AzSubEnum - Azure Service Subdomain Enumeration

AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into...

Read More

WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done [x] Scan Static Files. [ ] Scan Metadata Of Public Documents (pdf,doc,xls,ppt,docx,pptx,xlsx etc.) [ ] Create a...

Read More

Logsensor - A Powerful Sensor Tool To Discover Login Panels, And POST Form SQLi Scanning

A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning are done in multiprocessing so the script is super fast at scanning...

Read More

CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. About Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit...

Read More

Gotanda - Browser Web Extension For OSINT

Gotanda is OSINT(Open Source Intelligence) Web Extension for Firefox/Chrome. This Web Extension could search OSINT information from some IOC in web page.(IP,Domain,URL,SNS...etc) This Repository partly the studying and JavaScript practice. Download link below. FireFox ChromeUsage Right...

Read More

Smuggler - An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3IMPORTANT This tool does not guarantee no false-positives or false-negatives. Just because a mutation may report OK does not mean there isn't a desync issue, but more importantly just because...

Read More

Taipan - Web Application Security Scanner

Taipan is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your...

Read More

Detect And Bypass Web Application Firewalls And Protection Systems - WhatWaf

Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL's with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads...

Read More

Hostile Subdomain Takeover tool written in Go - subjack

subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing....

Read More

Advanced Web Shell - DAws

There's multiple things that makes DAws better than every Web Shell out there: Bypasses Security Systems(IPS, WAFs,etc) like Suhosin(uses up to 20 php functions just to get a command executed). Drops CGI Shells and communicate with them to bypass Security...

Read More

Web Service Security Assessment Tool - WSSAT

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs...

Read More

The Cyber Swiss Army Knife [A Web App For Encryption, Encoding, Compression And Data Analysis] - CyberChef

The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish,...

Read More