STEWS
cerberus
STEWS | cerberus | |
---|---|---|
2 | 3 | |
286 | 21 | |
5.9% | - | |
1.8 | 10.0 | |
over 2 years ago | over 1 year ago | |
Python | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
STEWS
-
WebSocket security: 9 common vulnerabilities & prevention methods
Comprehensive WebSocket security testing requires a deep understanding of the WebSocket protocol and practical experience in both manual and automated security testing techniques. Open tools like STEWS can detect known WebSocket vulnerabilities while commercial security tools like Burp Suite exist to intercept and manipulate WebSocket frames with ease, however they won't catch everything. Perform manual testing and fuzzing to identify unexpected behavior or vulnerabilities that automated tools might miss.
- STEWS :-- Una herramienta de seguridad para enumerar WebSockets. 👀
cerberus
What are some alternatives?
Deep-Inside - Command line tool that allows you to explore IoT devices by using Shodan API.
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
GETreqt-Multithreaded-Slow-DoS-Attack - A unique, multithreaded Slow DoS exploit against web servers that use vulnerable versions of thread-based web server software (Apache 1.x, Apache 2.x, httpd, etc.); and is effective against even some mitigation mechanisms such as poorly implemented reverse proxy servers.
SSTImap - Automatic SSTI detection and exploitation tool with interactive interface
seclook - Automatic security lookups from your clipboard
asio - All Shell In One. Generate Reverse Shells and/or generate single code that runs all the payloads.
requests-ip-rotator - A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
ccat - Cisco Config Analysis Tool
cli - Snyk CLI scans and monitors your projects for security vulnerabilities.
Heartbleed - Heartbleed vulnerability exploited 🩸