HightechSec / Git Scanner
Licence: mit
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Stars: ✭ 157
Projects that are alternatives of or similar to Git Scanner
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-26.11%)
Mutual labels: pentesting, security-audit, pentest-tool
Eyes.sh
Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
Stars: ✭ 89 (-43.31%)
Mutual labels: pentesting, pentest-tool
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-34.39%)
Mutual labels: pentesting, pentest-tool
Catnip
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Stars: ✭ 108 (-31.21%)
Mutual labels: security-audit, pentest-tool
Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-8.28%)
Mutual labels: pentesting, pentest-tool
Venom
Venom - A Multi-hop Proxy for Penetration Testers
Stars: ✭ 1,228 (+682.17%)
Mutual labels: pentesting, pentest-tool
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+729.94%)
Mutual labels: pentesting, pentest-tool
Ratel
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-22.93%)
Mutual labels: pentesting, pentest-tool
Ssrf Testing
SSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+994.27%)
Mutual labels: pentesting, pentest-tool
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-17.2%)
Mutual labels: pentesting, pentest-tool
Ldap search
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-50.32%)
Mutual labels: pentesting, pentest-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+623.57%)
Mutual labels: pentesting, pentest-tool
Pentest Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-43.31%)
Mutual labels: pentesting, security-audit
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-60.51%)
Mutual labels: pentesting, security-audit
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+587.26%)
Mutual labels: pentesting, pentest-tool
Sqlite Lab
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Stars: ✭ 140 (-10.83%)
Mutual labels: pentesting, security-audit
Nmap Nse Info
Browse and search through nmap's NSE scripts.
Stars: ✭ 54 (-65.61%)
Mutual labels: pentesting, pentest-tool
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+588.54%)
Mutual labels: pentesting, pentest-tool
Horn3t
Powerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-23.57%)
Mutual labels: pentesting, security-audit
Git Scanner Framework
This tool can scan websites with open .git
repositories for Bug Hunting
/ Pentesting Purposes
and can dump the content of the .git
repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list.
Installation
- git clone https://github.com/HightechSec/git-scanner
- cd git-scanner
- bash gitscanner.sh
or you can install in your system like this
- git clone https://github.com/HightechSec/git-scanner
- cd git-scanner
- sudo cp gitscanner.sh /usr/bin/gitscanner && sudo chmod +x /usr/bin/gitscanner
- $ gitscanner
Usage
- Menu's
- Menu
1
is for scanning and dumping git repositories from a provided file that contains thelist of the target url
or a providedsingle target url
. - Menu
2
is for scanning only a git repositories from a provided file that contains thelist of the target url
or a providedsingle target url
. - Menu
3
is for Dumping only the git repositories from a provided file that containslist of the target url
or a providedsingle target url
. This will work for theMaybe Vuln
Results or sometimes with a repository that had directory listing disabled or maybe had a403 Error Response
. - Menu
4
is for Extracting files only from a Folder that had .git Repositories to a destination folder
- Menu
- URL Format
- Use
http://
likehttp://example.com
orhttps://
likehttps://example.com
for the url formatting - Make sure use this format in the files that contains the list of possible target that you have, Example:
- Use
- Extractor
- When using Extractor, make sure the location of the git repositories that you select are correct. Remember, The first option is for inputing the
Selected git repository
and the second option is for inputing theDestination folder
- When using Extractor, make sure the location of the git repositories that you select are correct. Remember, The first option is for inputing the
Requirements
- curl
- bash
- git
- sed
Todos
- Creating a
Docker Images
if it's possible -
Adding Extractor on the next VersionAdded in version 1.0.2#beta but still experimental. - Adding
Thread ProcessingMulti Processing (Bash doesn't Support Threading
)
Changelog
All notable changes to this project listed in this file
Credits
Thanks to:
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].