Skip to content


Here are 402 public repositories matching this topic...

jhertz commented Apr 17, 2020

Hi All,

So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:

hydra "http-post://\:^USER^:H=password\:^PASS^" -l admin -p admin

I see the following r

ELHARAKA commented Jan 29, 2020

I have been using this tool for awhile and i noticed 50% of the results are false positive. for i,e after cloudflair dump a list of ip addresses for the site origin server it can't detect which one is working so i after i take those ip addresses i test them manually on the both ports 443 & 80 some they work on 443 port and some they only work at 80 port.

Thank you so much for this amazing tool

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

  • Updated Nov 24, 2020
  • Python

Vulmap - Web vulnerability scanning and verification tools,支持扫描 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, nexus, weblogic, jboss, thinkphp,并且具备漏洞利用功能。CVE-2020-14882, CVE-2020-2555, CVE-2020-2883, S2-061, CVE-2020-13942, CVE-2020-17530, CVE-2020-17518, CVE-2020-17519

  • Updated Jan 22, 2021
  • Python

Improve this page

Add a description, image, and links to the pentest-tool topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the pentest-tool topic, visit your repo's landing page and select "manage topics."

Learn more