BlackFan / client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
☆1,465Updated last year
Alternatives and similar repositories for client-side-prototype-pollution:
Users that are interested in client-side-prototype-pollution are comparing it to the libraries listed below
- ☆675Updated 2 years ago
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆1,130Updated last year
- List of XSS Vectors/Payloads☆1,221Updated 2 months ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆1,929Updated last year
- ☆1,183Updated 2 years ago
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep☆1,273Updated 6 months ago
- Client Side Prototype Pollution Scanner☆518Updated 2 years ago
- Content-Type Research☆606Updated last year
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆860Updated 3 years ago
- A cheatsheet for exploiting server-side SVG processors.☆724Updated 4 years ago
- XSS payloads designed to turn alert(1) into P1☆1,347Updated last year
- A wordlist of API names for web application assessments☆801Updated last month
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆706Updated last year
- declutters url lists for crawling/pentesting☆1,321Updated last month
- A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.☆705Updated 10 months ago
- This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location☆1,245Updated 4 years ago
- A fast DOM based XSS vulnerability scanner with simplicity.☆786Updated 2 years ago
- 🎯 XML External Entity (XXE) Injection Payload List☆1,153Updated 8 months ago
- PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.☆1,129Updated 7 months ago
- 🎯 Server Side Template Injection Payloads☆634Updated 8 months ago
- Accept URLs on stdin, replace all query string values with a user-supplied value☆801Updated 2 years ago
- GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)☆1,455Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆983Updated last year
- Hidden parameters discovery suite☆1,805Updated 6 months ago
- Making Favicon.ico based Recon Great again !☆1,167Updated last year
- Automated & Manual Wordlists provided by Assetnote☆1,401Updated 8 months ago
- Automation for javascript recon in bug bounty.☆969Updated last year
- This repository contains all the XSS cheatsheet data to allow contributions from the community.☆417Updated 4 months ago
- ☆1,308Updated last month
- ☆825Updated 2 weeks ago