security-tools.md

Summary

Curated list of tools for later or general use that could be useful in given context.

Security tools

• What are some hacker tools worth paying for?

2FA

---

• 2FA Bypass Techniques mindmap

AI

---

• User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
• Lightpanda: the headless browser designed for AI and automation

API

---

• Metlo is an open-source API security platform (Recommended to test it)
• API-Security-Checklist

Automated Testing Framework

• OWASP Nettacker - Open-Source Vulnerability Scanner - Vulnerability Management

AWS

---

• AWS-Threat-Simulation-and-Detection

BURP plugins

---

• JWT-reAuth
  • How to implement
• Semgrepper
• burp-rest-api

Directories, Folders and Files

---

• Content discovery tool 'Kiterunner'
• Subfinder
• lfimap - Local file inclusion discovery and exploitation tool

Fuzzers

---

• Black box fuzzer for web applications

Kubernetes

---

• Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests

Nginx

---

• Nginxpwner

OSINT

---

• Top 10 most rated OSINT Tools on Github

PHP

---

• vBulletin <= 5.5.2 (movepm) PHP Object Injection Vulnerability

Reporting tool

---

• WriteHat is a reporting tool which removes Microsoft Word

SAST

---

• Code security scanning tool SAST, Javascript and ruby
• Grepmarx - Application Security Platform

Secrets

---

• Secrets Patterns Database
• yataf extracts secrets and paths from files or urls - its best used against javascript files
• Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

Semgrep

---

• Sumgrep rules
• Sumgrep rules - PHP[sql, yii]
• Sumgrep rules - PHP [symfony, doctrine]

Shodan

---

• Shodan filters

SQL

---

• Blind SQL injection
• Framework for blind boolean-based sql injections exploatation. Use it if sqlmap does shit.
• SQLi tips

Terminal

---

• Shellclear

Windows

---

• Windows-Privilege-Escalation

Others

---

• SKF Security Knowledge framework
• Find CVE PoCs on github
• Ote, generate email and OTP for any website
• TomNomNom
• CodeQL Source/Sink analysis
• Ransomware simulator
• Vulnerable-Code-Snippets
• WebHackersWeapons