Skip to content

bad-antics/nullsec-web

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
go
go
 
 
README.md
README.md
 
 
VULNERABILITIES.md
VULNERABILITIES.md
 
 

Repository files navigation

🌐 NullSec Web

Advanced Web Application Security Toolkit

Discord GitHub License

Go Rust Lua Kotlin

    ███▄    █  █    ██  ██▓     ██▓      ██████ ▓█████  ▄████▄  
    ██ ▀█   █  ██  ▓██▒▓██▒    ▓██▒    ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  
   ▓██  ▀█ ██▒▓██  ▒██░▒██░    ▒██░    ░ ▓██▄   ▒███   ▒▓█    ▄ 
   ▓██▒  ▐▌██▒▓▓█  ░██░▒██░    ▒██░      ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒
   ▒██░   ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
   ░ ▒░   ▒ ▒ ░▒▓▒ ▒ ▒ ░ ▒░▓  ░░ ▒░▓  ░▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░
     ░    ░    ░   ░   ░         ░            ░   ░   ░        
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   █░░░░░░░░░░░░░░░░░░░ W E B ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                       bad-antics

🔓 Join discord.gg/killers for premium features!

🎯 Features

Tool Language Description Free Premium
dirfuzz Go Directory/file bruteforcer 🔥
sqlmap-ng Rust SQL injection detection 🔥
xsshunter Go XSS vulnerability scanner 🔥
paraminer Go Parameter discovery 🔥
crawler Rust Deep web crawler 🔥
httpprobe Go HTTP probing & fingerprint 🔥

📁 Structure

nullsec-web/
├── go/
│   ├── dirfuzz/         # Directory fuzzer
│   ├── xsshunter/       # XSS scanner
│   ├── paraminer/       # Parameter mining
│   └── httpprobe/       # HTTP prober
├── rust/
│   ├── sqlmap_ng/       # SQLi detection
│   ├── crawler/         # Web crawler
│   └── vulnscan/        # Vulnerability scanner
├── python/
│   ├── jwt_exploit.py   # JWT exploitation
│   ├── ssrf_scan.py     # SSRF detection
│   ├── header_inject.py # Header injection
│   └── cors_check.py    # CORS misconfiguration
└── wordlists/
    ├── directories.txt  # Common directories
    ├── parameters.txt   # Common parameters
    └── payloads/        # Attack payloads

🚀 Quick Start

# Directory fuzzing
./dirfuzz -u https://target.com -w wordlists/directories.txt

# SQL injection scan
./sqlmap-ng -u "https://target.com/page?id=1" --dbs

# XSS hunting
./xsshunter -u https://target.com -w wordlists/xss.txt

# Parameter discovery
./paraminer -u https://target.com --all

# Web crawling
./crawler -u https://target.com -d 3 -o urls.txt

🔧 Tool Details

dirfuzz (Go) - Directory Fuzzer

Features:

  • Recursive scanning
  • Extension fuzzing
  • Custom wordlists
  • Response filtering
  • Rate limiting
# Basic scan
./dirfuzz -u https://target.com -w common.txt

# With extensions
./dirfuzz -u https://target.com -w files.txt -x php,asp,jsp

# Recursive + filtered
./dirfuzz -u https://target.com -w dirs.txt -r -fc 404,403

# High speed
./dirfuzz -u https://target.com -w big.txt -t 100 --rate 1000

sqlmap-ng (Rust) - SQLi Scanner

Detection methods:

  • Boolean-based blind
  • Time-based blind
  • Error-based
  • UNION query
  • Stacked queries
# Auto detection
./sqlmap-ng -u "https://target.com/item?id=1"

# Specific technique
./sqlmap-ng -u "https://target.com/item?id=1" --technique=BT

# Database enumeration
./sqlmap-ng -u "https://target.com/item?id=1" --dbs --tables

# Data extraction
./sqlmap-ng -u "https://target.com/item?id=1" -D dbname -T users --dump

⚠️ Legal Disclaimer

For authorized security testing only. Only test applications you have permission to assess.

NullSec Framework | GitHub | Discord

About

NullSec web security toolkit - discord.gg/killers

Topics

pentesting security-tools hacking-tools nullsec

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages