PortSwigger/command-injection-attacker external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PortSwigger/command-injection-attacker

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PortSwigger/command-injection-attacker)

Close

PortSwigger / command-injection-attackerView on GitHubMore

• External links
• Readme badge

SHELLING - a comprehensive OS command injection payload generator

☆110Jun 18, 2019Updated 6 years ago

Alternatives and similar repositories for command-injection-attacker

Users that are interested in command-injection-attacker are comparing it to the libraries listed below

• attackercan / burp-xss-sql-plugin

  View on GitHub
  ☆44Sep 28, 2016Updated 9 years ago
• floyd-fuh / burp-HttpFuzzer

  View on GitHub
  Burp plugin to do random fuzzing of HTTP requests
  ☆33Jan 31, 2017Updated 9 years ago
• JavanXD / Demo-Exploit-Jackson-RCE

  View on GitHub
  Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.
  ☆18Feb 21, 2019Updated 7 years ago
• nccgroup / argumentinjectionhammer

  View on GitHub
  A Burp Extension designed to identify argument injection vulnerabilities.
  ☆123Apr 16, 2019Updated 6 years ago
• syriusbughunt / CVE-2018-14667

  View on GitHub
  All about CVE-2018-14667; From what it is to how to successfully exploit it.
  ☆50Nov 30, 2018Updated 7 years ago
• kapytein / jsonp

  View on GitHub
  jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.
  ☆154Feb 15, 2021Updated 5 years ago
• n4xh4ck5 / N4xD0rk

  View on GitHub
  Listing subdomains about a main domain
  ☆59May 9, 2018Updated 7 years ago
• RhinoSecurityLabs / SleuthQL

  View on GitHub
  Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
  ☆471Nov 14, 2019Updated 6 years ago
• Damian89 / xssfinder

  View on GitHub
  Toolset for detecting reflected xss in websites
  ☆116Oct 7, 2018Updated 7 years ago
• BuffaloWill / oxml_xxe

  View on GitHub
  A tool for embedding XXE/XML exploits into different filetypes
  ☆1,135Dec 16, 2024Updated last year
• 0utrider / malrecon

  View on GitHub
  MalRecon - Basic Malware Reconnaissance and Analysis Tool
  ☆26Jun 8, 2017Updated 8 years ago
• Coalfire-Research / java-deserialization-exploits

  View on GitHub
  A collection of curated Java Deserialization Exploits
  ☆591May 16, 2021Updated 4 years ago
• PaulSec / CSRFT

  View on GitHub
  A lightweight CSRF Toolkit for easy Proof of concept
  ☆172Jun 11, 2014Updated 11 years ago
• samhaxr / XXRF-Shots

  View on GitHub
  XXRF Shots - Useful for testing SSRF vulnerability
  ☆74Feb 18, 2023Updated 3 years ago
• incredibleindishell / Local-file-disclosure-SQL-Injection-Lab

  View on GitHub
  This is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. …
  ☆42Mar 14, 2017Updated 9 years ago
• destine21 / ZIPFileRaider

  View on GitHub
  ZIP File Raider - Burp Extension for ZIP File Payload Testing
  ☆72Aug 31, 2020Updated 5 years ago
• mystech7 / Burp-Hunter

  View on GitHub
  XSS Hunter Burp Plugin
  ☆151Aug 31, 2018Updated 7 years ago
• oguzpamuk / HuntingWithPowershell

  View on GitHub
  Windows log and threat hunting with powershell
  ☆16Dec 11, 2020Updated 5 years ago
• Tw1sm / nessporter

  View on GitHub
  Assists in mass exportation of Nessus scans
  ☆19Apr 20, 2018Updated 7 years ago
• torque59 / Nosql-Exploitation-Framework

  View on GitHub
  A Python Framework For NoSQL Scanning and Exploitation
  ☆602Dec 6, 2024Updated last year
• SimplySecurity / simplydomain

  View on GitHub
  Subdomain brute force focused on speed and data serialization
  ☆75Dec 27, 2022Updated 3 years ago
• tijme / angularjs-csti-scanner

  View on GitHub
  Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
  ☆325Oct 20, 2021Updated 4 years ago
• jobertabma / virtual-host-discovery

  View on GitHub
  A script to enumerate virtual hosts on a server.
  ☆690Dec 28, 2017Updated 8 years ago
• TypeError / domained

  View on GitHub
  Multi Tool Subdomain Enumeration
  ☆723Apr 11, 2021Updated 4 years ago
• Ice3man543 / SubOver

  View on GitHub
  A Powerful Subdomain Takeover Tool
  ☆962Oct 17, 2023Updated 2 years ago
• migolovanov / libinjection-fuzzer

  View on GitHub
  This tool was written as PoC to article https://waf.ninja/libinjection-fuzz-to-bypass/
  ☆39Oct 13, 2017Updated 8 years ago
• khalilbijjou / WAFNinja

  View on GitHub
  WAFNinja is a tool which contains two functions to attack Web Application Firewalls.
  ☆824Dec 6, 2017Updated 8 years ago
• paulosgf / autoMetasploit

  View on GitHub
  Ruby script to automate metasploit scanning, exploitation, and post-exploitation
  ☆19Jul 4, 2020Updated 5 years ago
• nikosdano / SSRF-Vulnerable-with-Curl

  View on GitHub
  This is the vulnerable "proxy" I used on this article: http://resources.infosecinstitute.com/the-ssrf-vulnerability/ . A simple, non-vali…
  ☆14Sep 20, 2016Updated 9 years ago
• cujanovic / Content-Bruteforcing-Wordlist

  View on GitHub
  Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
  ☆217Oct 12, 2024Updated last year
• devoteam-cybertrust / friOS

  View on GitHub
  iOS Frida Scripts
  ☆37Oct 2, 2017Updated 8 years ago
• cosmoscrew / ssrf-playground

  View on GitHub
  A playground to practice SSRF Attacks against web apps
  ☆17Oct 15, 2018Updated 7 years ago
• SpiderMate / B-XSSRF

  View on GitHub
  Toolkit to detect and keep track on Blind XSS, XXE & SSRF
  ☆293Aug 23, 2019Updated 6 years ago
• haccer / subjack

  View on GitHub
  DNS Takeover tool written in Go
  ☆2,033Updated this week
• Static-Flow / DirectoryImporter

  View on GitHub
  This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…
  ☆36Mar 1, 2023Updated 3 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,787Apr 26, 2024Updated last year
• PortSwigger / http-request-smuggler

  View on GitHub
  ☆1,189Jan 21, 2026Updated 2 months ago
• TestingPens / MalwarePersistenceScripts

  View on GitHub
  A collection of scripts I've written to help red and blue teams with malware persistence techniques.
  ☆127May 30, 2018Updated 7 years ago
• nccgroup / AutoRepeater

  View on GitHub
  Automated HTTP Request Repeating With Burp Suite
  ☆891Dec 15, 2021Updated 4 years ago