Check if the subdomain, IP address, or port belongs to a vulnerable Pterodactyl Panel instance. Versions before 1.11.11 are affected by a single critical vulnerability (CVE‑2025‑49132) that allows unauthenticated remote code execution via the /locales/locale.json endpoint using crafted locale and namespace parameters.
Specify an IP and port, or a subdomain pointing to a Pterodactyl Panel instance to check for vulnerability. You can also provide a file where each line contains one such address. If a vulnerable panel is detected, the tool will attempt to connect using the exposed database credentials. If the connection is successful, it will automatically create a temporary user to confirm the exploit worked.