To access the dashboard, Schedule scans, API and Search become a patron

Pentest tools from Nmap online to Subdomain Finder
theHarvester

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected

Nmap scan options

Host Protocol Port State Service Version
How many packets
Cipher Protocols Sigalg Trusted
Release Date Title Type Platform Author
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass" webapps multiple "Aditya Wakhlu"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF" webapps multiple "Hardik Solanki"
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting" webapps multiple "Soushikta Chowdhury"
2020-12-02 "WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass" webapps multiple "Aakash Madaan"
2020-12-02 "Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting" webapps multiple "Sagar Banwa"
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Student Result Management System 1.0 - Authentication Bypass SQL Injection" webapps multiple "Ritesh Gohil"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
Ip Is toxic Proxy Spam report

DNS records to SSL Trustchecker

Tools for system administrator

Reconnaissance tools freely hosted online

Cms detection to information gathering

CMS Detection and Exploitation suite

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 150 other CMSs

Offensive features

  • Admin page finder
  • User Enumeration
  • Core vulnerability detection
  • Modular bruteforce system
  • Advanced Joomla Scans
  • Advanced Wordpress Scans
  • Drupal version detection
  • Basic CMS Detection of over 155 CMS

Raccoon tool

Offensive Security Tool for Reconnaissance and Information Gathering

Offensive features

  • DNS details
  • DNS visual mapping using DNS dumpster
  • WHOIS information
  • TLS Data - supported ciphers
  • Port Scan
  • Subdomain enumeration
  • Web application data retrieval
  • Detects known WAFs

WhatWeb

WhatWeb recognises web technologies including content management systems (CMS).

Offensive features

  • Over 1800 plugins
  • Control the trade off between speed/stealth and reliability
  • Performance tuning. Control how many websites to scan concurrently.
  • Proxy support including TOR
  • Custom HTTP headers
  • Basic HTTP authentication
  • Control over webpage redirection

Exploit searching and discovery

Searching for exploits has been made easy.