PortSwigger / nginx-alias-traversalView external linksLinks
Burp extension to detect alias traversal via NGINX misconfiguration at scale.
☆54Dec 3, 2021Updated 4 years ago
Alternatives and similar repositories for nginx-alias-traversal
Users that are interested in nginx-alias-traversal are comparing it to the libraries listed below
Sorting:
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- Extract parameters/paths from urls☆17Aug 2, 2020Updated 5 years ago
- An AntSword's plugin to scan webshell☆16Sep 2, 2019Updated 6 years ago
- CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe☆16Jul 6, 2019Updated 6 years ago
- Shellcode Loader Engine for Windows☆27Jan 29, 2017Updated 9 years ago
- LANGZI_SRC_安全巡航 是一款集成漏扫,验证,资产监控,自动复现并且生成结果表报的工具,实现初衷是为了帮助白帽子在SRC中节约时间成本的自动化工具。☆14Jul 7, 2019Updated 6 years ago
- This repo contains Axis web shells☆18Jun 15, 2019Updated 6 years ago
- C# DCOM Execution☆18Aug 4, 2019Updated 6 years ago
- Collection of different exploitation scenarios of JWT.☆21Jul 23, 2021Updated 4 years ago
- 搜索几个网站的云盘资源,并过滤到失效链接,最后不保证资源的有效性☆20Jun 25, 2018Updated 7 years ago
- Weblogic Unrestricted File Upload☆54Apr 17, 2019Updated 6 years ago
- fastjson-1.2.61-RCE☆33Sep 26, 2019Updated 6 years ago
- ☆14Oct 1, 2021Updated 4 years ago
- CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE☆62Jun 1, 2023Updated 2 years ago
- Security tool (now AI powered 🤖) to find potential vulnerable Server Side Request Forgery (SSRF) parameters.☆353Jan 29, 2026Updated 2 weeks ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Nov 26, 2018Updated 7 years ago
- Tiny library to parse the subdomain, domain, and tld extension from a host string☆23Apr 1, 2022Updated 3 years ago
- Encrypted Shellcode Loader Generator☆22Jan 29, 2019Updated 7 years ago
- List out all of payload for security testing☆25May 2, 2022Updated 3 years ago
- Endpoint monitor tool☆21Sep 16, 2020Updated 5 years ago
- One CTF Platform☆20Dec 4, 2019Updated 6 years ago
- A Burpsuite extension written in Python to perform basic validation fuzzing☆11Oct 7, 2022Updated 3 years ago
- It contain google dork to find the wsdl file.☆13May 27, 2020Updated 5 years ago
- A Mobicore Trustlet/Driver Binary Loader for Ghidra☆13Jul 10, 2019Updated 6 years ago
- ☆10Jan 25, 2023Updated 3 years ago
- burp插件开发笔记☆11Dec 26, 2021Updated 4 years ago
- The offical exploit for Pandora v7.0NG Post-auth Remote Code Execution CVE-2019-20224☆14Jan 10, 2020Updated 6 years ago
- AntSword Generate Shell Plugin☆12Jun 26, 2022Updated 3 years ago
- Docker + CVE-2015-2925 = escaping from --volume☆11Jun 30, 2015Updated 10 years ago
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆107Jan 26, 2020Updated 6 years ago
- Oneliners curated from my experience and from the internet☆23Feb 8, 2021Updated 5 years ago
- Basic Bash Script to scrape all subdomains from crtsh in a single run☆19May 23, 2022Updated 3 years ago
- ASUS SmartHome Exploit for CVE-2019-11061 and CVE-2019-11063☆23Aug 27, 2019Updated 6 years ago
- A js encode/decode simple tool for XSS☆28Nov 27, 2019Updated 6 years ago
- Shodan Favicon Hash Generator By Aziz Hakim @eternyle☆26May 25, 2024Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- 基于burpsuite headless 的代理式被动扫描系统☆97Feb 10, 2020Updated 6 years ago
- 致远OA通过发送特殊请求获取管理员cookie,再通过文件上传接口上传webshell压缩文件,最后发送解压请求获取webshell☆10Apr 11, 2021Updated 4 years ago
- ☆10Dec 19, 2017Updated 8 years ago