Kibouo / rustpad
Multi-threaded Padding Oracle attacks against any service. Written in Rust.
☆92Updated last year
Related projects ⓘ
Alternatives and complementary repositories for rustpad
- clif is a command-line interface (CLI) application fuzzer, pretty much what wfuzz or ffuf are for web. It was inspired by sudo vulnerabil…☆98Updated last year
- LFI to RCE via phpinfo() assistance or via controlled log file☆59Updated last year
- Signing-key abuse and update exploitation framework☆121Updated 2 months ago
- Executables on Disk? Bleh 🤮☆98Updated last year
- Utility for creating ZipSlip archives☆66Updated last year
- More bind and reverse shells! This time written in Rust.☆46Updated 2 years ago
- a deterministic finite automata ranker☆69Updated 2 years ago
- A structure-aware HTTP fuzzing library☆205Updated last year
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆49Updated this week
- ☆29Updated last year
- A Netcat-style backdoor for pentesting and pentest exercises☆50Updated 3 years ago
- Fast, compact and all-around subdomain enumeration tool written in Rust☆22Updated 2 years ago
- Tool to enable blind sql injection attacks against websockets using sqlmap☆56Updated last year
- Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1☆55Updated last year
- The following package is the standalone wordlist-only component to flask-unsign.☆37Updated 4 months ago
- Gopher Tomcat Deployer☆47Updated 5 years ago
- Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)☆87Updated 2 years ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆51Updated 5 months ago
- NotSoCereal: A Deserialization exploit playground☆50Updated 2 years ago
- This tool is for letting you know how strong your disable_functions is and how you can bypass that.☆112Updated 5 years ago
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- A collection of utilities for building extensions using Burp's Montoya API☆46Updated 4 months ago
- ☆158Updated 3 years ago
- ☆24Updated 2 years ago
- ☆71Updated last year
- [PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)☆88Updated last year
- CVE-2023-34362: MOVEit Transfer Unauthenticated RCE☆63Updated 7 months ago
- Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell☆20Updated 2 years ago
- Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege e…☆51Updated last year
- A (small) web exploit framework☆77Updated 3 weeks ago