caido
offensive-docker
| caido | offensive-docker | |
|---|---|---|
| 7 | 1 | |
| 822 | 709 | |
| 7.1% | - | |
| 6.7 | 0.0 | |
| 17 days ago | about 2 years ago | |
| TypeScript | Dockerfile | |
| - | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
caido
-
Autorize – The most popular tool to discover AuthZ/AuthN flaws
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although it's certainly looking promising.
Perhaps one of few contenders to Burp in respect to features is ZAP[2].
[1] https://caido.io/
[2] https://www.zaproxy.org/
-
Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
Thanks for the review and kind words. This was really one of the core goal to make it super accessible.
We developed it in Rust because we wanted to create a client/server architecture that you can deploy everywhere (Caido runs even on a rapsberry pi). We worked a lot on the frontend to make it snappy too, so its a combination of both.
Yes for sure, there is a privacy concern too with us forwarding request. It is in the issues of https://github.com/caido/caido.
-
Good alternative to postman ?
I have not tried it myself, but there is a tool called Caido https://www.youtube.com/watch?v=qLVu7rg9btk
-
Public beta of Caido, a BurpSuite alternative
Yes we are planning to work on extensions, but it is a bit more complicated to do in compiled languages like Rust and we have some tech debt to repay before we can start the work on that. You can follow the issue https://github.com/caido/caido/issues/2
- Show HN: Caido, a lightweight web security auditing toolkit
offensive-docker
-
Is There A Way To Have A Docker With Persistent
This will work if /u/nopa1es has their own dockerfile referencing aaaguirrep/offensive-docker. If they run docker build on https://github.com/aaaguirrep/offensive-docker/blob/master/Dockerfile (which is one of the two given "how to run" methods in the docs) I would not bet on caching. That dockerfile has at least 11 build stages depending on each other (e.g. FROM ubuntu as baseline ... FROM baseline as builder ... 8 more times ... FROM builder9 as builder10) and the baseline stage installs 1000+ packages with apt. In additional the subsequent stages make liberal use of pip install, git clone and go get
What are some alternatives?
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
ZAP - The ZAP core project
lit-bb-hack-tools - Little Bug Bounty & Hacking Tools⚔️
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
WhatWeb - Next generation web scanner
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
turbo-attack - A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.
murder - Large scale server deploys using BitTorrent and the BitTornado library
awesome-privilege-escalation - A curated list of awesome privilege escalation
Hoppscotch - Open source API development ecosystem.
favirecon - Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.