π€ automated scanners
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
An HTTP request smuggling scanner designed to work at scale
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
π Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
An extension for checking if .git is exposed in visited websites
A tool for exploring Firebase datastores.
Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
A python script that finds endpoints in JavaScript files
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Fast and customizable vulnerability scanner based on simple YAML based DSL.