log4j-scan – Log4j RCE Scanning and Exploit Tool
Log4j RCE or CVE-2021-44228 is a critical common vulnerability, this allow attacker to do remote code execution on target website. Scanning and Exploiting Log4j can be done manually and also…
Read more »
Subzy – Subdomain Takeover Vulnerability Tool
Subdomain Takeover Vulnerability Subdomain takeover is a high security vulnerability that infect many websites. Subdomain takeover caused by unclaimed CNAME record in third party web applications. Many companies use third…
Read more »
IntruderPayloads – Collection of Burpsuite Intruder Payloads For Bug Hunting
IntruderPayloads A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the…
Read more »
Corsy – CORS Misconfiguration Scanner
What is CORS Misconfiguration Bug? Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility…
Read more »
Gopherus – Tool for Exploiting SSRF and gaining RCE
Gopherus If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE…
Read more »
SQLbit – Script for Automatize Boolean-Based Blind SQL Injections
SQL Blind Injection Tool Just another script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwise comparisons with multithreading to find cell…
Read more »
EvilSelenium – Tool That Weaponizes Selenium to Attack Chromium Based Browsers
EvilSelenium EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. The current features right now are: Steal stored credentials (via autofill) Steal cookies Take screenshots of websites Dump Gmail/O365…
Read more »