Currently running plugins
The following can be found in the index :
Android Debug Bridge - Unauthenticated Access
Public
Apache Airflow with default credentials
Trusted/Pro members only
Apache JServ Protocol (AJP) Connector Exposed
Trusted/Pro members only
Apache ActiveMQ is outdated
Trusted/Pro members only
Apache OFBiz is outdated
Trusted/Pro members only
Apache server-status page is publicly available
Public
Appsmith with Known Vulnerabilities
Trusted/Pro members only
ArangoDB Exposed Without Authentication
Trusted/Pro members only
Attu (Milvus GUI) Exposed Without Authentication
Trusted/Pro members only
BeyondTrust Remote Support / Privileged Remote Access - Known Vulnerabilities
Trusted/Pro members only
BitBucket instance outdated
Trusted/Pro members only
Browserless - Unauthenticated Headless Chrome (SSRF + LFI)
Trusted/Pro members only
cAdvisor exposed without authentication
Trusted/Pro members only
Cal.com with Known Vulnerabilities
Trusted/Pro members only
Exposed Apache Cassandra (Thrift API)
Trusted/Pro members only
CentOS Web Panel outdated
Public
CheckMK monitoring endpoint publicly available
Public
Check Point Gateway is outdated
Trusted/Pro members only
Chroma Vector Database Exposed Without Authentication
Trusted/Pro members only
Chrome DevTools Protocol - Exposed Debug Port
Trusted/Pro members only
Cisco ASA appliance outdated
Public
Cisco RV hardware outdated
Public
Cisco SD-WAN (vManage) - Vulnerable Instance
Trusted/Pro members only
Citrix ADC appliance is outdated
Trusted/Pro members only
ClickHouse database exposed without authentication
Trusted/Pro members only
CloudPanel is outdated
Public
CockroachDB Console Exposed Without Authentication
Trusted/Pro members only
ComfyUI with Known Vulnerabilities
Trusted/Pro members only
A JSON configuration file has been found
Trusted/Pro members only
Confluence instance outdated
Trusted/Pro members only
ConnectWise ScreenConnect is vulnerable
Public
Consul server is public
Public
CouchDB instance is public
Public
Craft CMS is vulnerable
Trusted/Pro members only
CrateDB Exposed Without Authentication
Trusted/Pro members only
CrushFTP service outdated
Trusted/Pro members only
CyberPanel is outdated
Trusted/Pro members only
Dagster Data Orchestration Platform Exposed Without Authentication
Trusted/Pro members only
NAS has been infected by DeadBolt
Public
Django debug mode exposed
Trusted/Pro members only
DNS Zone Transfer (AXFR) allowed
Public
Docker API - Unauthenticated Access
Trusted/Pro members only
Docker registry is public
Public
MacOS file listing through .DS_Store file
Public
Dotenv file configuration is publicly accessible
Trusted/Pro members only
.NET Remoting TCP Channel Exposed
Trusted/Pro members only
Apache Druid exposed without authentication
Trusted/Pro members only
ElasticSearch is publicly available
Public
Erlang Port Mapper Daemon (EPMD) Exposed
Trusted/Pro members only
ESXi hypervisor outdated
Trusted/Pro members only
etcd Exposed Without Authentication
Trusted/Pro members only
Microsoft Exchange Server is outdated
Trusted/Pro members only
EzGED3 is outdated
Trusted/Pro members only
Firebird Database - Default Credentials
Trusted/Pro members only
Flask debug mode exposed
Trusted/Pro members only
Apache Flink dashboard exposed without authentication
Trusted/Pro members only
Flowise instance outdated
Trusted/Pro members only
FortiGate instance outdated
Trusted/Pro members only
FortiGate instance outdated
Trusted/Pro members only
FortiWeb instance outdated
Trusted/Pro members only
FreePBX instance outdated
Trusted/Pro members only
FreeSWITCH Event Socket Exposed With Default Password
Trusted/Pro members only
Vulnerable Generic DVR
Public
GeoServer is vulnerable to RCE
Trusted/Pro members only
GeoServer is vulnerable to XXE
Trusted/Pro members only
Git configuration and history exposed
Public
Gitlab instance looks outdated
Public
Gladinet CentreStack/Triofox is outdated
Trusted/Pro members only
GLPI is outdated
Trusted/Pro members only
Exposed GoAnywhere MFT administration interface
Public
Exposed GoAnywhere MFT vulnerable
Trusted/Pro members only
Grafana instance publicly available
Trusted/Pro members only
GraphQL introspection is enabled.
Public
Apache Guacamole - Default Credentials
Trusted/Pro members only
H2 Database Console Exposed with Default Credentials
Trusted/Pro members only
H2 Database TCP Server Exposed
Trusted/Pro members only
Harbor Container Registry
Trusted/Pro members only
Hadoop HDFS NameNode Exposed Without Authentication
Trusted/Pro members only
Vulnerable HiSilicon family DVR
Public
Server accepting anonymous credentials
Public
IceWarp Mail Server - Vulnerable Version Detected
Trusted/Pro members only
ICTBroadcast is vulnerable to RCE
Trusted/Pro members only
InfluxDB Exposed Without Authentication
Trusted/Pro members only
Cisco IOS EX implant detected
Trusted/Pro members only
Ivanti Connect Secure outdated
Trusted/Pro members only
Ivanti EPMM is outdated
Trusted/Pro members only
Java Debug Wire Protocol - Unauthenticated Remote Code Execution
Trusted/Pro members only
Jenkins is publicly available
Public
Jenkins service outdated
Trusted/Pro members only
Jira instance outdated
Trusted/Pro members only
Juniper device is outdated
Trusted/Pro members only
Jupyter Notebook/Lab exposed without authentication
Trusted/Pro members only
Kafka instance is public
Public
Kerio Control vulnerable
Trusted/Pro members only
Kestrel is outdated
Trusted/Pro members only
Langflow is vulnerable RCE
Trusted/Pro members only
Laravel development panel enabled
Public
LDAP Server with Anonymous Bind and Directory Enumeration
Public
LiteLLM Proxy Exposed with Known Vulnerabilities
Trusted/Pro members only
LocalAI Server Exposed Without Authentication
Trusted/Pro members only
Server vulnerable to Log4J CVE-2021-44228
Public
Magento is vulnerable to XXE
Trusted/Pro members only
MagicInfo CMS is vulnerable
Trusted/Pro members only
Unsolicited HTTP Response (Malware Indicator)
Public
Marqo Vector Search Engine Exposed Without Authentication
Trusted/Pro members only
Meilisearch Exposed Without Authentication
Trusted/Pro members only
Memcached Server Exposed Without Authentication
Trusted/Pro members only
MeshCentral - Open Account Registration
Trusted/Pro members only
Metabase is outdated
Trusted/Pro members only
Milvus Vector Database - Unauthenticated Management API
Trusted/Pro members only
MinIO instance is outdated
Trusted/Pro members only
Mirth Connect is out-dated
Trusted/Pro members only
Mitel MiCollab is outdated
Trusted/Pro members only
MLflow Tracking Server Exposed Without Authentication
Trusted/Pro members only
Ivanti MobileIron core is outdated
Trusted/Pro members only
Ivanti MobileIron Sentry is outdated
Trusted/Pro members only
Modbus TCP Controller - Unauthenticated Access
Trusted/Pro members only
MongoBleed - Unauthenticated Memory Leak
Trusted/Pro members only
Mongo Express exposed without authentication
Trusted/Pro members only
MongoDB is publicly available
Public
Monsta FTP is outdated
Trusted/Pro members only
Moodle is vulnerable
Public
MQTT Broker - Unauthenticated Access
Public
MySQL is publicly available
Public
N8N instance outdated
Trusted/Pro members only
NATS Monitoring Interface Exposed
Public
N-able N-central is outdated
Trusted/Pro members only
Neo4j Graph Database Exposed via Bolt Protocol
Trusted/Pro members only
Neo4j Graph Database Exposed via HTTP API
Trusted/Pro members only
NetBox DCIM/IPAM - Default API Token / Default Credentials
Trusted/Pro members only
Nexus Repository is outdated
Trusted/Pro members only
NFS - Unauthenticated Export Enumeration
Trusted/Pro members only
Nginx UI - Unauthenticated Backup Download
Trusted/Pro members only
Node-RED exposed without authentication - RCE possible
Trusted/Pro members only
HashiCorp Nomad Exposed with ACL Disabled
Trusted/Pro members only
noVNC - Unauthenticated Remote Desktop Access
Trusted/Pro members only
NSQ Admin Panel Exposed Without Authentication
Public
Ollama LLM Server Exposed Without Authentication
Public
OPC UA Server - Unauthenticated Access
Trusted/Pro members only
OpenEdge is outdated
Trusted/Pro members only
Oracle E-Business Suite is outdated
Trusted/Pro members only
Palo Alto firewall outdated
Trusted/Pro members only
PaperCut is outdated
Trusted/Pro members only
CGI executing PHP code
Trusted/Pro members only
PHP-FPM FastCGI Exposed
Trusted/Pro members only
Found php information file
Trusted/Pro members only
Application executing PHP code
Trusted/Pro members only
PostgreSQL - Unauthenticated or Default Credentials
Trusted/Pro members only
PostgREST Database API Exposed Without Authentication
Trusted/Pro members only
Prefect Server Exposed Without Authentication
Trusted/Pro members only
Exposed Presto/Trino SQL Query Engine
Trusted/Pro members only
Prometheus server is public
Public
Server accepting proxy connections
Trusted/Pro members only
NextJS/Vite variable environments is publicly accessible
Trusted/Pro members only
Pulse Connect Secure outdated
Trusted/Pro members only
Qdrant Vector Database Exposed Without Authentication
Trusted/Pro members only
QNAP NAS outdated
Trusted/Pro members only
QuestDB Time-Series Database Exposed Without Authentication
Trusted/Pro members only
RabbitMQ management interface with default credentials
Trusted/Pro members only
Ruby on Rails debug mode exposed
Trusted/Pro members only
Ray Dashboard Exposed Without Authentication
Trusted/Pro members only
RDP Server Without Network Level Authentication
Public
React/Next.js is outdated
Trusted/Pro members only
Redis Commander exposed without authentication
Trusted/Pro members only
Redis instance is public
Public
RethinkDB Admin Console Exposed Without Authentication
Trusted/Pro members only
Exposed Riak Database (Protocol Buffers API)
Trusted/Pro members only
Java RMI Registry Exposed
Trusted/Pro members only
Rsync Daemon - Unauthenticated Access
Trusted/Pro members only
RustFS with Hardcoded gRPC Token
Trusted/Pro members only
Siemens S7 PLC - Unauthenticated Access
Trusted/Pro members only
SAP NetWeaver is vulnerable
Trusted/Pro members only
Expired security.txt detected
Public
Selenium Grid - Unauthenticated Access
Trusted/Pro members only
Selenoid - Unauthenticated Browser Automation Hub (RCE)
Trusted/Pro members only
Magento / Adobe Commerce is outdated
Trusted/Pro members only
Microsoft SharePoint Server is backdoored
Public
Microsoft SharePoint Server is outdated
Trusted/Pro members only
Microsoft SharePoint Server is outdated
Trusted/Pro members only
SmarterMail is outdated
Trusted/Pro members only
Open SMB file sharing detected
Public
SolarWinds Web Help Desk looks outdated
Trusted/Pro members only
Solr administration is publicly available
Public
Solr instance is outdated
Trusted/Pro members only
SonarQube instance is public
Public
SonicWall GMS oudated
Trusted/Pro members only
SonicWall firewall oudated
Trusted/Pro members only
SonicWall firewall oudated
Trusted/Pro members only
Sophos firewall outdated
Public
Spip is vulnerable RCE
Trusted/Pro members only
Splash JS Rendering Service - Unauthenticated Access
Trusted/Pro members only
Splunk Enterprise outdated
Trusted/Pro members only
Spring Boot sensitive actuators are publicly accessible
Trusted/Pro members only
SSH Service Detected
Public
SSH is potenitally vulnerable
Public
Apache Superset - Default SECRET_KEY (CVE-2023-27524)
Trusted/Pro members only
SurrealDB with Default Credentials
Trusted/Pro members only
Swagger API description is publicly available
Public
Symfony developement panel enabled
Public
Symfony error leaking informations
Public
SysAid instance outdated
Trusted/Pro members only
Oracle WebLogic T3 Protocol Exposed
Trusted/Pro members only
Tactical RMM - Default Credentials
Trusted/Pro members only
TeamCity Server is outdated
Trusted/Pro members only
GNU Inetutils Telnet Authentication Bypass
Trusted/Pro members only
TiDB Status Server Exposed
Public
Apache Tika is vulnerable XXE
Trusted/Pro members only
Traccar is outdated
Trusted/Pro members only
ASP.NET trace.axd Information Disclosure
Public
Detected HTTP traversal vulnerability
Public
Twonky Server is outdated
Trusted/Pro members only
Typesense with Default API Key
Trusted/Pro members only
VBulletin looks outdated
Trusted/Pro members only
VMWare vSphere/vCenter outdated
Trusted/Pro members only
Veeam distribution service outdated
Trusted/Pro members only
Veeam Backup & Recovery outdated
Trusted/Pro members only
Vespa Vector Search Engine Exposed Without Authentication
Trusted/Pro members only
Vicidial Recordings exposure
Trusted/Pro members only
Vicibox outdated
Trusted/Pro members only
VinChin VMWare Backup exposed and vulnerable
Trusted/Pro members only
Finds vulnerable Vite development environment
Public
VMWare Cloud Director exposed and vulnerable
Public
VNC Server Exposed Without Authentication
Public
VSCode SFTP configuration exposed
Trusted/Pro members only
WatchGuard Firebox is outdated
Trusted/Pro members only
Wazuh is outdated
Trusted/Pro members only
Weaviate Vector Database Exposed Without Authentication
Trusted/Pro members only
WebDAV Server Exposed Without Authentication
Trusted/Pro members only
Wordpress user enumeration
Trusted/Pro members only
WS_FTP service is outdated
Trusted/Pro members only
WSO2 product looks outdated
Public
XWiki is outdated
Trusted/Pro members only
Hadoop YARN ResourceManager Exposed Without Authentication
Trusted/Pro members only
Yii developement panel enabled
Trusted/Pro members only
Zimbra server is outdated
Trusted/Pro members only
Zitadel instance outdated
Trusted/Pro members only
ZoneMinder - Unauthenticated Access / Vulnerable Version
Trusted/Pro members only
Zookeeper server is public
Public
Zyxel firewall outdated
Trusted/Pro members only