information-disclosure

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

Extract uncompiled, uncompressed SPA code from Webpack source maps.

Utility to download and extract document metadata from an organization. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

WEB SERVICE SECURITY ASSESSMENT TOOL

Joomla! < 4.2.8 - Unauthenticated information disclosure

Here you can get full exploit for SAP NetWeaver AS JAVA

Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)

TimeVault is a specialized automated tool designed to detect potential information disclosure vulnerabilities in web applications by leveraging archived URLs from the Wayback Machine.

A set of YARA rules for the AIL framework to detect leak or information disclosure

A PoC exploit for CVE-2017-7921 - Hikvision Camera Series Improper Authentication Vulnerability.

Sniper. Passive Secrets Hunting.🚬

POC - CVE-2024–24919 - Check Point Security Gateways

Hacking the RDP protocol - Sending an incomplete CredSSP (NTLM) authentication request with null credentials will cause the remote service to respond with a NTLMSSP message disclosing information to include NetBIOS, DNS, and OS build version.

CVE-2020-14179 Scanner

Writeups for portswigger labs.

A PoC exploit for CVE-2021-43798 - Grafana Directory Traversal

A modified and more convenient version of SecretFinder.

AfterLogic Products Vulnerabilities

solutions of hack-yourself-first

A simple tool for finding information disclosure vulnerabilities.