NotSoCereal: A Deserialization exploit playground
☆54Jan 13, 2022Updated 4 years ago
Alternatives and similar repositories for NotSoCereal-Lab
Users that are interested in NotSoCereal-Lab are comparing it to the libraries listed below
Sorting:
- Checklist for pentests, handy commands for to remembers, and a few tools to work on here and there. Far from complete!☆26Jul 28, 2023Updated 2 years ago
- Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.☆22May 9, 2023Updated 2 years ago
- Framework for blind boolean-based sql injections exploatation. Use it if sqlmap does shit.☆29Mar 26, 2022Updated 3 years ago
- A tool to do basic fingerprinting across a large number of hosts☆11Oct 20, 2020Updated 5 years ago
- Supporting material for the "Hunting Bugs In The Tropics" DEFCON 30 talk☆10Aug 18, 2022Updated 3 years ago
- POC for CVE-2020-9484☆13Feb 10, 2021Updated 5 years ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆52Sep 11, 2024Updated last year
- Semgrep rules to identify GWT attack surface☆12Apr 28, 2022Updated 3 years ago
- CVE-2024-0044☆12Aug 24, 2024Updated last year
- After getting heavy demand on my Crest CPSA. I am sharing my notes on Network Security Assessment from recommended book for CPSA. Please …☆16Jun 9, 2023Updated 2 years ago
- ☆13Aug 13, 2019Updated 6 years ago
- CNVD-2021-30167 用友NC BeanShell远程代码执行☆30Jun 4, 2021Updated 4 years ago
- ☆13Dec 27, 2023Updated 2 years ago
- ☆20Sep 6, 2023Updated 2 years ago
- Chat.JS - Vulnerable NodeJS Web-App to practice NoSQLi and Deserialization exploitation☆31Mar 21, 2021Updated 4 years ago
- A collection of Turbo Intruder scripts.☆71Feb 1, 2025Updated last year
- Lots of POC Codes & Preparation materials, scripts, discovery processes in there.☆15Feb 8, 2024Updated 2 years ago
- 7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal☆18Apr 17, 2021Updated 4 years ago
- An attempt to automated hunting for delegation access across the domain☆27Jan 17, 2019Updated 7 years ago
- An intentionally designed broken web application based on REST API☆13May 25, 2022Updated 3 years ago
- visually see issues with supported cipher suites☆17Jun 18, 2024Updated last year
- Java反序列化漏洞学习☆14Jul 1, 2021Updated 4 years ago
- A command-line tool for Cross-Site WebSocket Hijacking☆44Oct 18, 2023Updated 2 years ago
- ☆10Jun 28, 2021Updated 4 years ago
- Basic implementation of certstream to print new subdomains and domains☆36Jul 6, 2021Updated 4 years ago
- Additional nuclei templates☆38Oct 16, 2023Updated 2 years ago
- ☆73Jan 5, 2022Updated 4 years ago
- TESTR - A Vulnerable Python Web-App to practice XSS and Command Injection☆42Oct 8, 2022Updated 3 years ago
- This extension replaces the default repeater tab name with the URL path of the repeater request.☆24Sep 3, 2021Updated 4 years ago
- A simple web application vulnerability lab made for the HackerOne Veterans day event☆18Mar 10, 2021Updated 4 years ago
- JavaScript for Automation (JXA) version of Patrick Wardle's tool that searches applications for dylib hijacking opportunities☆22Aug 6, 2019Updated 6 years ago
- eLdap is a tool that helps users searching and filtering queries in Ldap environment.☆19Apr 22, 2022Updated 3 years ago
- Apache APISIX Remote Code Execution (CVE-2022-24112) proof of concept exploit☆13Mar 16, 2022Updated 3 years ago
- Run all your bug bounty VPN profiles in parallel and expose them via multiple local SOCKS proxies.☆113Nov 14, 2021Updated 4 years ago
- Modular Enumeration and Password Spraying Framework☆129Apr 10, 2024Updated last year
- A quick ‘n dirty nmap parser written in Golang to convert nmap xml to IP:Port notation.☆129Jul 3, 2024Updated last year
- A simple tool to decloak/expose the bucket name behind a domain.☆22Feb 6, 2026Updated 3 weeks ago
- Labs from our workshop "Demystifying the server-side".☆17May 30, 2022Updated 3 years ago
- 适用AWD-WEB的各种场景下的攻击框架。☆22May 26, 2023Updated 2 years ago