Summary
“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”
CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of reviewing CSP policies, which is usually a manual task, and helps identify subtle CSP bypasses which undermine the value of a policy. CSP Evaluator checks are based on a large-scale study and are aimed to help developers to harden their CSP and improve the security of their applications. This tool (also available as a Chrome extension) is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring, which dynamic resources are allowed to load.
A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity.
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to SSH from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.
Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.
LetMeOutOfYour.Net is back online. It's an egress testing tool that you can hit via UDP, HTTP, HTTPS, or SSH on any port via IPv6 or IPv4 and you will always get back w00tw00t for verifiable responses.
mitmproxy is a free and open source interactive HTTPS proxy.
This free SSH testing tool checks the configuration of given server accessible over internet. We don't ask you for any login or password, this service only returns information available during SSH handshake - notably supported encryption and MAC algorithms, and an overview of offered server public keys.
A command line tool to detect possible malicious activity in your network using ARP protocol. Maybe someone is hacking in your network! Alerts are sent via email.
Hacker101 is structured as a set of video lessons – some covering multiple topics, some covering a single one – and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you’re new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
Additionally, there are coursework levels where you can hunt for bugs and experiment with exploitation in practice. As you work through the content, try out the coursework to see what you can find!
Brute-Forcing from Nmap output - Automatically attempts default creds on found services.
Fsociety Hacking Tools Pack
A Penetration Testing Framework, you will have every script that a hacker needs
IDEA is a series of nonverbal algorithm assembly instructions by Sándor P. Fekete, Sebastian Morr, and Sebastian Stiller. They were originally created for Sándor's algorithms and datastructures lecture at TU Braunschweig, but we hope they will be useful in all sorts of context. We publish them here so that they can be used by teachers, students, and curious people alike. Visit the about page to learn more.