Some of the most popular tools by ProjectDiscovery are Nuclei (template-based vulnerability scanner), HTTPx (multipurpose HTTP toolkit), and Subfinder (subdomain enumeration and discovery tool). While the installation process is typically very straightforward for ProjectDiscovery tools, one can often encounter some difficulty setting up a proper environment to run the tool,
It's not breaking news that protecting sensitive user data and ensuring the security of online accounts has become more critical than ever. With an increasing number of data breaches and cyberattacks, understanding various attack methodologies and implementing effective countermeasures is of utmost importance. One such cyberattack technique is credential stuffing.
As the world becomes increasingly connected, more and more devices are being exposed to the internet. This includes everything from industrial control systems to home routers and even refrigerators. Unfortunately, many of these devices are not properly secured, leaving them open to attack. This is where internet-based search engines like
In the era of application security, bug bounties have evolved and become mainstream for hackers around the globe. Hackers are constantly looking for new tactics to automate the process of reconnaissance and find different types of vulnerabilities. One of the first steps to hacking a larger scoped program is subdomain
A tour of ProjectDiscovery's less-known public tools, and how to use them by @pry0cc Introduction For those unaware, ProjectDiscovery is a group of talented hackers and creators that have massively disrupted the offensive tooling industry by creating tooling that genuinely makes the lives of hackers easier. If you’re active
Interactsh v1.0.0 brings more stability, new protocols support, and a slew of other improvements and security fixes. Server Pool Support + random selection With new vulnerabilities being released recently which relied on DNS interactions (log4j), interactsh servers started receiving lot more load from nuclei scans than they could withstand.
We search for secret leaks in a variety of places including GitHub, JS files, HTTP replies, source code, and other places. Once we've identified these keys, the next question is: what service does this key belong to, and is it valid? Answers to those questions determines the severity of the
Apache Airflow is an Open Source tool that allows users "programmatically author, schedule and monitor workflows". We decided to create a suite of checks for testing security of Airflow installations and document the entire process to show how easy it is to write custom nuclei templates for any piece of
We released interactsh, a server that can emulate a DNS, HTTP, HTTPS and SMTP server, allowing users to test for Out of Band Security vulnerabilities. Nuclei v2.3.6 now supports using the interact.sh API to achieve OOB based vulnerability scanning with automatic Request correlation built in. It's as
Subscribe to ProjectDiscovery.io | Blog newsletter and stay updated.
Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!