PINT
Pint is a PIN tool that exposes the PIN API to lua scripts, allowing dynamic instrumentation of binaries.
For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective for legacy web servers that host static files or respond with 3xx’s upon a partial path, it is no longer effective for modern web applications, specifically APIs. Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning fast speeds, but also bruteforcing routes/endpoints in modern applications. Modern application frameworks such as Flask, Rails, Express, Django and others follow the paradigm of explicitly defining routes which expect certain HTTP methods, headers, parameters and values. When using traditional content discovery tooling, such routes are often missed and cannot easily be discovered. By collating a dataset of Swagger specifications and condensing it into our own schema, Kiterunner can use this dataset to bruteforce API endpoints by sending the correct HTTP method, headers, path, parameters.
Pint is a PIN tool that exposes the PIN API to lua scripts, allowing dynamic instrumentation of binaries.
An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.
A browser with XSS detection capabilities
A tool to profile web applications based on response time discrepancies.
A learning and training project demonstrating common configuration errors in cloud environments.
A security feature to prevent unexpected manipulation of fetched resources.