Search the Community

Tools Listeners HTTP Server DNS Server TCP Server POSTMessage Hooker Websocket Hooker Analysis HTTP/JS-Files/Binary Analyze Analyze Files (Binary, Metadata, Text files, Js sinks) Net Tools Get DNS Records Resolve Hosts Reverse IPs Passive DNS DNS History Text Tools Text Processing Block construct Format generator pattern creation Encrypt/Decrypt data Hash Identification Crackers Payload Generators Encoders/Decoders Poc Generators (Python, Bash, HTML) Recon Get Websites ScreenShots GET Subdomains (Scrabbing, Minning, DNS-brute-force, Http-brute-force) Site categorizer s3/GC bucket enumeration Github Lister Ip History Scanners Detect Misconfiguration Port/vulnerability/ssl scanner Vulnerability Exploiters Waf Detection Scrabbers Download Android apps (APK) Travis-CI logs fetching if the app is not working properly, Download this archive dlls.zip and extract the dll files, put them in the application folder, beside the executable file Some notes: This tool is meant primarily for bug hunters (especially beginners). This tool is not backdoored with any malicious software/tracking. This tool contains bugs more than features so use it carefully. Connections are issued using the .Net (SystemDotWeb) which is slow and limited by design, consider using many threads, this will be replaced with another solution. Memory is not carefully managed so be careful, do not use all the tools at the same time. Do not use it illegally Tools starting with _ are not built yet, I added buttons to remember writing them so I could build them in future, hence no need to reverse engineer the tool in order to enable them, if you have time feel free to do it no problem. Many third-parties are used without permission no APIS used. The source code is not published because the tool is a beta and the code is ugly and worse than my handwriting. The project is planned to be open-source with the first release. Suggestions are deeply welcome. Credits are reserved for all authors and third-parties. [HIDE][Hidden Content]]

Python3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station. Features Generate a dictionary list using Cartesian product method, support custom dictionary list Random UserAgent, XFF, X-Real-IP Customize 404-page recognition, access random pages and then compare the similarities through difflib to identify custom 302 jumps When scanning the directory, first detect the http port and add multiple http ports of one host to the scan target. Filter invalid Content-Type, invalid status? WAF/CDN detection Use the socket to send packets to detect common ports and send different payload detection port service fingerprints. Hosts that encounter full port open (portspoof) automatically skip Call wappalyzer.json and WebEye to determine the website fingerprint It is detected that the CDN or WAF website automatically skips Call nmap to identify the operating system fingerprint Call weak password detection script based on port open (FTP/SSH/TELNET/Mysql/MSSQL…) Call POC scan based on fingerprint identification or port, or click on the open WEB port of IP Analyze sensitive asset information (domain name, mailbox, apikey, password, etc.) in the js file Grab website connections, test SQL injection, LFI, etc. Call some online interfaces to obtain information such as VT, www.yougetsignal.com and other websites, determine the real IP through VT pdns, and query the website by www.yougetsignal.com and api.hackertarget.com. [HIDE][Hidden Content]]

[Hidden Content]