The Latest Infosec News, Tools, and Exploits – Got Root?
Description Killing features Perform a large-scale scans using Nmap! Allows you to use Masscan to scan targets and execute Nmap on detected ports with custom settings. Nmap on steroids. * Scans targets in variety of […]
Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs […]
SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from […]
A tool to find open S3 buckets and dump their contents Usage usage: s3scanner [-h] [–version] [–threads n] [–endpoint-url ENDPOINT_URL] [–endpoint-address-style {path,vhost}] [–insecure] {scan,dump} … s3scanner: Audit unsecured S3 buckets by Dan Salmon – github.com/sa7mon, […]
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. Join The Slack Have questions? Feedback? Jump in slack and hang out with me […]
Features In its current state, it will only work with torrc MAX CIRCUIT DIRTINESS of 10 Cloudflare Resolver [Cloudbuster] LFI->RCE and XSS Scanning [LFI to RCE & XSS] SQL Injection Vuln Scanner [SQLi] Extremely Large […]
How to Install go get github.com/daffainfo/Git-Secret How to Use For path contain dorks, you can fill it with some keywords, for example keyword.txt Download: https://github.com/daffainfo/Git-Secret
Installing / Getting started A quick guide of how to install and use Juumla. Docker If you want to run Juumla in a Docker container, follow this commands: Pre-requisites Python 3 installed on your machine. […]
What is CorsMe ? A cors misconfiguration scanner tool based on golang with speed and precision in mind . Misconfiguration type this scanner can check for Reflect Origin checks Prefix Match Suffix Match Not Esacped […]
Its functionality includes: Checking the validity of a token Testing for known exploits: (CVE-2015-2951) The alg=none signature-bypass vulnerability (CVE-2016-10555) The RS/HS256 public key mismatch vulnerability (CVE-2018-0114) Key injection vulnerability (CVE-2019-20933/CVE-2020-28637) Blank password vulnerability (CVE-2020-28042) Null […]
