PortSwigger/nginx-alias-traversal external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PortSwigger/nginx-alias-traversal

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PortSwigger/nginx-alias-traversal)

Close

PortSwigger / nginx-alias-traversalView on GitHubMore

• External links
• Readme badge

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

☆54Dec 3, 2021Updated 4 years ago

Alternatives and similar repositories for nginx-alias-traversal

Users that are interested in nginx-alias-traversal are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• bayotop / off-by-slash

  View on GitHub
  Burp extension to detect alias traversal via NGINX misconfiguration at scale.
  ☆265Nov 18, 2021Updated 4 years ago
• bewhale / seeyon_zipfile_upload

  View on GitHub
  致远OA通过发送特殊请求获取管理员cookie，再通过文件上传接口上传webshell压缩文件，最后发送解压请求获取webshell
  ☆10Apr 11, 2021Updated 4 years ago
• MindPatch / pmg

  View on GitHub
  Extract parameters/paths from urls
  ☆17Aug 2, 2020Updated 5 years ago
• wdahlenburg / LogicalFuzzingEngine

  View on GitHub
  A Burpsuite extension written in Python to perform basic validation fuzzing
  ☆11Oct 7, 2022Updated 3 years ago
• virink / as_scanwebshell

  View on GitHub
  An AntSword's plugin to scan webshell
  ☆16Sep 2, 2019Updated 6 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• incredibleindishell / axis_web_shell

  View on GitHub
  This repo contains Axis web shells
  ☆18Jun 15, 2019Updated 6 years ago
• lsh4ck / Langzi_SRC_Safe_Cruise

  View on GitHub
  LANGZI_SRC_安全巡航 是一款集成漏扫，验证，资产监控，自动复现并且生成结果表报的工具，实现初衷是为了帮助白帽子在SRC中节约时间成本的自动化工具。
  ☆14Jul 7, 2019Updated 6 years ago
• jakewarren / tldomains

  View on GitHub
  Tiny library to parse the subdomain, domain, and tld extension from a host string
  ☆23Apr 1, 2022Updated 3 years ago
• andresriancho / nimbostratus-target

  View on GitHub
  This repository holds a target infrastructure you can use for running the nimbostratus tools.
  ☆24Mar 9, 2015Updated 11 years ago
• ethicalhackingplayground / endzy

  View on GitHub
  Endpoint monitor tool
  ☆21Sep 16, 2020Updated 5 years ago
• vysecurity / redteam-plan

  View on GitHub
  Issues to consider when planning a red team exercise.
  ☆15Aug 22, 2017Updated 8 years ago
• In3tinct / See-SURF

  View on GitHub
  Security tool to find potential vulnerable Server Side Request Forgery (SSRF) parameters.
  ☆357Feb 13, 2026Updated last month
• cujanovic / Virtual-host-wordlist

  View on GitHub
  Virtual host wordlist
  ☆52Jan 12, 2021Updated 5 years ago
• benpturner / Invoke-DCOM

  View on GitHub
  C# DCOM Execution
  ☆17Aug 4, 2019Updated 6 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• ni8walk3r / JWT-Exploitation

  View on GitHub
  Collection of different exploitation scenarios of JWT.
  ☆21Jul 23, 2021Updated 4 years ago
• josdoaitran / payload-for-security-testing

  View on GitHub
  List out all of payload for security testing
  ☆25May 2, 2022Updated 3 years ago
• mpgn / CVE-2019-9580

  View on GitHub
  CVE-2019-9580 - StackStorm: exploiting CORS misconfiguration (null origin) to gain RCE
  ☆31Mar 13, 2019Updated 7 years ago
• k4k4r07 / CertSubDumb

  View on GitHub
  Basic Bash Script to scrape all subdomains from crtsh in a single run
  ☆19May 23, 2022Updated 3 years ago
• pyn3rd / CVE-2019-2618

  View on GitHub
  Weblogic Unrestricted File Upload
  ☆54Apr 17, 2019Updated 6 years ago
• HoangKien1020 / CVE-2020-11890

  View on GitHub
  CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE
  ☆63Jun 1, 2023Updated 2 years ago
• vysecurity / WindfarmDynamite-CNA

  View on GitHub
  CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe
  ☆16Jul 6, 2019Updated 6 years ago
• akhil-reni / xsstutorial

  View on GitHub
  ☆11Jun 19, 2024Updated last year
• buckhacker / SubDomainTakeoverTools

  View on GitHub
  ☆37Sep 12, 2018Updated 7 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• NaxAlpha / shellcode-loader

  View on GitHub
  Shellcode Loader Engine for Windows
  ☆27Jan 29, 2017Updated 9 years ago
• Impact-I / x8-Burp

  View on GitHub
  Hidden parameters discovery suite
  ☆224Nov 14, 2022Updated 3 years ago
• XRSec / CobaltStrike-Docker

  View on GitHub
  Cobalt Strike Wrapper
  ☆20Aug 13, 2025Updated 7 months ago
• safe6Sec / burpDevNote

  View on GitHub
  burp插件开发笔记
  ☆11Dec 26, 2021Updated 4 years ago
• sunnyc7 / EvilWMIProvider

  View on GitHub
  Installs And Executes Shellcode
  ☆12Jul 26, 2015Updated 10 years ago
• ja1sh / grepTheCurl

  View on GitHub
  One liner regex match to search inside JS files, using curl and grep!
  ☆29Dec 26, 2021Updated 4 years ago
• crawl3r / PortswiggerXSS

  View on GitHub
  gathers the XSS cheatsheet payloads and creates a usable wordlist
  ☆74Jan 4, 2021Updated 5 years ago
• enciphers-team / WebHacking-Training-Resources

  View on GitHub
  This repo hosts multiple codes, content, checklists etc which can help a penetration tester in a web application auditing.
  ☆21Sep 14, 2023Updated 2 years ago
• Co0nan / ParamsExtractor

  View on GitHub
  A burp-suite plugin that extract all parameter names from in-scope requests
  ☆29Nov 9, 2021Updated 4 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• bit4woo / Java_deserialize_vuln_lab

  View on GitHub
  Java 反序列化学习的实验代码 Java_deserialize_vuln_lab
  ☆87Nov 26, 2018Updated 7 years ago
• venenof7 / VCTF-Platform

  View on GitHub
  One CTF Platform
  ☆20Dec 4, 2019Updated 6 years ago
• MindPatch / lorsrf

  View on GitHub
  Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load
  ☆296Sep 22, 2024Updated last year
• Anon-Exploiter / subdomainsEnumerator

  View on GitHub
  A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
  ☆71Jul 19, 2024Updated last year
• Sajibekanti / Bug_Bounty_List

  View on GitHub
  Day by day Lots of Newbie Come into bug Bounty They ask Social Site about Bug Bounty Site, So That's why I open My Hunted All Site.
  ☆32Sep 20, 2020Updated 5 years ago
• sctf2020 / CTFd-Theme-StormCTF

  View on GitHub
  CTFd Theme for StormCTF (Updated a little bit for the newest version of CTFd)
  ☆12May 19, 2019Updated 6 years ago
• jas502n / fastjson-1.2.61-RCE

  View on GitHub
  fastjson-1.2.61-RCE
  ☆33Sep 26, 2019Updated 6 years ago