Paradoxis / Flask-UnsignLinks
Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
☆556Updated 6 months ago
Alternatives and similar repositories for Flask-Unsign
Users that are interested in Flask-Unsign are comparing it to the libraries listed below
Sorting:
- Deriving RSA public keys from message-signature pairs☆321Updated last year
- ☆826Updated 2 years ago
- Simple websites vulnerable to Server Side Template Injections(SSTI)☆391Updated 2 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆872Updated 3 years ago
- Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease appli…☆250Updated 6 months ago
- HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite☆748Updated 4 years ago
- A CLI to exploit parameters vulnerable to PHP filter chain error based oracle.☆300Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆629Updated last year
- Simple DNS Rebinding Service☆658Updated 5 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆617Updated last year
- Automatic SSTI detection tool with interactive interface☆1,081Updated last month
- Because just a dark theme wasn't enough!☆563Updated 5 months ago
- 🎯 Server Side Template Injection Payloads☆655Updated 10 months ago
- A cheatsheet for exploiting server-side SVG processors.☆734Updated 4 years ago
- An IIS short filename enumeration tool☆940Updated 6 months ago
- This tool is for letting you know how strong your disable_functions is and how you can bypass that.☆129Updated 5 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆363Updated 9 months ago
- Magic hashes – PHP hash "collisions"☆770Updated 2 months ago
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)☆730Updated 3 years ago
- Content-Type Research☆619Updated last year
- A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.☆712Updated last year
- Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.☆216Updated 7 months ago
- Flask Session Cookie Decoder/Encoder☆697Updated 3 months ago
- Burp Extension for a passive scanning JS files for endpoint links.☆784Updated last year
- ☆877Updated 2 months ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆189Updated 3 months ago
- latest version of scanners for IIS short filename (8.3) disclosure vulnerability☆1,525Updated last year
- This tool generates gopher link for exploiting SSRF and gaining RCE in various servers☆3,091Updated 2 years ago
- List of XSS Vectors/Payloads☆1,231Updated 5 months ago
- Grafana Unauthorized arbitrary file reading vulnerability☆359Updated 2 years ago