Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
This repository provides the tool for the paper "Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs" accepted at USENIX Security '23.
CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of setting up database, etc.
This repo contains the source code for Witcher a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.
The main features of sefcom/witcher are: Web Application Fuzzing.
Open-source alternatives to sefcom/witcher include: 1n3/sn1per — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate… seclab-fudan/tefuzz — This repository provides the tool for the paper "Remote Code Execution from SSTI in the Sandbox: Automatically… shouc/corbfuzz — CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of…