image
Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack . With this, you no longer need to search for other _ bruteforce _ tools and you also no longer need to ask CMS What is this? only to find _ parameter _ forms, because brutemap will do it automatically. Brutemap is also equipped with an attack method that makes it easy for you to do _ account checking _ or test forms with the _ SQL injection bypass authentication _ technique. Installation Brutemap uses selenium to interact with the website. So, you need to install Web Driver for selenium first. See here . If you have installed the git package, you only need to clone the repository Git . Like this: $ git clone https://github.com/brutemap-dev/brutemap.git And, install the required modules: $ pip install -r requirements.txt Usage For basic use: $ python brutemap.py -t http://www.example.com/admin/login.php -u admin -p default To display a list of available options: $ python brutemap.py -h You can find examples of brutemap usage here . For more information about available options, you can visit the User’s manual . Video Links Homepage: https://brutemap-dev.github.io Download: .zip (latest version) atau .tar.gz (latest version). Issue tracker: https://github.com/brutemap-dev/brutemap/issues User’s manual: https://github.com/brutemap-dev/brutemap/wiki Download Brutemap

image
User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality. Seamless OpenVAS integration now also available on Windows and Linux London, UK – May 2019 – Acunetix, the pioneer in automated web application security software, has announced that all versions of the Acunetix Vulnerability Scanner now support network security scanning . Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online. “No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO. There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as issue tracker integration and comprehensive reporting . More Features in the Latest Build OpenVAS integration is introduced as part of the latest Acunetix version 12 build ( build 12.0.190515149 ). This new build also includes: Support for IPv6 Improved usage of machine resources Added support for Selenium scripts as import files Multiple vulnerability checks for SAP Unauthorized access detection for Redis and Memcached Source code disclosure for Ruby and Python The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found here . Get a demo of the product here .

image
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with AngularJS as Frontend in the iKy-v1 branch and the documentation for its installation here . The reason of changing the Frontend was to update the technology and get an easier way of installation. Video Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget http://download.redis.io/redis-stable.tar.gz tar xvzf redis-stable.tar.gz cd redis-stable make sudo make install And turn on the server in a terminal redis-server Python stuff and Celery You must install the libraries inside requirements.txt pip install -r requirements.txt And turn on Celery in another terminal, within the directory backend ./celery.sh Finally, again, in another terminal turn on backend app from directory backend python app.py Install Frontend Node First of all, install nodejs . Dependencies Inside the directory frontend install the dependencies npm install Turn on Frontend Server Finally, to run frontend server, execute: npm start Browser Open the browser in this url Config API Keys Once the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed. Fullcontact: Generate the APIs from here Twitter: Generate the APIs from here Linkedin: Only the user and password of your account must be loaded Download Project iKy

image
Miteru is an experimental phishing kit detection tool. How it works It collects phishy URLs from the following feeds: CertStream-Suspicious feed via urlscan.io OpenPhish feed via urlscan.io PhishTank feed via urlscan.io Ayashige feed It checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not. Note: compressed file = *.zip , *.rar , *.7z , *.tar and *.gz . Features Phishing kit detection & collection. Slack notification. Threading. Installation $ gem install miteru Usage $ miteru Commands: miteru execute # Execute the crawler miteru help [COMMAND] # Describe available commands or one specific command $ miteru help execute Usage: miteru execute Options: [–auto-download], [–no-auto-download] # Enable or disable auto-download of phishing kits [–directory-traveling], [–no-directory-traveling] # Enable or disable directory traveling [–download-to=DOWNLOAD_TO] # Directory to download file(s) # Default: /tmp [–post-to-slack], [–no-post-to-slack] # Post a message to Slack if it detects a phishing kit [–size=N] # Number of urlscan.io’s results. (Max: 10,000) # Default: 100 [–threads=N] # Number of threads to use # Default: 10 [–verbose], [–no-verbose] # Default: true Execute the crawler $ miteru execute … https://dummy1.com: it doesn’t contain a phishing kit. https://dummy2.com: it doesn’t contain a phishing kit. https://dummy3.com: it doesn’t contain a phishing kit. https://dummy4.com: it might contain a phishing kit (dummy.zip). Using Docker (alternative if you don’t install Ruby) $ git clone https://github.com/ninoseki/miteru.git $ cd miteru/docker $ docker build -t miteru . $ docker run miteru # ex. auto-download detected phishing kit(s) into host machines’s /tmp directory $ docker run -v /tmp:/tmp miteru execute –auto-download Aasciinema cast Note For using –post-to-slack feature, you should set the following environment variables: SLACK_WEBHOOK_URL : Your Slack Webhook URL. SLACK_CHANNEL : Slack channel to post a message (default: “#general”). Alternatives t4d/StalkPhish : The Phishing kits stalker, harvesting phishing kits for investigations. duo-labs/phish-collect : Python script to hunt phishing kits. leunammejii/analyst_arsenal : A tool belt for analysts to continue fighting the good fight. Download Miteru

image
OWASP Security RAT (Requirement Automation Tool) is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you’re developing based on this information, list of common security requirements is generated go through the list of the requirements and choose how you want to handle the requirements persist the state in a JIRA ticket (the state gets attached as a YAML file) create JIRA tickets for particular requirements in a batch mode in developer queues import the main JIRA ticket into the tool anytime in order to see progress of the particular tickets Documentation Please go to https://securityrat.github.io OWASP Website https://www.owasp.org/index.php/OWASP_SecurityRAT_Project Download SecurityRAT

image
_ jwt_tool.py _ is a toolkit for validating, forging and cracking JWTs (JSON Web Tokens). Its functionality includes: Checking the validity of a token Testing for the _ RS/HS256 _ public key mismatch vulnerability Testing for the _ alg=None _ signature-bypass vulnerability Testing the validity of a secret/key/key file Identifying _ weak keys _ via a High-speed _ Dictionary Attack _ Forging new token header and payload values and creating a new signature with the key or via another attack method Audience This tool is written for pentesters , who need to check the strength of the tokens in use, and their susceptibility to known attacks. It may also be useful for developers who are using JWTs in projects, but would like to test for stability and for known vulnerabilities, when using forged tokens. Requirements This tool is written natively in Python 2.x using the common libraries. Customised wordlists are recommended for the Dictionary Attack option. _ As a speed reference, an Intel i5 laptop can test ~1,000,000 passwords per second on HMAC-SHA256 signing. YMMV. _ Installation Installation is just a case of downloading the jwt_tool.py file (or git clone ing the repo). ( chmod the file too if you want to add it to your _ $PATH _ and call it from anywhere.) Usage $ python jwt_tool.py (filename) The first argument should be the JWT itself, followed by a filename/filepath (for cracking the token, or for use as a key file). For example: $ python jwt_tool.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.aqNCvShlNT9jBFTPBpHDbt2gBB1MyHiisSDdp8SQvgw /usr/share/wordlists/rockyou.txt The toolkit will validate the token and list the header and payload values. It will then provide a menu of your available options. _ Note: _ signing the token is currently supported using HS256, HS384, HS512 algorithms Input is in either standard or url-safe JWT format, and the resulting tokens are output in both formats for your ease of use. Further Reading A great intro to JWTs – https://jwt.io/introduction/ A lot of the inspiration for this tool comes from the vulnerabilities discovered by Tim McLean. Check out his blog on JWT weaknesses here: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ My introduction to using this toolkit, and a bit of the history behind it can be found on my blog – https://www.ticarpi.com/introducing-jwt-tool/ A whole bunch of exercises (7 at time of writing) for testing JWT vulnerabilities are provided by Pentesterlab . I’d highly recommend a PRO subscription if you are interested in Web App Pentesting. JWT (alg=None vulnerability) exercise JWT_II (RS/HS256 public key mismatch vulnerability) exercise JWT_III (key-id header field non-sanitisation vulnerability) exercise and just head on over to https://pentesterlab.com/exercises to search for the others! _ PLEASE NOTE: _ This toolkit will solve all of the Pentesterlab JWT exercises in a few seconds when used correctly, however I’d strongly encourage you to work through these exercises yourself, working out the structure and the weaknesses. After all, it’s all about learning… Tips Regex for finding JWTs in Burp Search _ (make sure ‘Case sensitive’ and ‘Regex’ options are ticked) _ [= ]ey[A-Za-z0-9_-]*.[A-Za-z0-9._-]* – url-safe JWT version [= ]ey[A-Za-z0-9_/+-]*.[A-Za-z0-9._/+-]* – all JWT versions (higher possibility of false positives) Download Jwt_Tool

image
Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms. Details Trigmap can performs several tasks using Nmap scripting engine (NSE): _ Port Scan _ _ Service and Version Detection _ _ Web Resources Enumeration _ _ Vulnerability Assessment _ _ Common Vulnerabilities Test _ _ Common Exploits Test _ _ Dictionary Attacks Against Active Services _ _ Default Credentials Test _ Usage Trigmap can be used in two ways: Interactive mode: trigmap [ENTER], and the script does the rest NON-interactive mode: trigmap -h|–host [-tp|–tcp TCP ports] [-up|–udp UDP ports] [-f|–file file path] [-s|–speed time profile] [-n|–nic NIC] [-p|–phase phases] If you want to see the help: trigmap –help to print this helper _ For more screenshots see the relative directory of the repository. _ Dir Hierarchy Customization It’s possible to customize the script by changing the value of variables at the beginning of the file. In particularly you can choose the wordlists used by the Nmap scripts and the most important Nmap scan parameters (ping, scan, timing and script). ############################################## ### PARAMETERS ### ############################################## GENERAL_USER_LIST=’general_user_wordlist_short.txt’ WIN_USER_LIST=’win_user_wordlist_short.txt’ UNIX_USER_LIST=’unix_user_wordlist_short.txt’ SHORT_PASS_LIST=’fasttrack.txt’ LONG_PASS_LIST=’rockyou.txt’ ############################################## ### NMAP SETTING ### ############################################## # PE (echo req), PP (timestamp-request) # you can add a port on every ping scan NMAP_PING=’-PE -PS80,443,22,25,110,445 -PU -PP -PA80,443,22,25,110,445′ NMAP_OTHER=’-sV –allports -O –fuzzy –min-hostgroup 256′ SCRIPT_VA='(auth or vuln or exploit or http-* and not dos)’ SCRIPT_BRUTE='(auth or vuln or exploit or http-* or brute and not dos)’ SCRIPT_ARGS=”userdb=$GENERAL_USER_LIST,passdb=$SHORT_PAS S_LIST” CUSTOM_SCAN=’–max-retries 3 –min-rate 250′ # LIKE UNICORNSCAN Twin Brother This project is very similar to Kaboom , but it has a different philosophy; infact, it uses only Nmap, while Kaboom uses different tools, one for each task. The peculiarity of Trigmap is the portability and the efficient , but it’s recommended to use both the tools to scan the targets in a such way to gather more evidence with different tools ( _ redundancy _ and _ reliability _ ). Download Trigmap

image
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes, and SSL fingerprints. It was inspired by Automater , another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas: Codebase – Bring Automater to python3 compatibility while making the code more pythonic Configuration – Use a more human readable configuration format (YAML) Inputs – Support JSON parsing out-of-the-box without the need to write regular expressions, but still support regex scraping when needed Outputs – Support additional output types, including JSON, while making extraneous output optional Installation Machinae can be installed using pip3: pip3 install machinae Or, if you’re feeling adventurous, can be installed directly from github: pip3 install git+https://github.com/HurricaneLabs/machinae.git You will need to have whatever dependencies are required on your system for compiling Python modules (on Debian based systems, python3-dev ), as well as the libyaml development package (on Debian based systems, libyaml-dev ). You’ll also want to grab the latest configuration file and place it in /etc/machinae.yml . Configuration File Machinae supports a simple configuration merging system to allow you to make adjustments to the configuration without modifying the machinae.yml we provide you, making configuration updates a snap. This is done by finding a system-wide default configuration (default /etc/machinae.yml ), merging into that a system-wide local configuration ( /etc/machinae.local.yml ) and finally a per-user local configuration ( ~/.machinae.yml ). The system-wide configuration can also be located in the current working directory, can be set using the MACHINAE_CONFIG environment variable, or of course by using the -c or –config command line options. Configuration merging can be disabled by passing the –nomerge option, which will cause Machinae to only load the default system-wide configuration (or the one passed on the command line). As an example of this, say you’d like to enable the Fortinet Category site, which is disabled by default. You could modify /etc/machinae.yml , but these changes would be overwritten by an update. Instead, you can put the following in either /etc/machinae.local.yml or ~/.machinae.yml : fortinet_classify: default: true Or, conversely, to disable a site, such as Virus Total pDNS: vt_ip: default: false vt_domain: default: false Usage Machinae usage is very similar to Automater: usage: machinae [-h] [-c CONFIG] [–nomerge] [-d DELAY] [-f FILE] [-i INFILE] [-v] [-o {D,J,N,S}] [-O {ipv4,ipv6,fqdn,email,sslfp,hash,url}] [-q] [-s SITES] [-a AUTH] [-H HTTP_PROXY] [–dump-config | –detect-otype] … See above for details on the -c / –config and –nomerge options. Machinae supports a -d / –delay option, like Automater. However, Machinae uses 0 by default. Machinae output is controlled by two arguments: -o controls the output format, and can be followed by a single character to indicated the desired type of output: _ N _ is the default output (“Normal”) _ D _ is the default output, but dot characters are replaced _ J _ is JSON output -f / –file specifies the file where output should be written. The default is “-” for stdout. Machinae will attempt to auto-detect the type of target passed in (Machinae refers to targets as “observables” and the type as “otype”). This detection can be overridden with the -O / –otype option. The choices are listed in the usage By default, Machinae operates in verbose mode. In this mode, it will output status information about the services it is querying on the console as they are queried. This output will always be written to stdout, regardless of the output setting. To disable verbose mode, use -q By default, Machinae will run through all services in the configuration that apply to each target’s otype _ and _ are not marked as “default: false”. To modify this behavior, you can: Pass a comma separated list of sites to run (use the top level key from the configuration). Pass the special keyword all to run through all services _ including _ those marked as “default: false” Note that in both cases, otype validation is still applied. Machinae supports passing an HTTP proxy on the command line using the -H / –http-proxy argument. If no proxy is specified, machinae will search the standard HTTP_PROXY and HTTPS_PROXY environment variables, as well as the less standard http_proxy and https_proxy environment variables. Lastly, a list of targets should be passed. All arguments other than the options listed above will be interpreted as targets. Out-of-the-Box Data Sources Machinae comes with out-of-the-box support for the following data sources: IPVoid URLVoid URL Unshortener ( http://www.toolsvoid.com/unshorten-url ) Malc0de SANS FreeGeoIP (freegeoip.io) Fortinet Category VirusTotal pDNS (via web scrape – commented out) VirusTotal pDNS (via JSON API) VirusTotal URL Report (via JSON API) VirusTotal File Report (via JSON API) Reputation Authority ThreatExpert VxVault ProjectHoneypot McAfee Threat Intelligence StopForumSpam Cymru MHR ICSI Certificate Notary TotalHash (disabled by default) DomainTools Parsed Whois (Requires API key) DomainTools Reverse Whois (Requires API key) DomainTools Reputation IP WHOIS (Using RIR REST interfaces) Hacked IP Metadefender Cloud (Requires API key) GreyNoise (Requires API key) IBM XForce (Required API key) With additional data sources on the way. HTTP Basic Authentication and Configuration Machinae supports HTTP Basic Auth for sites that require it through the –auth/-a flag. You will need to create a YAML file with your credentials, which will include a key to the site that requires the credentials and a list of two items, username and password or API key. For example, for the included PassiveTotal site this might look like: passivetotal: [‘[email protected]’, ‘my_api_key’] Inside the site configuration under request you will see a key such as: json: request: url: ‘…’ auth: passivetotal The auth: passivetotal points to the key inside the authentication config passed via the command line. Disabled by default The following sites are disabled by default Fortinet Category ( fortinet_classify ) Telize Geo IP ( telize ) TotalHash ( totalhash_ip ) DomainTools Parsed Whois ( domaintools_parsed_whois ) DomainTools Reverse Whois ( domaintools_reverse_whois ) DomainTools Reputation ( domaintools_reputation ) PassiveTotal Passive DNS ( passivetotal_pdns ) PassiveTotal Whois ( passivetotal_whois ) PassiveTotal SSL Certificate History ( passivetotal_sslcert ) PassiveTotal Host Attribute Components ( passivetotal_components ) PassiveTotal Host Attribute Trackers ( passivetotal_trackers ) MaxMind GeoIP2 Passive Insight ( maxmind ) FraudGuard ( fraudguard ) Shodan ( shodan ) Hacked IP Metadefender Cloud (Requires API key) GreyNoise (Requires API key) IBM XForce (Requires API key) Output Formats Machinae comes with a limited set of output formats: normal, normal with dot escaping, and JSON. We plan to add additional output formats in the future. Adding additional sites COMING SOON Known Issues Some ISP’s on IPvoid contain double-encoded HTML entities, which are not double-decoded Upcoming Features Add IDS rule search functionality (VRT/ET) Add “More info” link for sites Add “dedup” option to parser settings Add option for per-otype request settings Add custom per-site output for error codes Version History Version 1.4.1 (2018-08-31) New Features Automatically Defangs output MISP Support (example added to machinae.yml) Version 1.4.0 (2016-04-20) New features “-a”/”–auth” option for passing an auth config file Thanks johannestaas for the submission “-H”/”–http-proxy” option, and environment support, for HTTP proxies New sites Passivetotal (various forms, thanks johannestaas) MaxMind FraudGuard Shodan Updated sites FreeGeoIP (replaced freegeoip.net with freegeoip.io) Version 1.3.4 (2016-04-01) Bug fixes Convert exceptions to str when outputting to JSON Should actually close #14 Version 1.3.3 (2016-03-28) Bug fixes Correctly handle error results when outputting to JSON Closes #14 Thanks Den1al for the bug report Version 1.3.2 (2016-03-10) New features “Short” output mode – simply output yes/no/error for each site “-i”/”–infile” option for passing a file with list of targets Version 1.3.1 (2016-03-08) New features Prepend “http://” to URL targets when not starting with http:// or https:// Version 1.3.0 (2016-03-07) New sites Cymon.io – Threat intel aggregator/tracker by eSentire New features Support simple paginated responses Support url encoding ‘target’ in request URL Support url decoding values in results Version 1.2.0 (2016-02-16) New features Support for sites returning multiple JSON documents Ability to specify time format for relative time parameters Ability to parse Unix timestamps in results and display in ISO-8601 format Ability to specify status codes to ignore per-API New sites DNSDB – FarSight Security Passive DNS Data base (premium) Version 1.1.2 (2015-11-26) New sites Telize (premium) – GeoIP site (premium) Freegeoip – GeoIP site (free) CIF – CIFv2 API support, from csirtgadgets.org New features Ability to specify labels for single-line multimatch JSON outputs Ability to specify relative time parameters using relatime library Version 1.0.1 (2015-10-13) Fixed a false-positive bug with Spamhaus (Github#10) Version 1.0.0 (2015-07-02) Initial release Download Machinae

image
WAFW00F identifies and fingerprints Web Application Firewall (WAF) products. How does it work? To do its magic, WAFW00F does the following: Sends a _ normal _ HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks. What does it detect? It detects a number of WAFs. To view which WAFs it is able to detect run WAFW00F with the -l option. At the time of writing the output is as follows: $ wafw00f -l ______ / ( Woof! ) ______/ ) ,, ) (_ .-. – _______ ( |__| ()“; |==|_______) .)|__| / (‘ /| ( |__| ( / ) / | . |__| (_)_)) / | |__| WAFW00F – Web Application Firewall Detection Tool Can test for these WAFs: BlockDoS (BlockDoS) Armor Defense (Armor) ACE XML Gateway (Cisco) Malcare (Inactiv) RSFirewall (RSJoomla!) PerimeterX (PerimeterX) Varnish (OWASP) Barracuda Application Firewall (Barracuda Networks) Anquanbao (Anquanbao) NetContinuum (Barracuda Networks) HyperGuard (Art of Defense)Incapsula (Imperva Inc.) Safedog (SafeDog) NevisProxy (AdNovum) SEnginx (Neusoft) BitNinja (BitNinja) Janusec [Application Gateway]( “Application Gateway” ) (Janusec) NinjaFirewall (NinTechNet) Edgecast (Verizon Digital Media) Alert Logic (Alert Logic) Cloudflare (Cloudflare Inc.) SecureSphere (Imperva Inc.) Bekchy (Faydata Technologies Inc.) Kona Site Defender (Akamai) Wallarm (Wallarm Inc.) Cloudfront (Amazon) aeSecure (aeSecure) eEye SecureIIS (BeyondTrust) VirusDie (VirusDie LLC) DOSarrest (DOSarrest Internet Security) SiteGround (SiteGround) Chuang Yu Shield (Yunaq) Yunsuo (Yunsuo) NAXSI (NBS Systems) UTM Web [Protection]( “Protection” ) (Sophos) Approach (Approach) NetScaler AppFirewall (Citrix Systems) DynamicWeb Injection Check (DynamicWeb) Xuanwudun WebTotem (WebTotem) Comodo (Comodo CyberSecurity Solutions) WTS-WAF (WTS) PowerCDN (PowerCDN) BIG-IP Access Policy Manager (F5 Networks) BinarySec (BinarySec) Greywizard (Grey Wizard) Shield Security (One Dollar Plugin) ASP.NET Generic Web Application Protection CacheWall (Varnish) Expression Engine (EllisLab) Airlock (Phion/Ergon) WatchGuard (WatchGuard Technologies) WP Cerber Security (Cerber Tech) Yunjiasu (Baidu Cloud Computing) DenyALL (Rohde & Schwarz CyberSecurity) AnYu (AnYu Technologies) Secure Entry (United Security Providers) ISA Server (Microsoft) Yundun (Yundun) FirePass (F5 Networks) GoDaddy Website Protection (GoDaddy) Imunify360 (CloudLinux) Safe3 Web Firewall (Safe3) WebSEAL (IBM) NSFocus (NSFocus Global Inc.) 360WangZhanBao (360 Technologies) Squarespace (Squarespace) Imperva SecureSphere B luedon (Bluedon IST) AliYunDun (Alibaba Cloud Computing) Wordfence (Feedjit) Palo Alto Next Gen Firewall (Palo Alto Networks) Tencent Cloud Firewall (Tencent Technologies) West263CDN WebARX (WebARX Security Solutions) Mission Control Application Shield (Mission Control) BIG-IP Local Traffic Manager (F5 Networks) Sitelock (TrueShield) ZScaler (Accenture) CrawlProtect (Jean-Denis Brun) Teros (Citrix Systems) AWS Elastic [Load Balancer]( “Load Balancer” ) (Amazon) Cloudbric (Zendesk) StackPath (StackPath) URLScan (Microsoft) Sucuri (Sucuri Inc.) TransIP Web Firewall (TransIP) OnMessage Shield (BlackBaud) Distil (Distil Networks) Profense (ArmorLogic) ModSecurity (SpiderLabs) FortiWeb (Fortinet) XLabs Security WAF (XLabs) ASP.NET RequestValidationMode (Microsoft) Jiasule (Jiasule) ChinaCache CDN L oad Balancer (ChinaCache) URLMaster SecurityCheck (iFinity/DotNetNuke) Reblaze (Reblaze) Newdefend (NewDefend) Trafficshield (F5 Networks) KS-WAF (KnownSec) SiteGuard (Sakura Inc.) CdnNS Application Gateway (CdnNs/WdidcNet) DataPower (IBM) WebKnight (AQTRONIX) BIG-IP Application Security Manager (F5 Networks) Barikode (Ethic Ninja) Zenedge (Zenedge) SonicWall (Dell) DotDefender (Applicure Technologies) USP Secure Entry Server AppWall (Radware) How do I use it? First, install the tools as described here . For help please make use of the –help option. The basic usage is to pass it a URL as an argument. Example: $ wafw00f https://example.org ______ / ( Woof! ) ______/ ) ,, ) (_ .-. – _______ ( |__| ()“; |==|_______) .)|__| / (‘ /| ( |__| ( / ) / | . |__| (_)_)) / | |__| WAFW00F – Web Application Firewall Detection Tool Checking https://example.org The site https://example.org is behind Edgecast (Verizon Digital Media) WAF. Number of requests: 1 How do I install it? The following should do the trick: python setup.py install Looking for pentesters? More information about the services that we offer at Enable Security How do I write my own new checks? Follow the instructions on the wiki Download Wafw00F

image
Horn3t is your Nr #1 tool for exploring subdomains visually. Building on the great Sublist3r framework (or extensible with your favorite one) it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and directly access found urls with one click. Recon your targets at blazing speed Enhance your productivity by focusing on interesting _ looking _ sites Enumerate critical sites immediately Sting your target Installation Install Google Chrome Install requirements.txt with pip3 Install requirements.txt of sublist3r with pip3 Put the directory within the web server of your choice Make sure to have the right permissions Run horn3t.py Or alternatively use the install.sh file with docker. Afterwards you can access the web portal under http://localhost:1337 Todo Better Scaling on Firefox Add Windows Dockerfile Direkt Nmap Support per click on a subdomain Direkt Dirb Support per click on a subdomain Generate PDF Reports of found subdomains Assist with subdomain takeover Credits aboul3la – The creator of Sublist3r ; turbolist3r adds some features but is otherwise a near clone of sublist3r. TheRook – The bruteforce module was based on his script subbrute . bitquark – The Subbrute’s wordlist was based on his research dnspop . Tested on Windows 10 and Debian with Google Chrome/Chromium 73 Download Horn3t