Search Results for "issues"

reconFTW is an open source automated reconnaissance framework created for security researchers, penetration testers, and bug bounty hunters. The tool streamlines the reconnaissance phase of security assessments by orchestrating numerous specialized tools to gather intelligence about a target domain. It performs multiple discovery and analysis tasks such as subdomain enumeration, OSINT collection, and vulnerability scanning in an automated workflow. The framework integrates many external...

Mantis is an open source security framework designed to automate the workflow of asset discovery, reconnaissance, and vulnerability scanning for organizations and security teams. Mantis operates through a command line interface and accepts targets such as top level domains, IP addresses, or network ranges as input. From these inputs, it automatically discovers associated digital assets including subdomains and SSL certificates, allowing users to map the attack surface of a system. After...

...Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance.

...In addition to information gathering, the project includes a built-in fuzzing component called Inject-X, which tests dynamic URLs for common vulnerabilities listed in the OWASP Top 10. The scanner analyzes parameters and injects payloads to detect issues such as SQL injection, cross-site scripting (XSS), and open redirect vulnerabilities.