syh4ck/awesome-nodejs-pentest

:skull_and_crossbones: Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...

Awesome Node.js for pentesters

☠️ Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...

Contents

• Awesome Node.js for penetration testers
  • Contents
  • Misc
    • Web
  • OSINT
    • Exposed
    • Geolocation
  • Fingerprint
    • Web
    • Network map
    • IP
    • Port
    • CIDR
    • ARP
    • DHCP
  • Brute-force
  • Fuzzing
  • Exploitation
    • DNS
    • Network
  • Post-exploitation
    • Reverse shell
  • Code review
    • Dependencies
  • Cryptography
  • Malware
  • Reverse engineering
    • radare
  • Extra
    • Checklists
    • Vulnerable apps
  • Contribute
  • License

Misc

• Pown.js - Security testing an exploitation toolkit.
• Brosec - Interactive reference tool to help security professionals utilize useful payloads and commands.
• netcat - Netcat port in pure JS.
• Honeypot - Low interaction honeypot that displays real time attacks.
• default-gateway - Get the default network gateway, cross-platform.

Web

• ZAP API - Implementation to access the OWASP ZAP API.
• got - Simplified HTTP requests.

OSINT

• Sherlock.js - Find usernames across over 75 social networks - Remake of sdushantha/sherlock.
• whois - Whois protocol client.

Exposed

• Shodan client - Library for accessing the new Shodan API.
• censys - Unofficial wrapper for the Censys API.

Geolocation

• geoip - Native NodeJS implementation of MaxMind's GeoIP API.
• iplocation - Get IP location information using various providers.
• ipify - Get your public IP address.

Fingerprint

Web

• Harvester - Web crawling and document processing through a usable interface.
• Paskto - Passive web scanner.
• Squidwarc - High fidelity, user scriptable, archival crawler that uses Chrome or Chromium with or without a head.
• snap-shot-it - Smarter snapshot utility.

Network map

• evilscan - Simple network scanner.
• nmap - Wrapper interfacing with local Nmap installation.
• tcpie - CLI tool to ping any TCP port.
• wifi - Tool to manage connections, scans, etc.

IP

• is-reachable - Check if servers are reachable.
• is-online - Check if the internet connection is up.
• public-ip - Get your public IP address - very fast!.
• internal-ip - Get your internal IP address.
• ipaddr.js - IP address manipulation library.
• is-local-ip - Check that a given ip address is private.
• ip-ptr - Get the PTR name for a given IPv4 or IPv6 address.

Port

• get-port - Get an available port.
• port-numbers - Get information on network port numbers and services, based on IANA's public listing.
• tcp-port-used - Simple module to check if a TCP port is already bound.

CIDR

• cidr - Library for manipulating IP addresses and subnets using CIDR notation.
• cidr-tools - Tools to work with IPv4 and IPv6 CIDR network lists.
• is-cidr - Check if a string is an IP address in CIDR.

ARP

• arp-scan - Simple apr-scan wrapper.
• oui - Look up MAC addresses for their vendor in the IEEE OUI.
• getmac - Get the computer MAC address.

DHCP

• net-ping - Ping and trace route to many hosts at once.
• dhcp - DHCP client and server.

Brute-force

• nodebuster - Yet another DirBuster clone, to brute-force directories and files on HTTP(S) servers.
• subquest - Fast, Elegant subdomain DNS scanner.

Fuzzing

• octo - Standard library for fuzzing.
• eslump - Fuzz testing JavaScript parsers and suchlike programs.
• sinkdweller - A simple wrapper for radamsa.
• Faker.js - Generate massive amounts of realistic fake data.

Exploitation

• text2cpe - Reversed sorta implementation of CPE Name detection in ShoVAT based on research paper.
• PegaSwitch - Exploit toolkit for the Nintendo Switch.

DNS

• whonow - Malicious DNS server for executing DNS Rebinding attacks on the fly.
• dref - DNS Rebinding Exploitation Framework.

Network

• mitm - Intercept and mock outgoing network TCP connections and HTTP requests.
• toxy - Hackable HTTP proxy for resiliency testing and simulated network conditions.
• slowloris.js - DDoS script

Post-exploitation

Reverse shell

• Reverse Shell aaS - Easy to remember reverse shell that should work on most Unix-like systems.
• alveare - Multi-client, multi-threaded reverse shell handler.

Code review

• electronegativity - Static analysis tool to identify misconfigurations and security anti-patterns in Electron applications.
• eslint-plugin-security - This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.
• repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets.
• vuln-regex-detector - Detect vulnerable regexes. REDOS, catastrophic backtracking.

Dependencies

• run-npm-audit - Use npm audit programmatically.
• npm-check-updates - Find newer versions of package dependencies than what your package.json or bower.json allows.
• depcheck - Check your npm module for unused dependencies.
• auditjs - Audits a package.json using the OSS Index v3 REST API to identify known vulnerabilities and outdated package versions.

Cryptography

• crypto-js - Library of crypto standards.
• rsa - Pure JavaScript RSA library.
• seedrandom - Seeded random number generator for JavaScript.
• Qiskit.js - True random numbers generation through quantum computing.
• upash - Unified API for all password hashing algorithms.

Malware

• nodeCrypt - Linux Ransomware written in NodeJs that encrypt predefined files.
• malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction.
• virustotal-api - Virustotal API v2.0 wrapper.
• MalwareWorld - System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts.
• box.js - Utility to analyze malicious JavaScript.

Reverse engineering

radare

• r2pipe - Pipe bindings for radare2.
• frida-node - Bindings for Frida.
• r2Frida - Radare2 and Frida better together.

Extra

Checklists

• Strong Node.js - More than 100 security checks for your Node.js API.
• Security checklist - Quick list to cover the most critical risks.
• npm security cheat sheet - 10 npm Security Best Practices.
• Best Practices - Security section of this general list.

Vulnerable apps

• OWASP NodeGoat - Provides an environment to learn how OWASP Top 10 security risks and how to effectively address them.
• OWASP Juice Shop - Probably the most modern and sophisticated insecure web application.
• DVNA - Damn Vulnerable Application is a simple application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities.

Contribute

😎 If you'd like to help please take a look to our contribution guidelines.

License

🐧 This work is licensed under a Creative Commons Attribution 4.0 International License.