Skip to main content

Documentation Index

Fetch the complete documentation index at: https://trickest.com/llms.txt

Use this file to discover all available pages before exploring further.

Check for DNS Takeover with dnsReaper

Complexity
Use dnsReaper along with a batching pattern to check for DNS takeover en masse
RogueSMG

Check for DNS Takeover with dnsX

Complexity
Use dnsX to fetch hosts which respond with either servfail or refused status codes, which may be susceptible to DNS takeover
RogueSMG

Bypassing 403 Endpoints

Complexity
Test for ways to bypass 403 responses through 6 different techniques that are found to be effective, quick, and capable of scanning numerous endpoints in no time.
remonsec

Citrix CVE-2023-3519

Complexity
Check for CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway.
trickest-mhmdiaa

Fuzz new endpoints for vulnerabilities

Complexity
Discover a web app's endpoints, diff them, and fuzz newly discovered endpoints for common vulnerabilities like SQL injection, SSRF, XSS, and more.
trickest-mhmdiaa

ASN Vulnerability Scanning

Complexity
Scan web servers for vulnerabilities using ASNs as input
trickest-mhmdiaa

IDOR Checker for GET HTTP requests

Complexity
Check list of URLs with three different authorization headers for legitimate user, attacker users and anonymous user and compare responses
zaric

Scan Github Actions For Org

Complexity
Scan GitHub Actions misconfiguration for a particular org
zaric

Fuzz web app for vulnerabilities

Complexity
Efficiently discover and scan a web app's content for common vulnerabilities. Identify potential SQL injection, SSRF, XSS, and more.
trickest-mhmdiaa

Dynamic Web App Scanner

Complexity
Finding paths and parameters with various techniques and creating a templates for finding LFI,SSRF,XSS,SQLI,RCE based on user-supplied payloads
zaric

Random Parameter SSRF Finder

Complexity
Fire random SSRF checks through user-supplied parameters for GET and POST requests, additionally crawl the app and add SSRF payload to each GET parameter
zaric

CVE-2022-42889

Complexity
Test a list of hosts for CVE-2022-42889
kljunowsky

CVE-2022-41040

Complexity
Test a list of hosts for CVE-2022-41040 which is an SSRF vulnerability affecting several versions of Microsoft Exchange Server
kljunowsky

CVE-2022-36804

Complexity
Test a list of hosts for CVE-2022-36804 which could allow remote attackers to execute arbitrary code on Atlassian Bitbucket Server and Data Center installations.
kljunowsky

CVE-2021-42013 & CVE-2021-41773

Complexity
Do check and verify if vulnerable for CVE-2021-42013 & CVE-2021-41773 (Apache)
zaric

PHP File Upload Bypass Generator

Complexity
Using a reverse shell template create different variations of file-upload bypasses for PHP Applications.
zaric

CVE-2021-41773

Complexity
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
trickest-mhmdiaa

Check For Subdomain Takeover

Complexity
Scan a list of subdomains for subdomain takeover
trickest-mhmdiaa

Web Cache Poisoning Finder

Complexity
Attempts to cause web cache poisoning attacks on several hosts
trickest-mhmdiaa

Open Redirect Finder

Complexity
Get a list of URLs from WaybackMachine and scan for open redirects
trickest-mhmdiaa

Scan container images with trivy

Complexity
Scan a container image for CVEs, exposed secrets, open ports, and more
trickest-mhmdiaa

ZAP API Scan

Complexity
Use OWASP ZAP to scan an authenticated API
trickest-mhmdiaa

ZAP Full Scan

Complexity
Use OWASP ZAP to spider and scan a website while authenticated
trickest-mhmdiaa

XSS Finder

Complexity
Get all Wayback URLs for the domain and find XSS.
trickest-mhmdiaa

Scan hosts with Nuclei & Cent

Complexity
Get all the open-source templates for nuclei with cent, and scan the list of hosts.
trickest-mhmdiaa