Dirsearch – Web Content Discovery Scanner
To find known misconfigurations, juicy APIs or endpoints, sensitive data exposure, config file, etc. It could be used as a part of web content discovery, to scan passively for high-quality…
Read more »
ApkLeaks – Tool For Scanning APK file to Extract URIs, Endpoints & Secrets
APKLeaks APKLeaks is a tool for scanning mobile application (APK) file to extract all URIs, endpoints & secrets. With this tool you can automatically extract all data and information on…
Read more »
log4j-scan – Log4j RCE Scanning and Exploit Tool
Log4j RCE or CVE-2021-44228 is a critical common vulnerability, this allow attacker to do remote code execution on target website. Scanning and Exploiting Log4j can be done manually and also…
Read more »
Subzy – Subdomain Takeover Vulnerability Tool
Subdomain Takeover Vulnerability Subdomain takeover is a high security vulnerability that infect many websites. Subdomain takeover caused by unclaimed CNAME record in third party web applications. Many companies use third…
Read more »
IntruderPayloads – Collection of Burpsuite Intruder Payloads For Bug Hunting
IntruderPayloads A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the…
Read more »
Corsy – CORS Misconfiguration Scanner
What is CORS Misconfiguration Bug? Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility…
Read more »
Faraday – Open Source Vulnerability Management Platform
Open Source Vulnerability Manager Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus…
Read more »