Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caido
-
Autorize – The most popular tool to discover AuthZ/AuthN flaws
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although it's certainly looking promising.
Perhaps one of few contenders to Burp in respect to features is ZAP[2].
[1] https://caido.io/
[2] https://www.zaproxy.org/
-
Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
Thanks for the review and kind words. This was really one of the core goal to make it super accessible.
We developed it in Rust because we wanted to create a client/server architecture that you can deploy everywhere (Caido runs even on a rapsberry pi). We worked a lot on the frontend to make it snappy too, so its a combination of both.
Yes for sure, there is a privacy concern too with us forwarding request. It is in the issues of https://github.com/caido/caido.
-
Good alternative to postman ?
I have not tried it myself, but there is a tool called Caido https://www.youtube.com/watch?v=qLVu7rg9btk
-
Public beta of Caido, a BurpSuite alternative
Yes we are planning to work on extensions, but it is a bit more complicated to do in compiled languages like Rust and we have some tech debt to repay before we can start the work on that. You can follow the issue https://github.com/caido/caido/issues/2
- Show HN: Caido, a lightweight web security auditing toolkit
dirsearch
-
Looking for some help with this Python package
I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
DirSearch
-
Pentesting Tools I Use Everyday
Learn more about dirsearch here: https://github.com/maurosoria/dirsearch
-
Mapping your AWS attack surface
Empowered with a list of all the exposed URLs in your organization, you can then set up a process to scan these using a number of web-focused Dynamic Application Security Testing (DAST) tools and scanners such as Zed Attack Proxy, dirsearch (Web path scanner), Aquatone, and Nikto2. The OWASP® Foundation maintains a full list of scanning tools that could be used.
-
Millions of .git folders exposed publicly by mistake
Scan our domains and infrastructure to reveal if we have exposed.git repositories and other critical infrastructure. You can scan your domains and subdomains with many tools such as Amass or dirsearch to name a couple.
- dirsearch - release v0.4.3 - crawling supported
- Release dirsearch v0.4.2 - Web Path Scanner
- recommended tools that do not come with Kali
- How to choose a web path scanner? [closed]
-
Tools and Skills to be the Bug Bounty Hunting.
dirsearch:
What are some alternatives?
offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
gobuster - Directory/File, DNS and VHost busting tool written in Go
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
ZAP - The ZAP core project
Bitcoin-wallet-cracker - Automated Bitcoin wallet generator that with mnemonic and passphrases bruteforces wallet addresses
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
asleep_scanner - Dahua DVRs bruteforcer at port 37777
murder - Large scale server deploys using BitTorrent and the BitTornado library
IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.