This tweet highlights a comprehensive automated scanning tool that offers multiple security testing capabilities, including JWT algorithm:none bypass, SSRF testing, and WAF evasion using 15 different techniques. The tool also supports supply chain analysis and compliance with 7 frameworks. The vendors mentioned are Cloudflare and DigitalOcean, implying that their WAFs or security offerings could potentially be tested or bypassed by this scanner. The technical details focus on bypassing JSON Web Token validation by exploiting the 'alg:none' vulnerability, testing Server-Side Request Forgery (SSRF) vulnerabilities, and employing 15 different techniques to evade Web Application Firewalls (WAFs). This all-in-one scan allows security teams to evaluate these attack vectors in an automated manner, enhancing their ability to detect and mitigate security weaknesses.
Check out the original tweet here: https://twitter.com/getrevenant/status/2032262331887968319