shiblisec / Kyubi
A tool to discover and exploit Nginx alias traversal misconfiguration, the tool can bruteforce the URL path recursively to find out hidden files and directories.
☆112Updated 11 months ago
Related projects ⓘ
Alternatives and complementary repositories for Kyubi
- Small tool to automate SSRF wordpress and XMLRPC finder☆80Updated last year
- A tool that automates the search for IDOR vulnerabilities in web apps and APIs☆51Updated 3 years ago
- Enumerate Subdomains Through Google Dorks☆122Updated 3 years ago
- Striping CDN IPs from a list of IP Addresses☆74Updated 2 years ago
- A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)☆118Updated 2 years ago
- Resolvers updated daily for reconftw☆46Updated last year
- A list of threat sinks used in the manual security source code review for application security☆70Updated last year
- A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CON…☆160Updated 7 months ago
- A simple plugin to export JS files from one or multiple targets☆40Updated last year
- Simple fork from degoogle original project with bug hunting purposes☆85Updated 2 years ago
- DNS resolution tracing tool☆34Updated 3 years ago
- ☆86Updated 3 years ago
- Find subdomains on GitLab.☆64Updated 6 months ago
- ☆69Updated 6 months ago
- Apache Tomcat exploit and Pentesting guide for penetration tester☆54Updated 2 years ago
- IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io☆117Updated 2 years ago
- Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.☆64Updated 3 years ago
- Nodesub is a command-line tool for finding subdomains in bug bounty programs☆136Updated 3 months ago
- Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE☆52Updated 3 weeks ago
- Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own☆70Updated 7 months ago
- ☆68Updated last year
- A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.☆75Updated 2 years ago
- List all public repositories for (valid) GitHub usernames☆68Updated last year
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆48Updated 2 years ago
- Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.☆49Updated last year
- Inside403 is a powerful and versatile web security testing tool designed to assess the robustness of web pages and directories against 40…☆29Updated last year
- XSS Finder Via SSTI☆54Updated last year
- Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability☆55Updated last year
- Fast and lightweight Web Application Firewall Fingerprinting tool☆61Updated last year