GoSecure / template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
☆121Updated last year
Related projects ⓘ
Alternatives and complementary repositories for template-injection-workshop
- This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.☆162Updated 3 years ago
- Workshop given at Hack in Paris 2019☆121Updated last year
- Authenticated SSRF in Grafana☆77Updated 4 months ago
- ☆278Updated 3 years ago
- Burpsuite plugin for Interact.sh☆198Updated 4 months ago
- RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets fro…☆106Updated 4 years ago
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆104Updated 4 years ago
- Nuclei templates for K8S security scanning☆102Updated 2 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆252Updated 2 years ago
- Burp Bounty profiles☆82Updated 2 years ago
- Practice hacking JWT tokens☆112Updated 2 years ago
- SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities☆185Updated 3 years ago
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆101Updated 7 months ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆344Updated 2 years ago
- Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.☆105Updated 2 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆117Updated last year
- PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)☆215Updated 4 years ago
- Exploit for WebSocket Vulnerability in Apache Tomcat☆165Updated 4 years ago
- A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or L…☆130Updated 3 years ago
- Insecure programming functions database☆102Updated last year
- ☆88Updated 9 months ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆169Updated 3 weeks ago
- jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.☆149Updated 3 years ago
- Data extraction tool for Docker Registry API☆123Updated 9 months ago
- AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.☆39Updated last year
- Collection of quirky behaviours of code and the CTF challenges that I made around them.☆26Updated 3 years ago
- Burp Extension that copies a request and builds a FFUF skeleton☆107Updated last year
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago