Tools

httprobe - https://github.com/tomnomnom/httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

cat domains.txt | httprobe | tee alive.txt
cat domains.txt | httprobe -p http:8080 -p https:4443 | tee alive.txt

Burp Suite

Extensions

References

Password Attacks

ADAPT

ADAPT is a tool that performs automated Penetration Testing for WebApps.

* OTG-IDENT-004Account Enumeration
* OTG-AUTHN-001 - Testing for Credentials Transported over an Encrypted Channel
* OTG-AUTHN-002Default Credentials
* OTG-AUTHN-003 - Testing for Weak lock out mechanism
* OTG-AUTHZ-001Directory Traversal
* OTG-CONFIG-002 - Test Application Platform Configuration
* OTG-CONFIG-006Test HTTP Methods
* OTG-CRYPST-001 - Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection
* OTG-CRYPST-002 - Testing for Padding Oracle
* OTG-ERR-001 - Testing for Error Code
* OTG-ERR-002Testing for Stack Traces
* OTG-INFO-002Fingerprinting the Webserver
* OTG-INPVAL-001 - Testing for Reflected Cross site scripting
* OTG-INPVAL-002 - Testing for Stored Cross site scripting
* OTG-INPVAL-003HTTP Verb Tampering
* OTG-SESS-001 - Testing for Session Management Schema
* OTG-SESS-002Cookie Attributes

Hawkeye

Project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.

Other

Practice Tools