GoSecure / template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
☆122Updated 2 years ago
Alternatives and similar repositories for template-injection-workshop:
Users that are interested in template-injection-workshop are comparing it to the libraries listed below
- This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.☆162Updated 3 years ago
- Workshop given at Hack in Paris 2019☆121Updated last year
- ☆280Updated 3 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆117Updated last year
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆103Updated 9 months ago
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆130Updated 3 years ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- Practice hacking JWT tokens☆112Updated 2 years ago
- Burp Bounty profiles☆82Updated 3 years ago
- This repo contains all the injections mentioned in my talk and enumerators.☆121Updated last year
- Authenticated SSRF in Grafana☆79Updated 6 months ago
- Burpsuite plugin for Interact.sh☆201Updated 6 months ago
- jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.☆149Updated 3 years ago
- ☆74Updated 8 months ago
- AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.☆39Updated last year
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆256Updated 2 years ago
- List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.☆81Updated 6 years ago
- Generates target specific word lists for Fuzzing with fuff☆107Updated 4 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆106Updated 2 years ago
- ☆88Updated last month
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆103Updated 4 years ago
- WordPress Plugin Update Confusion☆67Updated 3 years ago
- Burp Extension for a passive scanning JS files for endpoint links.☆164Updated 5 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆175Updated 4 years ago
- Nuclei templates for K8S security scanning☆101Updated 3 years ago
- This Repo contains wordlist for subdomain enumeration , php file path, html file path, and js file path☆102Updated 4 years ago
- Exfiltrate blind remote code execution output over DNS via Burp Collaborator.☆251Updated 2 months ago
- ☆78Updated 8 months ago