SQLiv: a massive SQL injection scanner

SQLiv is a Python-based scanning tool that uses Google, Bing or Yahoo for targetted scanning, focused on reveal pages with SQL Injection vulnerabilities. It uses known dorks in order to find vulnerable URLs. Features multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo targetted scanning by providing specific domain (with crawling) reverse…

Share files from command line with transfer.sh: a simple cheatsheet

Transfer.sh is a website that helps users to share files from the command-line an efficient way. It won’t required any additional software to work except cURL. If your linux distribution doesn’t have cUrl (unlikely!), you can install it with sudo apt install curl The service is free and allows users to upload files up to…

WPSeku: a Black-box WordPress Security Scanner

WPSeku is a Black-box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. What is a Black-box scanner? Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or…

XRay: a great network OSINT gathering tool

Really useful in the first phases of a penetration test XRay is a tool for network OSINT gathering developed by Simone Margaritelli, useful to make initial tasks of information gathering and network mapping. It make a bruteforce of subdomains using a wordlist and DNS requests, and for every subdomain/ip found retrieves from Shodan the open…