Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-nodejs-pentest
:skull_and_crossbones: Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...
https://github.com/jesusprubio/awesome-nodejs-pentest
Last synced: 3 days ago
JSON representation
-
Fingerprint
-
Web
- snap-shot-it - Smarter snapshot utility.
- Harvester - Web crawling and document processing through a usable interface.
- Paskto - Passive web scanner.
- Squidwarc - High fidelity, user scriptable, archival crawler that uses Chrome or Chromium with or without a head.
-
Network map
-
IP
- is-reachable - Check if servers are reachable.
- is-online - Check if the internet connection is up.
- public-ip - Get your public IP address - very fast!.
- internal-ip - Get your internal IP address.
- ipaddr.js - IP address manipulation library.
- is-local-ip - Check that a given ip address is private.
- ip-ptr - Get the PTR name for a given IPv4 or IPv6 address.
-
Port
- get-port - Get an available port.
- port-numbers - Get information on network port numbers and services, based on IANA's public listing.
- tcp-port-used - Simple module to check if a TCP port is already bound.
-
CIDR
- cidr - Library for manipulating IP addresses and subnets using CIDR notation.
- cidr-tools - Tools to work with IPv4 and IPv6 CIDR network lists.
- is-cidr - Check if a string is an IP address in CIDR.
-
ARP
-
DHCP
-
-
Exploitation
-
Network
- slowloris.js - DDoS script
- mitm - Intercept and mock outgoing network TCP connections and HTTP requests.
- toxy - Hackable HTTP proxy for resiliency testing and simulated network conditions.
-
DHCP
- text2cpe - Reversed sorta implementation of CPE Name detection in ShoVAT based on research paper.
- PegaSwitch - Exploit toolkit for the Nintendo Switch.
-
DNS
- whonow - Malicious DNS server for executing DNS Rebinding attacks on the fly.
-
-
Code review
-
Reverse shell
- eslint-plugin-security - This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.
- electronegativity - Static analysis tool to identify misconfigurations and security anti-patterns in Electron applications.
- repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets.
- vuln-regex-detector - Detect vulnerable regexes. REDOS, catastrophic backtracking.
- eslint-plugin-security - This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.
-
Dependencies
- run-npm-audit - Use npm audit programmatically.
- npm-check-updates - Find newer versions of package dependencies than what your package.json or bower.json allows.
- auditjs - Audits a package.json using the OSS Index v3 REST API to identify known vulnerabilities and outdated package versions.
- npm-check-updates - Find newer versions of package dependencies than what your package.json or bower.json allows.
- depcheck - Check your npm module for unused dependencies.
- auditjs - Audits a package.json using the OSS Index v3 REST API to identify known vulnerabilities and outdated package versions.
-
-
Cryptography
-
Dependencies
- Qiskit.js - True random numbers generation through quantum computing.
- crypto-js - Library of crypto standards.
- rsa - Pure JavaScript RSA library.
- seedrandom - Seeded random number generator for JavaScript.
- upash - Unified API for all password hashing algorithms.
-
-
Malware
-
Dependencies
- nodeCrypt - Linux Ransomware written in NodeJs that encrypt predefined files.
- malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction.
- virustotal-api - [Virustotal](https://www.virustotal.com) API v2.0 wrapper.
- MalwareWorld - System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts.
- box.js - Utility to analyze malicious JavaScript.
-
-
Reverse engineering
-
radare
- r2pipe - Pipe bindings for radare2.
- frida-node - Bindings for Frida.
- r2Frida - Radare2 and Frida better together.
-
-
Extra
-
Checklists
- npm security cheat sheet - 10 npm Security Best Practices.
- Best Practices - Security section of this general list.
- Strong Node.js - More than 100 security checks for your Node.js API.
- Best Practices - Security section of this general list.
-
Vulnerable apps
- OWASP Juice Shop - Probably the most modern and sophisticated insecure web application.
- DVNA - Damn Vulnerable Application is a simple application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities.
- OWASP NodeGoat - Provides an environment to learn how OWASP Top 10 security risks and how to effectively address them.
- OWASP Juice Shop - Probably the most modern and sophisticated insecure web application.
-
-
Misc
-
- Pown.js - Security testing an exploitation toolkit.
- Brosec - Interactive reference tool to help security professionals utilize useful payloads and commands.
- netcat - Netcat port in pure JS.
- Honeypot - Low interaction honeypot that displays real time attacks.
- default-gateway - Get the default network gateway, cross-platform.
-
Web
-
-
OSINT
-
Web
- Sherlock.js - Find usernames across over 75 social networks - Remake of sdushantha/sherlock.
- whois - Whois protocol client.
-
Exposed
- censys - Unofficial wrapper for the Censys API.
-
Geolocation
- iplocation - Get IP location information using various providers.
- ipify - Get your public IP address.
-
-
Brute-force
-
DHCP
- nodebuster - Yet another DirBuster clone, to brute-force directories and files on HTTP(S) servers.
- subquest - Fast, Elegant subdomain DNS scanner.
-
-
Fuzzing
-
DHCP
- octo - Standard library for fuzzing.
- eslump - Fuzz testing JavaScript parsers and suchlike programs.
- sinkdweller - A simple wrapper for radamsa.
- Faker.js - Generate massive amounts of realistic fake data.
-
-
Post-exploitation
-
Reverse shell
- Reverse Shell aaS - Easy to remember reverse shell that should work on most Unix-like systems.
- alveare - Multi-client, multi-threaded reverse shell handler.
-
Programming Languages
Categories
Sub Categories
Keywords
nodejs
23
javascript
11
security
5
osint
4
network
4
windows
3
node
3
module
3
cli
3
browser
3
scanner
3
censys
2
testing
2
macos
2
linux
2
exploit
2
reachability
2
cidr
2
ping
2
ip
2
online
2
port-scanner
2
api
2
crawling
2
connectivity
2
fuzzing
2
mac-address
2
web
2
socket
2
internet
2
detect
2
hardware
1
scanning
1
port-test
1
network-test
1
security-tools
1
security-scanner
1
webarchiving
1
webarchives
1
puppeteer
1
high-fidelity-preservation
1
headless-chrome
1
crawler
1
chrome-headless
1
chrome
1
browser-automation
1
random
1
library
1
generators
1
fuzzing-framework
1