Exploit for Authentication Bypass by Primary Weakness in Crushftp

The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...

Fedora: Security Advisory (FEDORA-2025-59acaa6bd9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : ffuf (2025-59acaa6bd9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-59acaa6bd9 advisory. Automatic update for ffuf-2.1.0-1.fc43. Changelog Wed Aug 13 2025 Sandipan Roy - 2.1.0-1 - Update to version 2.1.0 - Update to 2.1.0 - Closes rhbz2061180...

Fedora 44 : ffuf (2025-e4abb78d54)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e4abb78d54 advisory. Automatic update for ffuf-2.1.0-1.fc44. Changelog Wed Aug 13 2025 Sandipan Roy - 2.1.0-1 - Update to version 2.1.0 - Update to 2.1.0 - Closes rhbz2061180...

REcollapse Is A Helper Tool For Black-Box Regex Fuzzing To Bypass Validations And Discover Normalizations In Web Applications

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the REcollapse blog post. The goal of this tool is to...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-text4shell 🔥🔥🔥 Apache commons text - CVE-2022-...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684-POC FortiProxy / FortiOS Authentication bypass...

Fedora: Security Advisory for ffuf (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for ffuf (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: ffuf-1.0.2-6.fc35

Fast web fuzzer written in Go...

Fedora: Security Advisory for ffuf (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: ffuf-1.0.2-6.fc36

Fast web fuzzer written in Go...

SSRFire - An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects

An automated SSRF finder. Just give the domain name and your server and chill! ; It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f customfile.txt -c cookies domain.com --- The domain for which you want to test yourserver.com --- Your server...

Web-Hacking-Toolkit - A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support

A multi-platform web hacking toolkit Docker image with Graphical User Interface GUI support. Installation Docker Pull the image from Docker Hub: docker pull signedsecurity/web-hacking-toolkit Run a container and attach a shell: docker run --rm -it --name web-hacking-toolkit...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

h1-ctf: h1-ctf : 12 days of hack holiday writeup

Summary This was a real fun CTF and I really enjoyed solving the challenges. Great job on creating the challenges. This is my writeup for the "12 Days of Hacky Holidays CTF". I hope you enjoy reading it, and I hope others reading it will pick up a trick or two. Flags: This is all the flags found...

h1-ctf: HackyHolidays H1 CTF Writeup

HackyHolidays Day 1 Once the CTF started and the Grinch released the scope hackyholidays.h1ctf.com, I started the CTF by a good old Nmap scan, to see whats running on the server. So the nmap command looked like nmap -sC -sV -oA nmap hackyholidays.h1ctf.com/. The result showed a promising entry...

Scripthunter - Tool To Find JavaScript Files On Websites

Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpo...

h1-ctf: [H1-2006 2020] Bounty Pay CTF challenge

H1-2006 2020 Bounty Pay CTF challenge Hi there! This is my H1-2006 CTF writeup submission. First of all, thanks for the great challenge! This was my first H1 CTF that I played. I really enjoyed doing it and I learned new things solving this challenge. In my case, it was the demonstration that I...

h1-ctf: [H1-2006 2020] Writeup

^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$ Prologue The CTF was announced in a Hacker0x01 tweet. The goal is to make payments from Marten Mickos' account on BountyPayHQ. The announcement tweet was followed shortly by a retweet of BountypayHQ, an account made for the event. BountypayHQ has one...