Explore a collection of powerful and efficient tools in the Misconfiguration category to enhance your productivity and security.
A fast tool to scan CRLF vulnerability written in Go
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. More information at https://liam-galvin.co.uk/security/2020/09/26/leaking-git-repos-from-misconfigured-sites.html
Host Header Injection Vulnerability Checker
snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition, it contains a few checks for other security vulnerabilities.
Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double-check the results manually to rule out false positives
WhatWeb identifies websites. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
