PortSwigger / psycho-path
psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source …
☆19Updated 6 years ago
Related projects: ⓘ
- ☆31Updated 5 years ago
- Auto Recon Bash Script☆30Updated 4 years ago
- BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JS…☆38Updated 3 years ago
- CVE, reports, research☆16Updated 3 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆31Updated 6 years ago
- Unauthenticated RCE at Woody Ad Snippets / CVE-2019-15858 (PoC)☆32Updated last year
- Kubernetes Scanner☆41Updated 2 years ago
- XSSor is a semi-automatic reflected and persistent XSS detector extension for Burp Suite. The tool was written in Python by Barak Tawily,…☆45Updated 3 years ago
- Security test tool for Blind XSS☆27Updated 4 years ago
- web-based-fuzzer☆32Updated 4 years ago
- RAS(RAndom Subdomain) Fuzzer☆43Updated 4 years ago
- A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.☆24Updated 5 years ago
- A burp extension to generate sqlmap PoC from target HTTP request.☆28Updated 7 years ago
- Image Tragick Exploit Tool Using Burp Collaborator☆35Updated 3 months ago
- ☆35Updated this week
- Broken Link Hijacking Burp Extension☆54Updated 5 years ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆16Updated 4 years ago
- Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack☆39Updated last year
- ☆22Updated 2 years ago
- Scripts for OSCE☆18Updated 5 years ago
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- Insecure Deserialization, PDF and lab☆17Updated 4 years ago
- Burp extension to generate multi-step CSRF POC.☆29Updated 4 years ago
- ☆20Updated this week
- ☆11Updated this week
- Burp Intruder File Payload Generator☆18Updated 4 years ago
- ☆33Updated 4 years ago
- This is a small extension to make graphql readable☆29Updated 5 years ago
- burp extender for fuzzing☆10Updated 6 years ago
- Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities☆41Updated last year