DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

Overview

DependConfusion-X

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion. Currently, it extracts application dependencies from https://example.com/package.json, and tries to find unclaimed dependency on https://registry.npmjs.org.


image

Requirements

  • Python 3
  • Linux/Windows/MAC OSX
  • Slack Webhook (Optional)

Installation

  • Installing Python dependencies

    pip3 install -r requirements.txt

  • Configuring Slack Webhook as env variable

    export slack_webhook=""

Usage

  • To run DependConfusion-X:

    python3 dependconfusion-x.py -l hosts_file [--slack, --threads 20]

Owner
Ali Fathi Ali Sawehli
Security Engineer ๐Ÿฆธโ€โ™‚๏ธ
Ali Fathi Ali Sawehli
POC for detecting the Log4Shell (Log4J RCE) vulnerability

Interactsh An OOB interaction gathering server and client library Features โ€ข Usage โ€ข Interactsh Client โ€ข Interactsh Server โ€ข Interactsh Integration โ€ข

ProjectDiscovery 2.1k Jan 08, 2023
Fast and customizable vulnerability scanner For JIRA written in Python

Fast and customizable vulnerability scanner For JIRA. ๐Ÿค” What is this? Jira-Lens ๐Ÿ” is a Python Based vulnerability Scanner for JIRA. Jira is a propri

Mayank Pandey 185 Dec 25, 2022
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022
Simple tool to create passwords.

PasswordGenerator Simple password generator: -Simplisitc Window Application -Allows Numbers, Symbols & letters upper and lowercase -Restricts rows of

DM 1 Jan 10, 2022
Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Axel Souchet 220 Dec 14, 2022
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regardin

Cycurity 39 Dec 10, 2022
A simple automatic tool for finding vulnerable log4j hosts

Log4Scan A simple automatic tool for finding vulnerable log4j hosts Installation pip3 install -r requirements.txt Usage usage: log4scan.py [-h] (-f FI

Federico Rapetti 20018955 6 Mar 10, 2022
Apache OFBiz rmiๅๅบๅˆ—ๅŒ–EXP(CVE-2021-26295)

Apache OFBiz rmiๅๅบๅˆ—ๅŒ–EXP(CVE-2021-26295) ็›ฎๅ‰ไป…ๆ”ฏๆŒncๅผนshell ๅฐ†ysoserial.jarๆ”พ็ฝฎๅœจๅŒ็›ฎๅฝ•ไธ‹๏ผŒpy3่ฟ่กŒ๏ผŒๆ นๆฎๆ็คบ่พ“ๅ…ฅๆผๆดžurl๏ผŒไฝ ็š„vpsๅœฐๅ€ๅ’Œ็ซฏๅฃ ็ฌฌไบŒๆฌกไฝฟ็”จๅปบ่ฎฎๅˆ ้™คexp.ot ๆœฌๅทฅๅ…ทไป…็”จไบŽๅฎ‰ๅ…จๆต‹่ฏ•๏ผŒ็ฆๆญขๆœชๆŽˆๆƒ้žๆณ•ๆ”ปๅ‡ป็ซ™็‚น๏ผŒๅฆๅˆ™ๅŽๆžœ่‡ช่ดŸ

15 Nov 09, 2022
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

่ฏดๆ˜Ž about author: ๆˆ‘่ถ…ๆ€•็š„ blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022
NFC Implant-base RSA Encrypted Messagging application

Encrypted messaging application with the use of MIFARE DESfire chip to store the private/public keys needed for the application authentication

4 Nov 06, 2021
A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -

Alice 48 Aug 28, 2022
IDA plugin for quickly copying disassembly as encoded hex bytes

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

OALabs 46 Oct 30, 2022
An Advanced Local Network IP Scanner, made in python of course!

โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ€ƒโ€ƒ โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ€ƒโ€ƒโ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆ

Polsulpicien 2 Dec 18, 2021
Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste

STACS 81 Dec 27, 2022
GitLab CE/EE Preauth RCE using ExifTool

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This project is for learning only, if someone's rights have been violated, please contact me to

3ND 164 Dec 10, 2022
CVE-2022-21907 - Windows HTTPๅ่ฎฎๆ ˆ่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: Windows HTTPๅ่ฎฎๆ ˆ่ฟœ็จ‹ไปฃ็ ๆ‰ง่กŒๆผๆดž creat

antx 365 Nov 30, 2022
Use scrapli to retrieve security zone information from a Juniper SRX firewall

Get Security Zones with Scrapli Overview This example will show how to retrieve security zone information on Juniper's SRX firewalls. In addition to t

Calvin Remsburg 2 Jun 19, 2022
Privacy-respecting metasearch engine

Privacy-respecting, hackable metasearch engine / pronunciation sษ™หks. If you are looking for running instances, ready to use, then visit searx.space.

Searx engine 12.4k Jan 08, 2023
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

Stamus Networks 39 Nov 28, 2022