A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.
☆131Dec 10, 2023Updated 2 years ago
Alternatives and similar repositories for Kyubi
Users that are interested in Kyubi are comparing it to the libraries listed below
Sorting:
- Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.☆1,583Mar 4, 2024Updated 2 years ago
- Endpoint monitor tool☆21Sep 16, 2020Updated 5 years ago
- Host Header Injection Checker☆84Mar 2, 2022Updated 4 years ago
- ☆38Nov 27, 2020Updated 5 years ago
- ☆10Oct 30, 2019Updated 6 years ago
- Auto Recon Bash Script☆31Dec 31, 2024Updated last year
- Sometimes we want to fuzz a set of sub-domain URLs with a common wordlist. Fuzzing them one by one is a tedious task, not to mention the …☆52Jul 14, 2021Updated 4 years ago
- Multithreaded Host Header Redirection Scanner☆14Nov 10, 2020Updated 5 years ago
- A tool to abuse Exchange services☆12Mar 18, 2024Updated last year
- Signatures for jaeles scanner by @j3ssie☆117Apr 20, 2024Updated last year
- ☆11Aug 27, 2020Updated 5 years ago
- Shodan Favicon Hash Generator By Aziz Hakim @eternyle☆26May 25, 2024Updated last year
- Tool to automate recon☆42Dec 28, 2021Updated 4 years ago
- Tool to get NT system shell .☆24Jul 12, 2021Updated 4 years ago
- A Tool to find subdomains from hackerone reports.☆17Jun 23, 2021Updated 4 years ago
- Tool to try multiple paths for PHPunit RCE CVE-2017-9841☆29Oct 18, 2021Updated 4 years ago
- damn-exploitable-android-app-apk☆40Jun 9, 2023Updated 2 years ago
- A Payload Injector for bugbounties written in go☆70Jul 18, 2020Updated 5 years ago
- Prototype pollution scanner using headless chrome☆218Jul 27, 2022Updated 3 years ago
- the POC of package.json RCE☆26Jun 24, 2025Updated 8 months ago
- The long shadow to emerge as other Git repositories☆18Feb 25, 2026Updated last week
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- ☆15Dec 15, 2020Updated 5 years ago
- Perform Windows domain enumeration via LDAP☆37Jun 7, 2022Updated 3 years ago
- TProx is a fast reverse proxy path traversal detector and directory bruteforcer.☆30Sep 16, 2021Updated 4 years ago
- HTTP parameter discovery suite.☆93Apr 16, 2020Updated 5 years ago
- This tool aims at accumulating javascript files from a given set of subdomains to discover hidden endpoints. It swims through JS files to…☆62Dec 28, 2022Updated 3 years ago
- Bass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers …☆147Apr 12, 2024Updated last year
- A tool to check a bunch of URLs that contain reflecting params.☆598Aug 4, 2024Updated last year
- Prototype Pollution exploits collection☆37Aug 8, 2021Updated 4 years ago
- Web Application recon automation☆125Dec 18, 2020Updated 5 years ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,529Jan 15, 2026Updated last month
- nuclei-bb-templates☆50May 24, 2022Updated 3 years ago
- "Terrible Thick Client" is a vulnerable application developed in C# .NET framework.☆20Jul 9, 2023Updated 2 years ago
- Exploiting XSS with Javascript/JPEG Polyglot (by @medusa_0xf)☆21Apr 8, 2022Updated 3 years ago
- ☆22Apr 23, 2024Updated last year
- Tool for catching and logging different types of requests.☆220Nov 20, 2020Updated 5 years ago
- Hidden parameters discovery suite☆2,028Sep 8, 2024Updated last year
- GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)☆1,631Mar 11, 2024Updated last year