This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str
tplmap is a security tool designed for the detection and exploitation of server-side template injection vulnerabilities. It functions as an automated scanner to identify vulnerable template engine contexts and provides a framework for achieving remote code execution. The tool focuses on translating high-level requests into engine-specific syntax to execute operating system commands and bypass application sandboxes. It further enables remote file system access, allowing users to read, write, and transfer files between a local machine and a target server. Additional capabilities include the ab
WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the
Automated NoSQL database enumeration and web application exploitation tool.
الميزات الرئيسية لـ codingo/nosqlmap هي: Vulnerability Scanners, Web Security Tools, Specialized Vulnerability Scanners, SQL Injection, Web Exploitation Tools.
تشمل البدائل مفتوحة المصدر لـ codingo/nosqlmap: sqlmapproject/sqlmap — This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It… epinna/tplmap — tplmap is a security tool designed for the detection and exploitation of server-side template injection… commixproject/commix — Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It… wpscanteam/wpscan — WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress… d35m0nd142/lfisuite — Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner. danmcinerney/xsscrapy — XSS spider - 66/66 wavsep XSS detected.