This tool helps discover local file inclusion vulnerabilities. It creates a random user agent for the connection, supports nullbytes, supports common Unix systems, and more.
0c1637f07029317c9015b1f6d44d3a4c08567372e22ad7436e02997621345c13
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
8f752061c0ba8ce3e771bf03b1d9c18849d7e1d91751323971e42695ac277db8
LFImap is a python script that tests leverages local file inclusion vulnerabilities to figure out the root of a file system, looks inside of some files and more.
541dc1657012d42d82d1363b528f66bb2d6a2ccf0c083443b1475b4be48908c5
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
af9ae528f2df822f1bb78005ebe736b8412d5750d5ad8278037b35790576a542
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
0682c65365408c6d51c6381d0478bb9155d259a2bdb792defe36472fba43dfe1
The Simple Local File Inclusion Exploiter tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities.
ea5cb58e3cce77677069748f7e460b34d2b1081d8978484c039bc2c523a9ec03
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
8c71afc33432e1adab32907b8d378ff256986b2c14f4d7587b3da25139432944
Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
20601c0466034cc250ded1a16d737451cfbe05fbcaf4f667ff25fe004bd1340e
aidSQL SQL injection detection and exploitation tool is a modular PHP scanner that allows you to develop your own plugins for use.
bc0d80a86a9635ed3843b30483350b08c6f20ece6d815dc61ff1240502ffd601
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
7c1e710eec1da55d3deabf2188674969336e3a10322582883e32c802d758bd2e
This is a phpBB remote file inclusion scanner written in Perl.
93a467b53eb62570fc5e92ff28d8edecb743efdb81ac154adda4586ccb58ad9c
WordPress SQL Injection Checker is a tool that attempts to check for known SQL injection vulnerabilities in a given WordPress installation. Written in Python.
9a96deb2b2d0ff7b5fb7d5407e526b70d81ef3aade072ac6acba9c02f46a3630
This python script scans for 58 vulnerable Joomla component payloads.
26c1dd792718beea62e8eb0ab2d6c9e865e5fd26795e1320d27ddd6b697c5805
Dorkmaster is a python script that crawls Google and Bing results looking for various pieces of software that has historically had vulnerabilities. This is useful for verifying that your company is in compliance with software run on a given site.
ca24afbbd6a865806dcb810a4208b7ad90140c55e976cb0579fe9d96a427c2ff
UA-Tester (User-Agent Tester) is a Python script that enables penetration testers to compare response headers from a remote server based on a list of User-Agent strings. The script allows testers to isolate differences in response depending on the browser used to access a site. This can be important as a growing number of sites are catering for mobile devices by forwarding them to alternative (browser friendly) pages, or redirecting them to alternative servers entirely.
254676c67c7b522e642828ca8d076b317ca9957f162215e6ad765c0984d8c67c
iScanner is a free open source tool written in Ruby that lets you detect and remove malicious code from webpages. iScanner will not only show you the infected files in your server but it is also able to clean these files by removing the malware code ONLY from the infected files.
2e0f5f3a1ea22c706232afdde1222ab65dd65fefcc33347fb4275ac6bf190c68
NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. It is useful for acquiring information on a local area network for such purposes as security auditing. It can obtain such information as NMB/SMB/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/Windows domain name, and master browser. It can discover all the NMB/SMB/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
1839ed5bbb6e562b6fc3078a43108380f49de81ea8f373981936514bbf33b20d
Malware Check Tool is a python script that detects malicious files via checking md5 hashes from an offline set or via the virustotal site. It has http proxy support and an update feature.
1da2d31cf70bc80c92291577f2083b14031a5734ec0581920bfa1e0f0bde24ab
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
641b340abb4a2b070368fbc32fbad68ac79578222c4c72aa96b8cc9a39c5589f
Joomla web scanning perl script that gets the version, components and shows possible bugs.
34c4aee508ddefaa7c3e43bf6ee98ce17c6a65504525bd476490698efce3d3c2
Athena is a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers.
ab328efae2073970504ced425560888a40351ffccf0762de763a120a64cb47bb
DotDotPwn is a directory traversal scanner with a database of 871 payloads.
47254c2549152775e87ea36f793d29f7720b1e9b4c205f3487f8926af4a921b3
WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 300 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
9c9ab674ccca531106d1ae71068b6e4c59e2611154341959d1193818e14c9f6f
Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.
5746484757b65191ae5062e9dda972eed7e876620ee348929b1b9490077d8f28
This is a directory traversal scanner written in C#. Complete source included.
aae3b9039bb27f7f912f797a20634eccd12ee41bb22d222b0540fa5288ed8d95