Workshop given at Hack in Paris 2019
☆126Jun 8, 2023Updated 3 years ago
Alternatives and similar repositories for xxe-workshop
Users that are interested in xxe-workshop are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.☆129Jan 10, 2023Updated 3 years ago
- References, tools and sample payloads☆11Sep 16, 2016Updated 9 years ago
- Scripts and misc. stuff related to the PortSwigger Web Academy☆17Feb 6, 2022Updated 4 years ago
- Material from presentations done by GoSecure researchers☆34Oct 10, 2023Updated 2 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆661Feb 21, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Minimalist cheat sheet for developpers to write secure code☆54Jul 17, 2020Updated 5 years ago
- ☆11Jan 24, 2023Updated 3 years ago
- An easy to navigate list of unicode characters that have risky transformations 💥☆24Mar 22, 2022Updated 4 years ago
- ☆19Jan 24, 2022Updated 4 years ago
- Compiled dataset of Java deserialization CVEs☆60Aug 31, 2020Updated 5 years ago
- CVE-2022-32119 - Arox-Unrestricted-File-Upload☆17Dec 20, 2023Updated 2 years ago
- Accompanying material needed for the workshop☆11Jun 14, 2023Updated 2 years ago
- Exploit scripts☆12Apr 10, 2022Updated 4 years ago
- OWASP Amass data source scripts (assetfinder, findomain, github, subfinder)☆105Oct 18, 2020Updated 5 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- GetSimple CMS Custom JS Plugin Exploit RCE Chain☆11Mar 8, 2023Updated 3 years ago
- ☆562Mar 27, 2025Updated last year
- ☆29Jan 10, 2023Updated 3 years ago
- Custom scripts for the PIPER Burp extensions.☆98Sep 24, 2023Updated 2 years ago
- ☆698Jul 4, 2022Updated 3 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆977Dec 31, 2021Updated 4 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆357Oct 14, 2020Updated 5 years ago
- ☆149Dec 23, 2022Updated 3 years ago
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…☆1,689May 24, 2025Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ☆12Mar 31, 2021Updated 5 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆347Nov 20, 2022Updated 3 years ago
- Burp Suite Extensions☆13Oct 19, 2021Updated 4 years ago
- xss development frameworks, with the goal of making payload writing easier.☆159Aug 7, 2024Updated last year
- Exploit for CVE-2021-3129☆289Jan 29, 2021Updated 5 years ago
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆341Aug 23, 2019Updated 6 years ago
- A Burp extension to show the Collaborator client in a tab☆24Dec 23, 2022Updated 3 years ago
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆113Mar 22, 2024Updated 2 years ago
- A XSS mind map ;)☆55Jan 16, 2016Updated 10 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Burp Extension for a passive scanning JS files for endpoint links.☆57Nov 20, 2024Updated last year
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆94Jun 11, 2023Updated 2 years ago
- ☆703Nov 27, 2024Updated last year
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆519Jul 29, 2020Updated 5 years ago
- ☆21Dec 15, 2020Updated 5 years ago
- CVE, reports, research☆15Mar 17, 2021Updated 5 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆786Aug 19, 2024Updated last year
