Library
- Trickest Library
- Modules
- Attack Surface Management
- Cloud Storage
- Containers
- Content Discovery
- Discovery
- Fuzzing
- Machine Learning
- Misconfiguration
- Network
- OSINT
- Passwords
- Recon
- Scanners
- Secret Discovery
- Social Engineering
- Static Code Analysis
- Threat Intelligence
- Utilities
- Vulnerabilities
- Vulnerability Scanning
Workflows
Explore a collection of powerful and efficient workflows in the Vulnerability Scanning category to enhance your productivity and security.
Check for DNS Takeover with dnsReaper
Use dnsReaper along with a batching pattern to check for DNS takeover en masse
Check for DNS Takeover with dnsX
Use dnsX to fetch hosts which respond with either servfail or refused status codes, which may be susceptible to DNS takeover
Bypassing 403 Endpoints
Test for ways to bypass 403 responses through 6 different techniques that are found to be effective, quick, and capable of scanning numerous endpoints in no time.
Citrix CVE-2023-3519
Check for CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway.
Fuzz new endpoints for vulnerabilities
Discover a web app's endpoints, diff them, and fuzz newly discovered endpoints for common vulnerabilities like SQL injection, SSRF, XSS, and more.
ASN Vulnerability Scanning
Scan web servers for vulnerabilities using ASNs as input
IDOR Checker for GET HTTP requests
Check list of URLs with three different authorization headers for legitimate user, attacker users and anonymous user and compare responses
Scan Github Actions For Org
Scan GitHub Actions misconfiguration for a particular org
Fuzz web app for vulnerabilities
Efficiently discover and scan a web app's content for common vulnerabilities. Identify potential SQL injection, SSRF, XSS, and more.
Dynamic Web App Scanner
Finding paths and parameters with various techniques and creating a templates for finding LFI,SSRF,XSS,SQLI,RCE based on user-supplied payloads
Random Parameter SSRF Finder
Fire random SSRF checks through user-supplied parameters for GET and POST requests, additionally crawl the app and add SSRF payload to each GET parameter
CVE-2022-42889
Test a list of hosts for CVE-2022-42889
CVE-2022-41040
Test a list of hosts for CVE-2022-41040 which is an SSRF vulnerability affecting several versions of Microsoft Exchange Server
CVE-2022-36804
Test a list of hosts for CVE-2022-36804 which could allow remote attackers to execute arbitrary code on Atlassian Bitbucket Server and Data Center installations.
CVE-2021-42013 & CVE-2021-41773
Do check and verify if vulnerable for CVE-2021-42013 & CVE-2021-41773 (Apache)
PHP File Upload Bypass Generator
Using a reverse shell template create different variations of file-upload bypasses for PHP Applications.
CVE-2021-41773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773
Check For Subdomain Takeover
Scan a list of subdomains for subdomain takeover
Web Cache Poisoning Finder
Attempts to cause web cache poisoning attacks on several hosts
Open Redirect Finder
Get a list of URLs from WaybackMachine and scan for open redirects
Scan container images with trivy
Scan a container image for CVEs, exposed secrets, open ports, and more
ZAP API Scan
Use OWASP ZAP to scan an authenticated API
ZAP Full Scan
Use OWASP ZAP to spider and scan a website while authenticated
XSS Finder
Get all Wayback URLs for the domain and find XSS.
Scan hosts with Nuclei & Cent
Get all the open-source templates for nuclei with cent, and scan the list of hosts.