HTTP file upload scanner for Burp Proxy
☆416Apr 20, 2023Updated 2 years ago
Alternatives and similar repositories for upload-scanner
Users that are interested in upload-scanner are comparing it to the libraries listed below
Sorting:
- HTTP file upload scanner for Burp Proxy☆491Dec 25, 2023Updated 2 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,774Apr 26, 2024Updated last year
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,482Oct 12, 2024Updated last year
- ☆1,187Jan 21, 2026Updated last month
- Automatic SSRF fuzzer and exploitation tool☆3,489Sep 4, 2025Updated 6 months ago
- A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by caus…☆441Apr 11, 2025Updated 10 months ago
- Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.☆1,729Dec 15, 2025Updated 2 months ago
- A curated list of amazingly awesome Burp Extensions☆3,372Feb 17, 2026Updated 2 weeks ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆284Jul 22, 2017Updated 8 years ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆736May 4, 2019Updated 6 years ago
- ☆2,316Dec 8, 2023Updated 2 years ago
- A python script that finds endpoints in JavaScript files☆4,294Apr 13, 2024Updated last year
- Burp plugin able to find reflected XSS on page in real-time while browsing on site☆1,202Feb 2, 2021Updated 5 years ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,737Feb 16, 2026Updated 2 weeks ago
- ☆1,410Jan 22, 2026Updated last month
- WebLogic wls9-async反序列化远程命令执行漏洞☆240May 26, 2019Updated 6 years ago
- Generates permutations, alterations and mutations of subdomains and then resolves them☆2,477Jan 9, 2025Updated last year
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,062Jan 2, 2024Updated 2 years ago
- Notes about attacking Jenkins servers☆2,091Jul 10, 2024Updated last year
- dynamic crawler for web vulnerability scanner☆252Mar 4, 2020Updated 6 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,167May 26, 2023Updated 2 years ago
- Automated blind-xss search for Burp Suite☆285Oct 10, 2019Updated 6 years ago
- HackBar plugin for Burpsuite☆1,619Apr 15, 2021Updated 4 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Tool☆4,123Apr 21, 2024Updated last year
- A Tool for Domain Flyovers☆5,906May 22, 2022Updated 3 years ago
- Advanced Burp Suite Logging Extension☆693May 31, 2024Updated last year
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,716Dec 1, 2024Updated last year
- HTTP parameter discovery suite.☆6,109Feb 20, 2025Updated last year
- Subdomain Takeover tool written in Go☆2,033Aug 13, 2023Updated 2 years ago
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆677Jan 28, 2024Updated 2 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 5 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,130Dec 16, 2024Updated last year
- ActiveScan++ Burp Suite Plugin☆656Dec 16, 2025Updated 2 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆6,082Aug 14, 2024Updated last year