Exploit for SQL Injection in Bplugins Html5_Video_Player

CVE-2024-5522-PoC : HTML5 Video Player 2.5.27 - Unauthentica...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-30253 Exploit Dolibarr vuln...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the path traversal vu...

Network_Assessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor

With Wireshark or TCPdump, you can determine whether there is harmful activity on your network traffic that you have recorded on the network you monitor. This Python script analyzes network traffic in a given .pcap file and attempts to detect the following suspicious network activities and attack...

IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...

SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The main objective for this scanner is to find the vulnerabilities inside the source code before code gets published in Prod. Features 1. Supported PHP Language 2...

GHSA-9W7F-M4J4-J3XW Gerapy may cause remote code execution

Impact projectconfigure function exist remote code execute in Gerapy 0.9.8 Patches Patched in version 0.9.8, please install with: pip3 install -U gerapy...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...

Exploit for Use After Free in Microsoft

bLuEkEeP-GUI vulnerabilidad CVE-2019-0708 testing y explotacio...

BlackDir-Framework - Web Application Vulnerability Scanner

Web Application Vulnerability Scanner. 1. Spider Directories 2. Find Sub Domain 3. Advanced Dorks Search 4. Scan list of Dorks 5. Scan WebSites Xss,Sql 6. Reverse Ip Lookup 7. Port Scan Installation: git clone https://github.com/RedVirus0/BlackDir-Framework.git cd BlackDir pip3 install -r...

AWS Report - Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...

Userrecon-Py v2.0 - Username Recognition On Various Websites

Username recognition on various websites. Installation Withpip3 Linux sudo -H pip3 install git+https://github.com/decoxviii/userrecon-py.git --upgrade userrecon-py --help Build from source Linux git clone https://github.com/decoxviii/userrecon-py.git ; cd userrecon-py sudo -H pip3 install -r...

WeebDNS - DNS Enumeration With Asynchronicity

DNSEnumeration Tool with Asynchronicity. Features WeebDNS is an 'Asynchronous' DNS Enumeration Tool made with Python3 which makes it much faster than normal Tools. PREREQUISITES Python 3.x pip3 git PYTHON 3 PREREQUISITES aiohttp asyncio aiodns Installation Resolve dependencies Ubuntu/Debian Syste...

SMWYG-Show-Me-What-You-Got - Tool To Search 1.4 Billion Clear Text Credentials Which Was Dumped As Part Of BreachCompilation Leak

This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. Screenshot Above...

CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds. How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs. For more information about CT logs, check...