7dog7 / Bottleneckosmosis
瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf
Stars: ✭ 368
Projects that are alternatives of or similar to Bottleneckosmosis
Flutter barcode scanner
Barcode scanner plugin for flutter. Supports barcode scanning for Android and iOS
Stars: ✭ 194 (-47.28%)
Mutual labels: scanner, scan
DNTScanner.Core
DNTScanner.Core is a .NET 4x and .NET Core 2x+ wrapper for the Windows Image Acquisition library.
Stars: ✭ 54 (-85.33%)
Mutual labels: scanner, scan
Zxinglite
🔥 ZXing的精简版,优化扫码和生成二维码/条形码,内置闪光灯等功能。扫描风格支持:微信的线条样式,支付宝的网格样式。几句代码轻松拥有扫码功能 ,ZXingLite让集成更简单。(扫码识别速度快如微信)
Stars: ✭ 2,117 (+475.27%)
Mutual labels: scanner, scan
barcode scan2
[reborned barcode_scan] A flutter plugin for reading 2D barcodes and QR codes.
Stars: ✭ 43 (-88.32%)
Mutual labels: scanner, scan
Php Antimalware Scanner
AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
Stars: ✭ 181 (-50.82%)
Mutual labels: scanner, scan
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+141.03%)
Mutual labels: scanner, scan
webcocktail
An automatic and lightweight web application scanning tool for CTF.
Stars: ✭ 28 (-92.39%)
Mutual labels: scanner, ctf
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (-64.95%)
Mutual labels: scanner, scan
Whc scan
高效强大扫描分析iOS和Android项目里没有使用的类Mac开源工具,清理项目垃圾类,让项目结构干净清爽,升级维护得心应手. Efficient and powerful scanning analysis iOS and Android project no classes used in Mac open source tools, cleaning rubbish class project, make project structure clean and relaxed, upgrade maintenance
Stars: ✭ 342 (-7.07%)
Mutual labels: scanner, scan
pyimgscan
Take any phone-taken picture and turn it into a document scan.
Stars: ✭ 48 (-86.96%)
Mutual labels: scanner, scan
Ipadlidarscanexport
Export an OBJ file of ARKit 3.5 iPad Pro LIDAR scans
Stars: ✭ 129 (-64.95%)
Mutual labels: scanner, scan
Biu Framework
Biu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)
Stars: ✭ 183 (-50.27%)
Mutual labels: scanner, scan
K8portscan
跨平台大型网络端口扫描器(支持批量A段/B段/C段/IP列表(TXT)/端口列表,Banner识别比S扫描器加强版更准)
Stars: ✭ 99 (-73.1%)
Mutual labels: scanner, scan
Berserker
A list of useful payloads for Web Application Security and Pentest/CTF
Stars: ✭ 212 (-42.39%)
Mutual labels: scanner, ctf
Wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Stars: ✭ 6,244 (+1596.74%)
Mutual labels: scanner, scan
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+140.76%)
Mutual labels: scanner, ctf
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-61.41%)
Mutual labels: scanner, scan
Saraff.Twain.NET
Saraff.Twain.NET is the skillful scanning component which allows you to control work of flatbed scanner, web and digital camera and any other TWAIN device from .NET environment. You can use this library in your programs written in any programming languages compatible with .NET technology.
Stars: ✭ 74 (-79.89%)
Mutual labels: scanner, scan
瓶颈渗透
1.JS文件字典 (持续压迫前端工程师给我提供)
使用技巧:
比如我们渗透一个后台系统,查看源码,分析公共js目录,后台管理js目录。
当得到路劲就可以进行爆破探测文件是否存在,如果存在快速捕获接口进行测试SQLI,未授权访问
当毫无思路得情况下,根据js文件分析网站后台大概结构,根据变量名,文件名进行深度猜测。
2.FUZZ参数字典
使用技巧:
初始化字典地址:https://github.com/TheKingOfDuck/fuzzDicts/edit/master/paramDict/parameter.txt
如http://127.0.0.1/1.php ,视为可疑文件,进行fuzz param 选择GET,POST AND (POST JSON) AND (GET Route) AND cookie param
3.ScanAnnotation注释扫描谷歌插件
使用技巧:
谷歌浏览器,进入扩展程序开启开发者模式,选择加载已解压的扩展程序
谷歌应用商店: https://chrome.google.com/webstore/detail/scanannotation/gejiegnodfccfhagbeaopeffcdbcgfef?hl=zh-CN (切换账户上架谷歌平台)
后续更新支持webpack注释扫描
通过注释可以发现一些利用的内容,有的程序员喜欢写上这个是什么功能,你就可以猜出后台或者隐藏的功能,有的还会贴上后台地址啥,配置文件内网域名各种吧。ctf也可以辅助一下哦!
4.js,jq,vue,react,angluar 快速提取api and param
正在研究 参考资料:https://github.com/GerbenJavado/LinkFinder (基本是同个功能还有谷歌插件)
参考资料:https://github.com/p1g3/JSINFO-SCAN (递归式寻找域名和api)
近期发现Vue.js devtools,Augury,React Developer Tools等谷歌插件,如js代码没有进行变态处理,可以直接使用获取路由
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].