Pentesting SQL Injection
Pentesting SQL Injection
🎯 SqlInjection:
▪️
https://github.com/Neohapsis/bbqsql
▪️
https://github.com/libeclipse/blind-sql-bitshifting
▪️
https://github.com/sqlmapproject/sqlmap
▪️
https://github.com/HandsomeCam/Absinthe
🤜 Pentest Framework
▪️
https://github.com/trustedsec/ptf
▪️
https://github.com/georgiaw/Smartphone-Pentest-Framework
▪️
https://github.com/dloss/python-pentest-tools
▪️
https://github.com/enaqx/awesome-pentest
▪️
https://github.com/PenturaLabs/Linux_Exploit_Suggester
🌐 Webapp
▪️
http://www.websecurify.com/
▪️
https://www.netsparker.com/
▪️
http://www.acunetix.com/vulnerability-scanner/
▪️
https://www.rapid7.com/products/nexpose/
▪️
http://www.tenable.com/products/nessus-vulnerability-scanner
▪️
https://secapps.com/
▪️
https://github.com/Arachni/arachni
▪️
https://github.com/leebaird/discover/blob/master/discover.sh
💥 Web exploitation
▪️
https://github.com/1N3/Sn1per
▪️
WPScan ( https://wpscan.org/ )
▪️
Black box WordPress vulnerability scanner ( https://t.me/ViperZCrew/14001 )
▪️
https://github.com/RUB-NDS/WS-Attacker
▪️
SQLmap - Automatic SQL injection and database takeover tool ( sqlmap.org )
▪️
weevely3 - Weaponized web shell ( https://github.com/epinna/weevely3 )
▪️
Wappalyzer - Wappalyzer uncovers the technologies used on websites
( https://github.com/AliasIO/Wappalyzer )
▪️
cms-explorer - CMS Explorer is designed to reveal the the specific modules,
plugins, components and themes that various CMS driven web sites are running.
( https://github.com/FlorianHeigl/cms-explorer )
▪️
joomscan - Joomla CMS scanner ( https://github.com/rezasp/joomscan.git )
▪️
WhatWeb - Website Fingerprinter ( https://github.com/urbanadventurer/WhatWeb )
▪️
BlindElephant - Web Application Fingerprinter
( https://github.com/lokifer/BlindElephant )
🖖 Vulnerability Databases
▪️
CERT - US Computer Emergency Readiness Team
▪️
OSVDB - Open Sourced Vulnerability Database
▪️
Bugtraq - Symantec SecurityFocus
▪️
Exploit-DB - Offensive Security Exploit Database
▪️
Fulldisclosure - Full Disclosure Mailing List
▪️
MS Bulletin - Microsoft Security Bulletin
▪️
MS Advisory - Microsoft Security Advisories
▪️
Inj3ct0r - Inj3ct0r Exploit Database
▪️
Packet Storm - Packet Storm Global Security Resource
▪️
SecuriTeam - Securiteam Vulnerability Information
▪️
CXSecurity - CSSecurity Bugtraq List
▪️
Vulnerability Laboratory - Vulnerability Research Laboratory
▪️
ZDI - Zero Day Initiative