WAFNinja - Web Application Firewall Attack Tool - WAF Bypass

WAFNinja – Web Application Firewall Attack Tool – WAF Bypass

WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. What can WAFNinja Web Application Firewall Attack Tool Do? […]

Topic: Hacking Tools
dirsearch - Website Directory Scanner For Files & Structure

dirsearch – Website Directory Scanner For Files & Structure

dirsearch is a Python-based command-line website directory scanner designed to brute force site structure including directories and files in websites. dirsearch Website Directory Scanner Features dirsearch supports the following: Multithreaded Keep alive connections Support for multiple extensions (-e|–extensions asp,php) Reporting (plain text, JSON) Heuristically detects invalid web pages Recursive brute forcing HTTP proxy support User […]

Topic: Hacking Tools
XXE Injection Attacks - XML External Entity Vulnerability With Examples

XXE Injection Attacks – XML External Entity Vulnerability With Examples

XXE Injection Attacks or XML External Entity vulnerabilities are a specific type of Server Side Request Forgery or SSRF attack relating to abusing features within XML parsers. The features these attacks go after are widely available but rarely used and when trigged can cause a DoS (Denial of Service) attack and in some cases much […]

Topic: Exploits/Vulnerabilities
SQLiv - SQL Injection Dork Scanning Tool

SQLiv – SQL Injection Dork Scanning Tool

SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning. SQLiv Massive SQL Injection Scanner Features Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot […]

Topic: Hacking Tools
OSSIM Download - Open Source SIEM Tools & Software

OSSIM Download – Open Source SIEM Tools & Software

OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation. OSSIM stands for Open Source Security Information Management, it was launched in 2003 by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many […]

Topic: Security Software
What You Need To Know About KRACK WPA2 Wi-Fi Attack

What You Need To Know About KRACK WPA2 Wi-Fi Attack

The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself, not the implementation. It’s a flaw in the 4 way handshake for WP2 compromised by a Key Reinstallation Attack. This means any device that has correctly implemented […]

Topic: Hacking News