Support browser request proxy Support pushing the results to passive web vulnerability scanners [hide][Hidden Content]]