ApkLeaks – Tool For Scanning APK file to Extract URIs, Endpoints & Secrets
APKLeaks APKLeaks is a tool for scanning mobile application (APK) file to extract all URIs, endpoints & secrets. With this tool you can automatically extract all data and information on…
Read more »
log4j-scan – Log4j RCE Scanning and Exploit Tool
Log4j RCE or CVE-2021-44228 is a critical common vulnerability, this allow attacker to do remote code execution on target website. Scanning and Exploiting Log4j can be done manually and also…
Read more »
Subzy – Subdomain Takeover Vulnerability Tool
Subdomain Takeover Vulnerability Subdomain takeover is a high security vulnerability that infect many websites. Subdomain takeover caused by unclaimed CNAME record in third party web applications. Many companies use third…
Read more »
IntruderPayloads – Collection of Burpsuite Intruder Payloads For Bug Hunting
IntruderPayloads A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the…
Read more »
Corsy – CORS Misconfiguration Scanner
What is CORS Misconfiguration Bug? Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility…
Read more »
Faraday – Open Source Vulnerability Management Platform
Open Source Vulnerability Manager Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus…
Read more »
EyeWitness – Tool to Take Screenshots of Websites With Server Header Info
EyeWitness EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known. EyeWitness is designed to run on Kali Linux. It will…
Read more »