PortSwigger / upload-scanner
HTTP file upload scanner for Burp Proxy
☆404Updated 2 years ago
Alternatives and similar repositories for upload-scanner:
Users that are interested in upload-scanner are comparing it to the libraries listed below
- List DTDs and generate XXE payloads using those local DTDs.☆627Updated last year
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆531Updated 6 years ago
- Open Redirect Payloads☆611Updated 6 months ago
- SSRF testing tool☆244Updated 2 years ago
- HTTP file upload scanner for Burp Proxy☆488Updated last year
- Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security prof…☆412Updated 4 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆364Updated 2 years ago
- Finds unknown classes of injection vulnerabilities☆679Updated last week
- Python tool to find potential Server Side Reqest Forgery (SSRF) vulnerability parameters.☆320Updated 3 weeks ago
- Content discovery wordlists generated using BigQuery☆567Updated 5 years ago
- Fetches javascript file from a list of URLS or subdomains.☆766Updated last year
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆719Updated last year
- An hourly updated list of subdomains gathered from certificate transparency logs☆346Updated 3 years ago
- Subdomain Takeover Scanner | Subdomain Takeover Tool | by 0x94☆361Updated last year
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆275Updated 4 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆315Updated last year
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆646Updated 6 years ago
- Second-order subdomain takeover scanner☆389Updated 2 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆869Updated 3 years ago
- An automated target reconnaissance pipeline.☆432Updated 2 years ago
- simple script to extract all web resources by means of .SVN folder exposed over network.☆463Updated last year
- A tool which scrapes public github repositories for common naming conventions in variables, folders and files☆290Updated 11 months ago
- ☆360Updated 3 years ago
- A small tool that extracts relative URLs from a file.☆746Updated 4 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆607Updated last year
- Security Testing Scripts for JWT☆312Updated 2 years ago
- This repository contains all the XSS cheatsheet data to allow contributions from the community.☆420Updated 5 months ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆258Updated 2 years ago
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆453Updated 5 years ago
- Repository for hosting my research papers☆508Updated last year