A daily-updated collection of CVE scanners and offensive security tools for bug bounty hunting and red team operations. One new tool is pushed automatically every day at 08:00 UAE time via GitHub Actions + Claude API.
| Date | Tool | CVE / Topic | Description |
|---|---|---|---|
| 2026-03-19 | vite_path_traversal_scanner.py | CVE-2025-30208 (CVSS 9.2) | Vite dev server arbitrary file read via path traversal |
| 2026-03-18 | tomcat_partial_put_scanner.py | CVE-2025-24813 (CVSS 9.8) | Apache Tomcat partial PUT deserialization RCE scanner |
| 2026-03-17 | nextjs_middleware_bypass.py | CVE-2025-29927 (CVSS 9.1) | Next.js middleware authentication bypass scanner |
| 2026-03-10 | oauth_phish_hunter.py | — | Detects OAuth redirection abuse phishing (Entra ID/Azure AD — active March 2026 campaign) |
| 2026-03-09 | json_formatter.py | — | JSON formatter and validator utility |
| — | n8n_rce_scanner.py | CVE-2025-68613 (CVSS 9.9) | n8n expression injection RCE scanner |
| — | oauth_redirect_phish_hunter.py | — | Extended OAuth redirect phishing campaign detector |
Each day at 08:00 UAE time a GitHub Actions workflow runs scripts/generate_tool.py. That script:
- Calls the Claude API with the list of all existing tools in the repo (to avoid duplicates)
- Asks Claude to identify a recent high-severity CVE or security research topic and write a Python scanner for it
- Writes the tool to a dated folder (e.g.
2026-03-18/) - Updates this README's tool log automatically
- Commits and pushes — the result appears here within minutes
The tools are written to be standalone: they use httpx for async HTTP, include rate limiting, support target lists via stdin or -f, and print structured output. Each one includes CVE details and CVSS score in the module docstring.
The workflow is in .github/workflows/daily-tool.yml and the generator is in scripts/generate_tool.py.
Most tools follow the same pattern:
# Single target
python tool_name.py -t https://target.com
# Multiple targets from file
python tool_name.py -f targets.txt
# With threading
python tool_name.py -f targets.txt --threads 20
# Verbose output
python tool_name.py -t https://target.com -vInstall common dependencies:
pip install httpx asyncio argparseThe scanners in this repo work by:
- Sending a crafted request that triggers the vulnerable code path
- Comparing the response against a known-vulnerable fingerprint (status code, header, body pattern)
- Confirming with a second request where possible to reduce false positives
- Reporting findings with target URL, evidence, and CVE reference
All scanners are passive-first where possible — they identify vulnerable software before attempting any proof-of-concept.
Open an issue with:
- CVE number (or description of the vulnerability class)
- Target software and version range
- Any public references (advisory, PoC, writeup)
The tool will be added to the daily generation queue.
These tools are for use against systems you own or have explicit written authorisation to test. Using them against systems without permission is illegal. All CVE scanners are detection-only by default.
MIT — see LICENSE
- 2026-03-21: Grafana Server-Side Request Forgery (SSRF) Scanner
- 2026-03-22: Scanner for RCE via module argument injection in Ansible < v2.15
- 2026-03-23: Argo CD Repository Config Path Traversal to RCE Scanner
- 2026-03-24: Scanner for unauthenticated RCE vulnerabilities in Jenkins instances.
- 2026-03-25: Scans for exposed Terraform state files, identifies sensitive information leakage risks.
- 2026-03-26: GitLab SSRF vulnerability scanner targeting exposed GitLab instances susceptible to CVE-2026-44567.
- 2026-03-27: Apache Struts2 REST Plugin namespace RCE scanner
- 2026-03-28: Checks for Server-Side Request Forgery (SSRF) in Harbor API v2
/project/heatmapendpoint vulnerability. - 2026-03-29: Detects and exploits a path traversal vulnerability in Semaphore CI/CD webhooks.
- 2026-03-30: Remote code execution scanner for Nexus Repository Manager via crafted HTTP requests.
- 2026-03-31: Scanner for Flask applications inadvertently leaking debug mode
- 2026-04-01: Kubernetes ingress-nginx annotation-based remote code execution (RCE) scanner.
- 2026-04-02: Apache Nexus <= 3.48.0 arbitrary file read via path traversal in REST API.
- 2026-04-03: Detection and exploitation tool for Consul API ACL bypass vulnerability
- 2026-04-04: JFrog Artifactory SSO authentication bypass scanner for unauthorized admin panel access.
- 2026-04-05: Detects and exploits secret/token leaks in HashiCorp Vault deployments.
- 2026-04-06: Asynchronous scanner to detect and exploit Jenkins Script Console RCE vulnerabilities.
- 2026-04-07: Authentication bypass scanner for SuperServer API management panel