m0rtem / CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
β2,210Updated 5 months ago
Related projects: β
- π Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.β2,557Updated 3 months ago
- Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies foβ¦β1,182Updated 2 years ago
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)β3,111Updated 6 months ago
- Bruteforcing from various scanner output - Automatically attempts default creds on found services.β1,992Updated this week
- DNS Enumeration Scriptβ2,592Updated this week
- File upload vulnerability scanner and exploitation tool.β3,021Updated last year
- Knock Subdomain Scanβ3,839Updated last month
- A Tool for Domain Flyoversβ5,604Updated 2 years ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.β4,905Updated last month
- Striker is an offensive information and vulnerability scanner.β2,211Updated last year
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.β5,176Updated last month
- Weaponized web shellβ3,160Updated 4 months ago
- Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulnsβ1,455Updated 10 months ago
- Find web directories without bruteforceβ1,747Updated 10 months ago
- Generates permutations, alterations and mutations of subdomains and then resolves themβ2,299Updated 4 months ago
- A python script that finds endpoints in JavaScript filesβ3,638Updated 5 months ago
- Automated All-in-One OS Command Injection Exploitation Tool.β4,513Updated this week
- Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.β3,538Updated 8 months ago
- HTTP parameter discovery suite.β5,122Updated 2 months ago
- Automated NoSQL database enumeration and web application exploitation tool.β2,868Updated last month
- The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, suβ¦β3,267Updated 7 months ago
- Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoorβ2,189Updated 4 months ago
- Advanced vulnerability scanning with Nmap NSEβ3,444Updated last week
- XRay is a tool for recon, mapping and OSINT gathering from public networks.β2,188Updated 2 months ago
- Subdomain enumeration and information gathering toolβ1,190Updated last week
- Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applicationsβ¦β1,157Updated this week
- Know the dangers of credential reuse attacks.β2,002Updated 5 years ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scannerβ1,661Updated 2 years ago
- Abusing Certificate Transparency logs for getting HTTPS websites subdomains.β1,952Updated 8 months ago
- Subdomain Takeover tool written in Goβ1,892Updated last year