xssmap
dheater
xssmap | dheater | |
---|---|---|
1 | 9 | |
144 | 184 | |
2.1% | 3.8% | |
10.0 | 6.4 | |
almost 2 years ago | 5 months ago | |
Python | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xssmap
-
Docker explained for pentesters
Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:
dheater
- D(HE)ater
-
CVE-2002-20001 - disable Diffie-Hellman (DHE) key exchange on everything
I was going off what the document at https://github.com/Balasys/dheater suggests in that disabling it in pretty much everything.
- CVE-2002-20001 recommends disabling Diffie-Hellman on Apache and nginx
- GitHub - Balasys/dheater: D(HE)ater is a security tool can perform DoS attack by enforcing the DHE key exchange.
- D(HE)ater is a security tool can perform DoS attack by enforcing the DHE key exchange
- Server overload by enforcing DHE key exchange using minimal bandwidth
What are some alternatives?
embark - EMBArk - The firmware security scanning environment
ssl-config-generator - Mozilla SSL Configuration Generator
oxo - OXO is a security scanning orchestrator for the modern age.
SBSCAN - SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]
masscan_as_a_service - masscan as a service
CVE-2021-37740 - PoC for DoS vulnerability CVE-2021-37740 in firmware v3.0.3 of SCN-IP100.03 and SCN-IP000.03 by MDT. The bug has been fixed in firmware v3.0.4.
tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
poc - Proof of Concepts
bandit - Bandit is a tool designed to find common security issues in Python code.
Dossify
stm32f1-picopwner - Dump read-out protected STM32F1's with a Pi Pico - A Pi Pico implementation of @JohannesObermaier's, Marc Schink's and Kosma Moczek's Glitch and FPB attack to bypass RDP (read-out protection) level 1 on STM32F1 chips
pyOpenSSL -- A Python wrapper around the OpenSSL library - A Python wrapper around the OpenSSL library