PortSwigger / psycho-path
psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source …
☆19Updated 6 years ago
Alternatives and similar repositories for psycho-path:
Users that are interested in psycho-path are comparing it to the libraries listed below
- ☆31Updated 5 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆31Updated 7 years ago
- Unauthenticated RCE at Woody Ad Snippets / CVE-2019-15858 (PoC)☆32Updated last year
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆17Updated 4 years ago
- BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JS…☆39Updated 3 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆27Updated 6 years ago
- PHP tool to test XSS☆23Updated 5 years ago
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- Insecure Deserialization, PDF and lab☆17Updated 5 years ago
- Kubernetes Scanner☆40Updated 3 years ago
- CVE, reports, research☆17Updated 3 years ago
- burp extender for fuzzing☆10Updated 6 years ago
- Scripts for OSCE☆18Updated 6 years ago
- Auto Recon Bash Script☆30Updated last month
- Security test tool for Blind XSS☆26Updated 4 years ago
- RAS(RAndom Subdomain) Fuzzer☆43Updated 5 years ago
- This is a small extension to make graphql readable☆30Updated 6 years ago
- Sparty - MS Sharepoint and Frontpage Auditing Tool☆31Updated 10 years ago
- A simple tool with the power of "Go" to find the hidden Vhosts defined at the server.☆18Updated 6 years ago
- Alpha version code of Recon UI☆14Updated 6 years ago
- web-based-fuzzer☆32Updated 4 years ago
- The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and ai…☆13Updated 6 years ago
- A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.☆24Updated 5 years ago
- Slides of the talk on Injection attacks in apps with NoSQL Backends, given at null OWASP Bangalore monthly meet on 27th April 2019☆22Updated 5 years ago
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆36Updated last year
- Subvenkon is a subdomain enumerator from Venkon☆23Updated 4 years ago
- Burp extension to generate multi-step CSRF POC.☆29Updated 5 years ago
- ☆22Updated 2 years ago
- A burp extension to generate sqlmap PoC from target HTTP request.☆28Updated 8 years ago
- OWASP Skanda - SSRF Exploitation Framework☆37Updated 11 years ago