Main Content

Heya - HollyGraceful here, I make all of this content in my spare time, like it? Please support me :)
You can donate via Bitcoin or Patreon!

Vulnerability Templates

Reused Local Administrator Password

Information Disclosure Verbose Error Messages

JSONP Insufficient Origin Validation

Insecure Direct Object Reference

Weak Domain Administrator Passwords

LM Password Hash Storage

Weak Domain User Passwords

Group Policy Preferences Password Disclosure

WPAWPA2 Brute Force Vulnerability

Insufficient Application Whitelisting

Insufficient Local and Domain Account Lockout Policy

Insufficient Restrictions on Windows Features

Information Disclosure Username Enumeration

Missing XSS Protection Security Header

Frameable URL Could Allow Clickjacking Attacks

Missing Cross-Site Request Forgery Protection: Sensitive Function

Missing Cross-Site Request Forgery Protection: Non-sensitive Function

LLMNR NETBIOS-NS Spoofing

Missing Nosniff Security Header

Missing Strict-Transport-Security Header

Unvalidated Cross-Site Request Forgery Protection

Password Field With Auto-complete Enabled

Information Disclosure Expose_Php

Information Disclosure Mac OS ds_store Directory Listing

Unencrypted Protocol Detected

XML External Entity Injection

Administrative Login Interface Exposed

Internet Key Exchange v1 Aggressive Mode-Enabled

Information Disclosure IIS/Exchange Internal IP Address Disclosure

Missing HTTP Security Headers

IPMI v2-0 Password Hash Disclosure

Microsoft Exchange Client Access Server Information Disclosure

User Account Enumeration NULL session

Weak Domain Trusts

Information Disclosure HTTP Response Headers

Administrative Login Prompt Accessible

Java Deserialization Vulnerability

Insecure Terminal Service Configuration

Insecure SSL Certificate Detected

Insecure SSL/TLS Ciphers Supported

Outdated Software Java/Flash/Adobe Reader

Open URL Redirect

Account Takeover: Password Reset

Whitelisting is Cheating