A somewhat curated list of links to various topics in application security.
Link | Excerpt |
---|---|
Arjun | Arjun What's Arjun? Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along. Web applications use parameters (or queries) to accept user input, take the following example into consideration http://api.example. |
XCTR Hacking Tools - All in one for Information Gathering | Initially, you need to create a project where you will save everything. All of the collected information is saved as "project-name" in the results directory. |
Email recon made fast and easy, with a framework to build on | SimplyEmail was built arround the concept that tools should do somthing, and do that somthing well, hence 'Simply'. Full documentation can be found at: |
Helpful links directory | Helpful links directory Translations What is Zeus Zeus's features Requirements and installation Ubuntu/Debian centOS Backbox other Screenshots Demo video User manual How Zeus works Functionality Passing sqlmap flags with Zeus Legal information License (GPL) Code of conduct Report a bug Open a pul |
Striker | Striker 2.0 is still in prototype phase, which means it's not intended to be used by regular users. It has been made public for contrbutions to make the development faster.Usage: python3 striker.py example.com |
https://github.com/leebaird/discover | Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing and creating malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework (PTF). |
Awesome Asset Discovery | Asset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. With the evolution of information technology, the scope and definition of assets has also evolved. |
BishopFox/GitGot | GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. |
ReconDog | Recon Dog will run on anything that has a python interpreter installed. However, it has been tested on the following configurations: Recon Dog requires no manual configuration and can be simply run as a normal python script. |
CloudFail | CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. |