Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Stars: ✭ 58 (+9.43%)

Mutual labels: bugbounty

apkizer

apkizer is a mass downloader for android applications for all available versions.

Stars: ✭ 40 (-24.53%)

Mutual labels: bugbounty

boxer

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Stars: ✭ 15 (-71.7%)

Mutual labels: bugbounty

Awesome-HTTPRequestSmuggling

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

Stars: ✭ 97 (+83.02%)

Mutual labels: bugbounty

request smuggler

Http request smuggling vulnerability scanner

Stars: ✭ 203 (+283.02%)

Mutual labels: bugbounty

micro-sentry

Tiny Sentry client with idiomatic wrapper for Angular

Stars: ✭ 100 (+88.68%)

Mutual labels: bugbounty

WhoEnum

Mass querying whois records

Stars: ✭ 24 (-54.72%)

Mutual labels: bugbounty

magicRecon

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Stars: ✭ 478 (+801.89%)

Mutual labels: bugbounty

github-endpoints

Find endpoints on GitHub.

Stars: ✭ 118 (+122.64%)

Mutual labels: bugbounty

PayloadsAll

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Stars: ✭ 31 (-41.51%)

Mutual labels: bugbounty

VPS-Bug-Bounty-Tools

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Stars: ✭ 44 (-16.98%)

Mutual labels: bugbounty

urldedupe

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Stars: ✭ 208 (+292.45%)

Mutual labels: bugbounty

Emissary

Send notifications on different channels such as Slack, Telegram, Discord etc.

Stars: ✭ 33 (-37.74%)

Mutual labels: bugbounty

bhedak

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

Stars: ✭ 77 (+45.28%)

Mutual labels: bugbounty

HostPanic

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Stars: ✭ 23 (-56.6%)

Mutual labels: bugbounty

allsafe

Intentionally vulnerable Android application.

Stars: ✭ 135 (+154.72%)

Mutual labels: bugbounty

dontgo403

Tool to bypass 40X response codes.

Stars: ✭ 457 (+762.26%)

Mutual labels: bugbounty

View All Similar Projects ➔

[WIP]SQLTruncScanner - Scan endpoints for possible SQL Truncation vulnerabilities.

Burp Extension for identifying possible SQL Truncation vulnerabilities.

Fuzz each parameter within request
Adds padding up to 40 characters

Disclaimer

I take not responsibility for your use of the software. Development is done in my personal capacity and carry no affiliation to my work.

Setup

For use with the professional version of Burp Suite, might work with the Community Edition. Ensure you have JPython loaded and setup before installing.

You can modify the payload padding list by updating the payloadSet parameter on line 268.

# Needed params

payloadSet = {"5": '     00', "10": '          00', "15": '               00', "20": '                    00', "30": '                              00', "40": '                                        00'}

Usage

Once you have a request that you would like tested, right click and select the scanner from the context menu. You can monitor the results on the Extender, Plugin, Output window. A issue will be raised if possible issue is detected. The issue will outline the parameter and payload set found to be potentially vulnerable. This can then be manually confirmed by recreating the request in your Repeater.

Once the issue is fixed of the wrong HTTP Messages used for raising the issues, you would be able to just send the response to repeater.

Screenshot

But How?

I will try to explain my current implementation, this might not be the best way and I'm very open to improvements. The current scanner can have false-positives. The scanner will launch a request and fetch the response based on your original request. The scanner will then calculate a baseline based on the Response Code and Response Length.

Once the baseline is established, threading is kicked off for the paramter fuzzing which happens in a new class. The fuzzing will loop each parameter and loop a payload set of 5 --> 10 --> 15 --> 20 --> 30 --> 40 characters. Whenever the response is different from the baseline an issue will be raised with the parameter and payload set found potentially vulnerable.

Todo

This might break usage in Community Edition, but a passive scanner needs to be invoked instead of the current implementation.
Better threading as the current implementation is horrible.
Burp Issue currently do not receive the HTTP Message from the check, and displays the original request, needs to be fixed.
Cleanup, very messy at the moment

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

InitRoot / BurpSQLTruncSanner

Programming Languages

Labels

Projects that are alternatives of or similar to BurpSQLTruncSanner

[WIP]SQLTruncScanner - Scan endpoints for possible SQL Truncation vulnerabilities.

Disclaimer

Setup

Usage

Screenshot

But How?

Todo