DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

Last update: Dec 21, 2021

Overview

DependConfusion-X

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion. Currently, it extracts application dependencies from https://example.com/package.json, and tries to find unclaimed dependency on https://registry.npmjs.org.

Requirements

Python 3
Linux/Windows/MAC OSX
Slack Webhook (Optional)

Installation

Installing Python dependencies

pip3 install -r requirements.txt
Configuring Slack Webhook as env variable

export slack_webhook=""

Usage

To run DependConfusion-X:

python3 dependconfusion-x.py -l hosts_file [--slack, --threads 20]

Owner

Ali Fathi Ali Sawehli

Security Engineer 🦸‍♂️

GitHub Repository

Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

56 Mar 25, 2022

Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

RITA (Real Intelligence Threat Analytics) in Jupyter Notebook RITA is an open source framework for network traffic analysis sponsored by Active Counte

157 Nov 24, 2022

domato but as a website

ROFL-FUZZER Ths is Domato, a DOM Fuzzer from Google, but hosted as an website It generates a instance of a newtab on the template given by the user ,

18 Nov 22, 2021

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022

xp_CAPTCHA(白嫖版) burp 验证码识别 burp插件

xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件安装需要python3 小于3.7的版本安装 muggle_ocr 模块（大概400M左右） python3 -m pip install -i http://mirrors.aliyun.com/

588 Jan 09, 2023

BurpSuite Extension: Log4j2 RCE Scanner

Log4j2 RCE Scanner 作者：[email protected]元亨实验室声明：由于传播、利用本项目所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，项目作者不为此承担任何责

87 Dec 29, 2021

Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste

81 Dec 27, 2022

使用golang重写开源工具wafw00f

GO-WAFW00F 介绍 WAFW00F是一款优秀的web应用防火墙识别开源工具：https://github.com/EnableSecurity/wafw00f 使用Golang重写的原因：Python环境配置不便利，Golang打包生成可执行文件直接运行目前还在开发阶段，规则解析存在小问题

80 Dec 30, 2021

Brute-Force-Connected

Brute-Force-Connected Guess the password for Connected accounts the use : Create a new file and put usernames and passwords in it Example : joker:1234

4 Jun 05, 2022

M.E.A.T. - Mobile Evidence Acquisition Toolkit

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform d

1 Nov 11, 2021

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

408 Jan 03, 2023

Android Malware Behavior Deleter

Android Malware Behavior Deleter UDcide UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove

27 Sep 23, 2022

This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

1 Oct 30, 2021

Exploit for CVE-2021-3129

laravel-exploits Exploit for CVE-2021-3129

228 Nov 25, 2022

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

6 Oct 10, 2022

A collection of intelligence about Log4Shell and its exploitation activity

Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

172 Nov 17, 2022

Python bindings to LibreSSL library

LibreSSL bindings for Python using CFFI Python3 bindings to LibreSSL using CFFI. It aims to provide interface to the most important bits of LibreSSL o

1 Aug 02, 2022

It's a simple tool for test vulnerability Apache Path Traversal

SimplesApachePathTraversal Simples Apache Path Traversal It's a simple tool for test vulnerability Apache Path Traversal https://blog.mrcl0wn.com/2021

56 Dec 27, 2022

hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

25 Nov 09, 2022