recentpopularlog in

whip_lash : scanner   17

Find Security Bugs
The SpotBugs plugin for security audits of Java web applications.

java  library  security  test  analysis  vulnerability  scanner  owasp 
july 2019 by whip_lash
OWASP Dependency Check - OWASP
Dependency-Check is a software composition analysis utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake).
analysis  owasp  security  scanner  vulnerability  software 
july 2019 by whip_lash
GitHub - Coalfire-Research/DeathMetal: Red team & penetration testing tools to exploit the capabilities of Intel AMT
dm_pickles - Duckyscript interpreter that communicates over AMT KVM (vnc) and injects keystrokes.
dm_toki - IDE-R implementation - lets you attach floopy and CD images remotely to the target computer.
dm_nathan - Is a cli that allows for configuring AMT via authenticated channel
dm_rockso - Presence and version scanner, can help you find AMT capable systems regardless of provisioning status. (works even if explicitly not-enabled)
intel  amt  scanner  pentest  hardware  bmc 
april 2019 by whip_lash
nmap/lu-enum.nse at master · nmap/nmap · GitHub
When connecting to a TN3270E server you are assigned a Logical Unit (LU) or you can tell
the TN3270E server which LU you'd like to use. Typically TN3270E servers are configured to
give you an LU from a pool of LUs. They can also have LUs set to take you to a specific
application. This script attempts to guess valid LUs that bypass the default LUs you are
assigned. For example, if a TN3270E server sends you straight to TPX you could use this
script to find LUs that take you to TSO, C...
mainframe  pentest  telnet  nmap  scanner 
april 2019 by whip_lash
GitHub - OCSAF/freevulnsearch: Free and open NMAP NSE script to query vulnerabilities via the API.
In conjunction with the version scan "-sV" in NMAP, the corresponding vulnerabilities are automatically assigned using CVE (Common Vulnerabilities and Exposures) and the severity of the vulnerability is assigned using CVSS (Common Vulnerability Scoring System).
nmap  script  cvss  vulnerability  scanner 
february 2019 by whip_lash
linuz/Sticky-Keys-Slayer: Scans for accessibility tools backdoors via RDP
Establishes a Remote Destop session (RDP) with the specified hosts and sends key presses to launch the accessibility tools within the Windows Login screen. will analyze the console and alert if a command prompt window opens up. Screenshots will be put into a folder ('./rdp-screenshots' by default) and screenshots with a cmd.exe window are put in a subfolder ('./rdp-screenshots/discovered' by default). accepts a single host or a list of hosts, delimited by line and works with multiple hosts in parallel.
pentest  rdp  scanner  osint  recon 
october 2018 by whip_lash
Tools. |
This is an ongoing project with more tools coming up in future. Pretty soon official site for this project will be made public at Some of the projects that are already released can be seen under the Tools section above.
s3  amazon  search  scanner 
january 2018 by whip_lash
GTScan - The Nmap Scanner for Telco - KitPloit - PenTest Tools for your Security Arsenal ☣
GTScan relies on using emtpy TCAP layers as probes to detect listening subsystem numbers (i.e application port numbers like 80 for http, 443 for https but for telecom nodes) on the respective global titles. With this way will be able to map the network and use the results to conduct targeted direct attacks to the respective nodes.
GTScan includes Message handling: Return message on error in the SCCP layer to determine from the response what is the scanned node. If a TCAP abort message is returned with an error p-abortCause: unrecognizedMessageType (0) thus the destination nodes is listening on the SSN that was scanned, else then the scanner continues scanning on other SSNs
telecom  scanner 
january 2018 by whip_lash
GitHub - vulnersCom/nmap-vulners: NSE script based on API
NSE script using some well-known service to provide info on vulnerabilities
nmap  plugin  scanner  vulnerability  nse 
january 2018 by whip_lash
smb2-vuln-uptime NSE Script
Attempts to detect missing patches in Windows systems by checking the uptime returned during the SMB2 protocol negotiation.

SMB2 protocol negotiation response returns the system boot time pre-authentication. This information can be used to determine if a system is missing critical patches without triggering IDS/IPS/AVs.

Remember that a rebooted system may still be vulnerable. This check only reveals unpatched systems based on the uptime, no additional probes are sent.
smb  pentest  nmap  nse  vulnerability  scanner 
january 2018 by whip_lash
Reposcanner - Python Script To Scan Git Repos For Interesting Strings - KitPloit - PenTest Tools for your Security Arsenal ☣
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog.
git  scanner  osint 
january 2018 by whip_lash

Copy this bookmark:

to read