Library
- Trickest Library
- Modules
- Attack Surface Management
- Cloud Storage
- Containers
- Content Discovery
- Discovery
- Fuzzing
- Machine Learning
- Misconfiguration
- Network
- OSINT
- Passwords
- Recon
- Scanners
- Secret Discovery
- Social Engineering
- Static Code Analysis
- Threat Intelligence
- Utilities
- Vulnerabilities
- Vulnerability Scanning
Vulnerabilities Tools
Explore a collection of powerful and efficient tools in the Vulnerabilities category to enhance your productivity and security.
bypass-403
Go script for bypassing 403 forbidden
commix
Commix (short for [comm]and [i]njection e[x]ploiter) is an open-source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.
cookiemonster
CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
corstest
CORStest is a Python 3 tool to find Cross-Origin resource Sharing (CORS) misconfiguration
crlfmap
CRLFMap is a tool to find HTTP Splitting vulnerabilities
cve-2018-15473
Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473
cve-2023-3519-inspector
Accurately fingerprint and detect vulnerable versions of Netscaler / Citrix ADC to CVE-2023-3519
dalfox
DalFox is a fast, powerful parameter analysis and XSS scanner, based on a golang/DOM parser.
dnsreaper
subdomain takeover tool for attackers, bug bounty hunters and the blue team!
dsss
Damn Small SQLi Scanner (DSSS) is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.
dsxs
Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.
fdsploit
FDsploit can be used to discover and exploit Local/Remote File Inclusion and directory traversal vulnerabilities automatically.
find-gh-poc
Find CVE PoCs on GitHub
findom-xss
FinDOM-XSS with file input. FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner.
http-request-smuggling
http-request-smuggling is a python tool used to detect if target/list of targets are vulnerable against HTTP Request Smuggling vulnerability
jwt-tool
jwt_tool.py is a toolkit for validating, forging, scanning, and tampering JWTs (JSON Web Tokens).
kxss
Find unfiltered special characters from urls.
log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
nosqli
A fast NoSQL scanner and injector. For finding sites vulnerable to NoSQL injection, Mongo in particular.
openredirex
Asynchronous Open redirect Fuzzer. Key features are: taking a url or list of urls and fuzzes them for Open redirect issues, specifying own payloads through 'payloads.txt' and showing Location header history (if any).
oralyzer
Oralyzer, a simple python script that is capable of finding the open redirection vulnerability in a website. It does that by fuzzing the url i.e. provided as the input.
searchsploit
Search through exploits and shellcodes
smuggler
An HTTP Request Smuggling / Desync testing tool written in Python 3
sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers
ssrfuzz
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities
subzy
Subzy is subdomain takeover tool which works based on matching response fingerprings from can-i-take-over-xyz.
tko-subs
A tool that can help detect and takeover subdomains with dead DNS records
tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
xforwardy
XForwardy is a Host Header Injection scanning tool that can detect misconfigurations, where Host Header Injections are potentially possible. It also checks for CORS Misconfig in a URL.
xspear
XSpear is XSS Scanner on ruby gems.