Plecost – WordPress Vulnerabilities Finder

Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. Why?There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.This project try to help

YASUO – Scans for Vulnerable & Exploitable 3rd-party Web Applications

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications

INURLBR – Advanced Search in Multiple Search Engines

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.INURLBR scanner was developed by Cleiton Pinheiro, owner and founder of INURL - BRASIL.Tool made ​​in PHP that can run on different Linux distributions

FTPMap – FTP scanner in C

Ftpmap scans remote FTP servers to indentify what software and what versions they are running. It uses program-specific fingerprints to discover the name of the software even when banners have been changed or removed, or when some features have been disabled. also FTP-Map can detect Vulnerables by the FTP software/version.COMPILATION./configuremakemake installUsing ftpmap is

Loki – Scanner for Simple Indicators of Compromise

Simple IOC ScannerDetection is based on four detection methods:1. File Name IOC Regex match on full file path/name2. Yara Rule Check Yara signature match on file data and process memory3. Hash check Compares known malicious hashes (MD5, SHA1, SHA256) with scanned filesThe Windows binary is compiled with PyInstaller

SMBMap – Samba Share Enumerator

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive