bbhunter Goto Github PK

using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019

uuid-watcher

A small burp extension - to watch for UUID/GUIDs in request parameters, and report on what responses those UUIDs are found in - excluding reflected ones. The tool helps find security problems in apps and APIs relying on key discovery being impossible.

vaf

very advanced (web) fuzzer

vailyn

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

vajra

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

vajra-1

Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.

vampi

Vulnerable REST API with OWASP top 10 vulnerabilities for APIs

vapi

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that mimics OWASP API Top 10 scenarios in the means of Exercises.

varnish-h2-request-smuggling

vaya-ciego-nen

Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

vcenter_saml_login

A tool to extract the IdP cert from vCenter backups and log in as Administrator

vcm

A small script to automate project folder management and basic tool output

venom

Venom - A Multi-hop Proxy for Penetration Testers Written in Go

versionshaker

Find the remote website version based on a git repository

vhost-finder

Virtual host finder made in PHP

vhost_buster

A simple tool with the power of "Go" to find the hidden Vhosts defined at the server.

vhostfinder

Identify virtual hosts by similarity comparison

vhosts-sieve

Searching for virtual hosts among non-resolvable domains

vhostscan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

vibe

A framework for stealthy domain reconnaissance

videotool101

An (almost) all-in-one educational video creation suite.

viewstate-decoder

Small tool to decode ASP.NET __VIEWSTATE variable when doing webpentests

villain

Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.

vinifera

A GitHub recon/monitoring tool for finding internal leaks belonging to your organisation.

virtual-host

Modified Nuclei Templates Version to FUZZ Host Header

virtual-host-wordlist

Virtual host wordlist

virtualdynamicanalysis

A basic android pentest environment to instrument apps without root or repackaging an app

virtualhost-payload-generator

BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.

vision2

Nmap's XML result parse and NVD's CPE correlation to search CVE.

vita

A tool to find subdomains or domains from passive sources.