GoSecure / template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
☆125Updated 2 years ago
Alternatives and similar repositories for template-injection-workshop:
Users that are interested in template-injection-workshop are comparing it to the libraries listed below
- Workshop given at Hack in Paris 2019☆121Updated last year
- This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.☆163Updated 4 years ago
- ☆281Updated 3 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆118Updated last year
- Authenticated SSRF in Grafana☆79Updated 9 months ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆256Updated 2 years ago
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆105Updated last year
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆104Updated 5 years ago
- Practice hacking JWT tokens☆113Updated 2 years ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- This repo contains all the injections mentioned in my talk and enumerators.☆123Updated last year
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆131Updated 4 years ago
- Collection of quirky behaviours of code and the CTF challenges that I made around them.☆27Updated 4 years ago
- SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities☆182Updated 4 years ago
- ☆76Updated 10 months ago
- A simple remote scanner for Atlassian Jira☆121Updated 2 years ago
- jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.☆150Updated 4 years ago
- Nuclei templates for K8S security scanning☆101Updated 3 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆347Updated 2 years ago
- ☆55Updated 2 years ago
- Burp Bounty profiles☆82Updated 3 years ago
- ☆94Updated last month
- List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.☆82Updated 7 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆107Updated 3 years ago
- RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer☆55Updated 5 years ago
- Static code analysis tool based on Elasticsearch☆129Updated 4 years ago
- Improve automated and semi-automated active scanning in Burp Pro☆61Updated 2 years ago
- Burpsuite plugin for Interact.sh☆216Updated 9 months ago
- RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets fro…☆107Updated 4 years ago
- ☆144Updated 2 years ago