0xacb / viewgen

Related projects: ⓘ

• BishopFox / GadgetProbe
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆581Updated 3 years ago
• staaldraad / xxeserv
  A mini webserver with FTP support for XXE payloads
  ☆326Updated 8 months ago
• whitel1st / docem
  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
  ☆502Updated 7 months ago
• BishopFox / rmiscout
  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
  ☆420Updated 2 years ago
• GoSecure / dtd-finder
  List DTDs and generate XXE payloads using those local DTDs.
  ☆601Updated 6 months ago
• nccgroup / BurpSuiteHTTPSmuggler
  A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
  ☆703Updated 5 years ago
• 0xC01DF00D / Collabfiltrator
  Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
  ☆247Updated 2 years ago
• NotSoSecure / Blacklist3r
  project-blacklist3r
  ☆473Updated 2 years ago
• cheetz / sslScrape
  SSLScrape | A scanning tool for scaping hostnames from SSL certificates.
  ☆328Updated 3 years ago
• noperator / CVE-2019-18935
  RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
  ☆342Updated 2 years ago
• devoteam-cybertrust / burpcollaborator-docker
  This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…
  ☆279Updated 2 months ago
• mhaskar / RCEScanner
  Simple python script to extract unsafe functions from php projects
  ☆195Updated 6 years ago
• xsscx / Commodity-Injection-Signatures
  Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
  ☆385Updated 2 months ago
• epi052 / recon-pipeline
  An automated target reconnaissance pipeline.
  ☆424Updated last year
• weev3 / LKWA
  Lesser Known Web Attack Lab
  ☆327Updated 4 years ago
• modzero / mod0BurpUploadScanner
  HTTP file upload scanner for Burp Proxy
  ☆479Updated 8 months ago
• Static-Flow / BurpSuite-Team-Extension
  This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …
  ☆252Updated last year
• m4ll0k / BurpSuite-Secret_Finder
  ☆472Updated this week
• nccgroup / LoggerPlusPlus
  Advanced Burp Suite Logging Extension
  ☆619Updated 3 months ago
• daeken / SSRFTest
  SSRF testing tool
  ☆242Updated last year
• daeken / httprebind
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆292Updated 4 years ago
• C-Sto / recursebuster
  rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
  ☆242Updated 4 years ago
• milo2012 / CVE-2018-13379
  CVE-2018-13379
  ☆250Updated 5 years ago
• bayotop / off-by-slash
  Burp extension to detect alias traversal via NGINX misconfiguration at scale.
  ☆251Updated 2 years ago
• bcoles / ssrf_proxy
  SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
  ☆442Updated 6 years ago
• veracode-research / solr-injection
  Apache Solr Injection Research
  ☆569Updated 4 years ago
• Coalfire-Research / java-deserialization-exploits
  A collection of curated Java Deserialization Exploits
  ☆590Updated 3 years ago
• lc / theftfuzzer
  TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
  ☆308Updated last year
• Illuminopi / RCEvil.NET
  ☆233Updated 5 years ago
• SecurityRiskAdvisors / cmd.jsp
  A super small jsp webshell with file upload capabilities.
  ☆286Updated 3 years ago