PortSwigger / agartha
a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation.
☆18Updated 3 weeks ago
Related projects: ⓘ
- Burp Suite's extension to scan and crawl Single Page Applications☆99Updated last year
- ☆24Updated 3 months ago
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆84Updated 7 months ago
- WEB API fuzzing☆24Updated last year
- A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.☆110Updated 2 years ago
- Exploit for CVE-2024-20767 - Adobe ColdFusion☆33Updated 5 months ago
- ☆74Updated 4 months ago
- ☆18Updated 2 months ago
- ☆47Updated 2 years ago
- Spring4Shell Burp Scanner☆65Updated 2 years ago
- bounty collection☆27Updated 2 weeks ago
- Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability☆54Updated last year
- This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.☆54Updated last year
- Burp Extension for a passive scanning JS files for endpoint links.☆47Updated 3 weeks ago
- ☆27Updated last year
- tool that generates bypasses for open redirects☆47Updated 2 years ago
- A Burp Suite extension and standalone application for creating and editing JSON Web Tokens. This tool supports signing and verification o…☆33Updated 2 years ago
- Additional resources for leaking and exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059)☆84Updated 5 months ago
- nuclei framework scripts☆30Updated 2 years ago
- CVE-2022-41040 nuclei template☆19Updated last year
- ☆19Updated last year
- The purpose of this repo is to share my research☆14Updated 9 months ago
- Improve automated and semi-automated active scanning in Burp Pro☆60Updated 2 years ago
- CVE-2023-34960 Chamilo PoC☆35Updated last year
- ☆19Updated 8 months ago
- CVE-2024-27956 WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection☆18Updated 4 months ago
- Burp Suite extension that enhances Burp Active Scan by adding template engine specific SSTI payloads.☆21Updated 7 months ago
- Web cache poisoning vulnerability scanner.☆56Updated 2 years ago
- Endpoints Explorer is a Python script that employs multiple bypass rules to discover sensitive endpoints☆82Updated 3 months ago
- Utility for creating ZipSlip archives☆66Updated last year