Open-source security tools and exploit development
Comprehensive SPIP CMS security scanner. Features WAF detection, version fingerprinting, CVE auto-exploitation (CVE-2023-27372, CVE-2024-7954, CVE-2024-8517), user enumeration, password spraying, SSTI/XSS/path traversal testing, and composer.lock analysis.
View RepositoryFast subdomain enumeration via crt.sh Certificate Transparency logs with parallel DNS resolution. Features color-coded output, JSON export, stdin support for batch processing, and auto-retry with exponential backoff. Zero external dependencies.
View RepositoryAdvanced SSH security testing and auditing tool. Performs comprehensive SSH server analysis, vulnerability detection, and configuration assessment.
View RepositoryLinux kernel exploitation toolkit. Collection of kernel exploit techniques, privilege escalation methods, and kernel security research tools.
View RepositorySudo vulnerability scanner and exploitation framework. Detects misconfigured sudo permissions and known sudo vulnerabilities for privilege escalation.
View RepositoryURL vulnerability scanner and exploitation toolkit. Discovers and exploits common web application vulnerabilities through URL parameter manipulation.
View RepositoryAutomated vulnerability scanner for CVE-2025-68461. Detects vulnerable systems and provides detailed exploitation guidance for security assessments.
View RepositoryComprehensive reconnaissance framework for bug bounty hunters. Features subdomain enumeration, vulnerability scanning (XXE, SSRF, SSTI, NoSQLi, CRLF), SMB/FTP testing, and automated security assessments.
View RepositoryAutomated exploitation framework for discovering and exploiting known vulnerabilities. Streamlines the process of identifying vulnerable targets and launching appropriate exploits.
View RepositoryGraphQL security testing toolkit. Performs introspection queries, schema analysis, and vulnerability detection for GraphQL APIs including authentication bypass and injection attacks.
View RepositoryFast DNS resolution and enumeration tool. Performs bulk DNS lookups, subdomain discovery, and DNS record analysis for reconnaissance and security assessments.
View RepositoryAdvanced web technology detection and vulnerability assessment tool. Combines Wappalyzer, custom fingerprinting, and Nuclei with multi-source CVE enrichment from NVD, OSV, ExploitDB, Vulners, and Metasploit.
View RepositoryWeb application vulnerability scanner and exploitation framework. Automates the discovery and exploitation of common web vulnerabilities for penetration testing engagements.
View RepositorySpring Boot Actuator security scanner and exploitation tool. Discovers exposed actuator endpoints and exploits misconfigurations for information disclosure and remote code execution.
View Repository