PortSwigger / psycho-pathLinks
psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source …
☆18Updated 7 years ago
Alternatives and similar repositories for psycho-path
Users that are interested in psycho-path are comparing it to the libraries listed below
Sorting:
- ☆32Updated 6 years ago
- Pulse SSL VPN Arbitrary File Read burp extension☆24Updated 6 years ago
- A tool for fetching archived URLs (to be rewritten in Go).☆41Updated 7 years ago
- BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JS…☆40Updated 4 years ago
- Auto Recon Bash Script☆31Updated 9 months ago
- Broken Link Hijacking Burp Extension☆57Updated 6 years ago
- Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities☆46Updated 2 years ago
- Burp extension to generate multi-step CSRF POC.☆30Updated 6 years ago
- web-based-fuzzer☆32Updated 5 years ago
- Unauthenticated RCE at Woody Ad Snippets / CVE-2019-15858 (PoC)☆32Updated 2 years ago
- Image Tragick Exploit Tool Using Burp Collaborator☆37Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆73Updated 4 years ago
- Collection of scripts to test your website against vulnerabilities.☆18Updated last year
- CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE☆31Updated 5 years ago
- Security test tool for Blind XSS☆26Updated 5 years ago
- Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.☆37Updated 5 years ago
- Wordlist to get files/ folders listed by the app that may expose passwords, sensitive file or folders☆22Updated 5 years ago
- Subvenkon is a subdomain enumerator from Venkon☆23Updated 5 years ago
- Collection of content discovery wordlists in one wordlist.☆38Updated 3 years ago
- Extract subdomains from rapiddns.io☆23Updated 2 years ago
- Tool to try multiple paths for PHPunit RCE CVE-2017-9841☆27Updated 3 years ago
- The tool exfiltrates data from Couchbase database by exploiting N1QL injection vulnerabilities.☆77Updated 5 years ago
- ☆22Updated 3 years ago
- A simple tool to detect wildcards domain based on Amass's wildcards detector.☆65Updated 4 years ago
- CVE, reports, research☆15Updated 4 years ago
- Insecure Deserialization, PDF and lab☆18Updated 5 years ago
- Reconness Agents Script☆32Updated 3 years ago
- ☆37Updated 5 years ago
- Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated…☆32Updated 6 years ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆17Updated 5 years ago