Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
β2,514Mar 26, 2024Updated last year
Alternatives and similar repositories for CloudFail
Users that are interested in CloudFail are comparing it to the libraries listed below
Sorting:
- π Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.β2,936May 1, 2025Updated 10 months ago
- Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies foβ¦β1,269Sep 5, 2022Updated 3 years ago
- A Tool for Domain Flyoversβ5,906May 22, 2022Updated 3 years ago
- Attack Surface Management Platformβ9,418Feb 15, 2026Updated 2 weeks ago
- An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the rβ¦β3,227Nov 20, 2025Updated 3 months ago
- A swiss army knife for pentesting networksβ9,082Dec 6, 2023Updated 2 years ago
- XRay is a tool for recon, mapping and OSINT gathering from public networks.β2,291Jul 10, 2024Updated last year
- RedSnarf is a pen-testing / red-teaming tool for Windows environmentsβ1,213Sep 14, 2020Updated 5 years ago
- Knock Subdomain Scanβ4,138Feb 19, 2026Updated last week
- A python script that finds endpoints in JavaScript filesβ4,286Apr 13, 2024Updated last year
- Scan for misconfigured S3 buckets across S3-compatible APIs!β2,997Dec 11, 2025Updated 2 months ago
- discontinuedβ528Aug 17, 2023Updated 2 years ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.β5,650Jan 5, 2026Updated last month
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, alβ¦β1,285Aug 18, 2025Updated 6 months ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scannerβ1,914Apr 13, 2022Updated 3 years ago
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)β3,541Jul 21, 2025Updated 7 months ago
- HTTP parameter discovery suite.β6,091Feb 20, 2025Updated last year
- Detect and bypass web application firewalls and protection systemsβ2,871Aug 11, 2024Updated last year
- Generates permutations, alterations and mutations of subdomains and then resolves themβ2,474Jan 9, 2025Updated last year
- CATPHISH project - For phishing and corporate espionage. Perfect for RED TEAM.β629Oct 16, 2018Updated 7 years ago
- File upload vulnerability scanner and exploitation tool.β3,300May 8, 2025Updated 9 months ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Toolβ4,120Apr 21, 2024Updated last year
- Fast passive subdomain enumeration tool.β13,159Updated this week
- Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulnsβ1,560Nov 14, 2023Updated 2 years ago
- Automated All-in-One OS Command Injection Exploitation Toolβ5,640Feb 22, 2026Updated last week
- A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricksβ1,437Nov 3, 2018Updated 7 years ago
- Automated NoSQL database enumeration and web application exploitation tool.β3,238Feb 20, 2026Updated last week
- Web path scannerβ14,017Feb 20, 2026Updated last week
- Fast subdomains enumeration tool for penetration testersβ10,830Aug 2, 2024Updated last year
- Most advanced XSS scanner.β14,773Apr 26, 2025Updated 10 months ago
- Bruteforcing from various scanner output - Automatically attempts default creds on found services.β2,374Feb 23, 2026Updated last week
- A default credential scanner.β1,503Jul 8, 2025Updated 7 months ago
- Find exploits in local and online databases instantlyβ1,809Sep 27, 2021Updated 4 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies andβ¦β3,903Sep 27, 2021Updated 4 years ago
- Exploitation Framework for Embedded Devicesβ13,002Jun 10, 2025Updated 8 months ago
- Web application fuzzerβ6,430Jan 21, 2026Updated last month
- "Can I take over XYZ?" β a list of services and how to claim (sub)domains with dangling DNS records.β5,565Feb 8, 2025Updated last year
- Command line utility for searching and downloading exploitsβ1,815Sep 10, 2025Updated 5 months ago
- Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and Cβ8,943Mar 22, 2024Updated last year