Rekono - Execute Full Pentesting Processes Combining Multiple Hacking Tools Automatically

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced...

WAF Buster - Disrupt WAF By Abusing SSL/TLS Ciphers

Disrupt WAF by abusing SSL/TLS Ciphers About WAFbuster This tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end. Reference: https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html It works by...

Weblate: Incorrect HTTPS Certificate

Weblate appears to have a public facing git repository located at git.weblate.org that utilises HTTPS when viewed in the browser. As a side note, netcat to port 80 results in the default debian landing page. 77.78.107.252 - git.weblate.org The site has an incorrectly configured certificate, and...

SSLv3 Is Not Disabled When sslProtocol is Set to TLS, Vulnerable to POODLE

The default connector as written in /conf/server.xml uses sslProtocol="TLS". This should only enable TLS connectors, but it also enables SSLv3. Our documentation and the included server.xml need to be updated to reflect the correct settings to enable only TLS. h3. Reproduction steps: Follow the...

[GoLismero v2.0] Merge results of security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...)

GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer... take their results, feedback to the rest of tools and merge all of results. And all of this automatically. Changelog...