shiblisec / Kyubi
A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.
☆124Updated last year
Alternatives and similar repositories for Kyubi:
Users that are interested in Kyubi are comparing it to the libraries listed below
- A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information f…☆110Updated this week
- Enumerate Subdomains Through Google Dorks (Bypassed Page Filter)☆123Updated 2 weeks ago
- simple recon tool to help you for searching vulnerability on web server☆72Updated last month
- Striping CDN IPs from a list of IP Addresses☆76Updated 2 years ago
- A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CON…☆161Updated last year
- Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using…☆151Updated last year
- A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)☆118Updated 2 years ago
- Find subdomains on GitLab.☆97Updated 11 months ago
- Find sensitive information using dorks from different search-engines.☆90Updated 5 months ago
- Monitoring the Cloud Landscape☆79Updated last week
- a simple discovery script that uses popular tools like subfinder, amass, puredns, alterx, massdns and others☆77Updated last year
- ☆72Updated 11 months ago
- Learn how to automate XSS, SSRF, LFI, SQLI, NoSQLi☆39Updated 3 years ago
- Simple fork from degoogle original project with bug hunting purposes☆87Updated 2 years ago
- Apache Tomcat exploit and Pentesting guide for penetration tester☆59Updated 2 years ago
- Small tool to automate SSRF wordpress and XMLRPC finder☆80Updated 2 years ago
- ☆63Updated 8 months ago
- Fetch data (open ports, CVEs, CPEs, ...) from shodan internetDB API☆92Updated 2 years ago
- A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.☆105Updated 3 years ago
- ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, …☆35Updated last year
- ☆68Updated 2 years ago
- LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.☆106Updated 4 months ago
- "XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities in web apps. Tests for reflected and persist…☆92Updated 8 months ago
- ☆76Updated 3 years ago
- Describe how to use ffuf different options with examples☆86Updated 2 years ago
- A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.☆78Updated 2 years ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.☆44Updated last year
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Updated 2 years ago
- ☆55Updated 2 years ago
- Rapidly enumerate subdomains and domains using rapiddns.io.☆75Updated 2 years ago