This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.
☆112Mar 22, 2024Updated last year
Alternatives and similar repositories for XXE-study
Users that are interested in XXE-study are comparing it to the libraries listed below
Sorting:
- Wordlists for Bug Bounty☆23Aug 18, 2019Updated 6 years ago
- It's an watcher for new scopes added to bounty-targets-data and send you alert to Slack.☆59Mar 2, 2022Updated 4 years ago
- A tools for JavaScript Recon☆24Jul 25, 2020Updated 5 years ago
- Springboot detection☆23Nov 8, 2021Updated 4 years ago
- GoWC - Wildcard cleaner for MassDNS☆24Jun 10, 2022Updated 3 years ago
- bounty collection☆41Sep 1, 2024Updated last year
- Apply a filter to the events being reported by windows event logging☆15Sep 10, 2020Updated 5 years ago
- This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests a…☆349Jun 13, 2021Updated 4 years ago
- You can read the writeup on this script here☆274Jul 12, 2020Updated 5 years ago
- A simple tool with the power of "Go" to find the hidden Vhosts defined at the server.☆19Jan 3, 2019Updated 7 years ago
- Adobe Experience Manager Vulnerability Scanner☆186May 22, 2023Updated 2 years ago
- Web cache poisoning vulnerability scanner.☆73May 5, 2022Updated 3 years ago
- Resolvers updated daily for reconftw☆47Feb 7, 2023Updated 3 years ago
- bug bounty disclosed reports☆123Feb 2, 2025Updated last year
- This extension replaces the default repeater tab name with the URL path of the repeater request.☆24Sep 3, 2021Updated 4 years ago
- Remove duplicate URLs by retaining only the unique combinations of hostname, path, and parameter names☆39May 5, 2024Updated last year
- Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.☆34Feb 12, 2022Updated 4 years ago
- A web security research tool for DOM testing☆24Feb 7, 2026Updated last month
- Ffuf output browser☆39Feb 25, 2023Updated 3 years ago
- Template Nuclei SSTI☆34Nov 18, 2025Updated 3 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆17Jan 31, 2021Updated 5 years ago
- This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com☆106Aug 6, 2022Updated 3 years ago
- ☆436Jun 1, 2021Updated 4 years ago
- Unofficial documentation for the great tool Param Miner☆183Aug 21, 2022Updated 3 years ago
- A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀☆659Aug 28, 2025Updated 6 months ago
- Test the speed and reliability of a list of DNS servers☆22Dec 9, 2020Updated 5 years ago
- OpenBugBounty - https://www.openbugbounty.org/ programs list☆23Mar 15, 2021Updated 4 years ago
- This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response ma…☆81Oct 20, 2023Updated 2 years ago
- Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]☆225Aug 29, 2024Updated last year
- 🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline☆56Nov 24, 2024Updated last year
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- DomainTrail is a fast subdomain enumeration tool that uses effective passive and active techniques.☆41Apr 18, 2024Updated last year
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- Burpsuite plugin for Interact.sh☆230Jun 26, 2024Updated last year
- ☆809Jul 28, 2024Updated last year
- ☆105Oct 18, 2020Updated 5 years ago
- WebSocket Connection Smuggler☆47Sep 30, 2022Updated 3 years ago
- ParamFirstCheck identifies in a list of urls those containing a parameter of the top 25 of the most vulnerable parameters for SQLi, LFI, …☆35Dec 13, 2023Updated 2 years ago
- ☆95Sep 18, 2021Updated 4 years ago