There are no reviews yet. Be the first to send feedback to the community and the maintainers!
spyhunt
recon for bug huntersGsec
Web Security Scannerforbiddenpass
valhalla
Valhalla finds vulnerable devices on shodan, it can also scan a list of domains to find vulnerabilities.IGF
Informatrion Gathering FrameworkDeepWeb
DeepWeb is a tool that extracts links from a webpage and does a deep analysis on every link.wpdisect
WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.CVE-2024-4577
Argument injection vulnerability in PHPvulnparams
crawl a website for links and expose all the vulnerable parameters.CVE-2024-4040
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.subdomainbrute
a subdomain brute forcerVulnBanner
Checks the banner of system services and compares it to a vulnerable banner list.PathTraversal
gotasn
Extract the IP range associated with a given ASN (Autonomous System Number) and subsequently utilize the Masscan tool to identify open HTTP ports within that range.gotr00t0day
SSHbrute
brute force ssh login passwords.rmap
Automated enumeration for red teamerssubrecon
scans for subdomains and probes the domains.gotr00tbot
discord.py botGdorkSearch
FindExploits
FindExploits is an automation script that uses windows exploit suggester in conjuction with searchsploit to find local priv escalation exploits.Domainator
Domainator is a tool that will find new assets for any organization.spider00t
Extract links, files and parameters from a page.secheaders
ipgeolocation
xprobe
A fast HTTP multi tool for recon.localipbug
In some cases the Miscorosoft HTTP Server API leaks internal ip addresses while sending a GET / HTTP/1.0 request to the server.Ivanti_PoC
Authentication bypass in Ivanti Endpoint Manager MobileHostHeaderInjection
CVE-2022-1388
A remote code execution vulnerability exists in the iControl REST API feature of F5's BIG-IP product. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges.CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.NextGen-Mirth-Connect-Exploit
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application.gotr00t0day.github.io
DirbHunt
A fast and simple directory brute forcerLove Open Source and this site? Check out how you can help us