SecPriv / cookiecrumbles

Related projects: ⓘ

• KTH-LangSec / server-side-prototype-pollution
  A collection of Server-Side Prototype Pollution gadgets and exploits
  ☆124Updated 3 weeks ago
• AethliosIK / reset-tolkien
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆110Updated last month
• yeswehack / pp-finder
  PP-finder Help you find gadget for prototype pollution exploitation
  ☆127Updated last month
• hackvertor / blind-css-exfiltration
  ☆83Updated 9 months ago
• usdAG / FlowMate
  FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…
  ☆151Updated 3 weeks ago
• PortSwigger / splitting-the-email-atom
  ☆56Updated last month
• trufflesecurity / of-CORS
  ☆143Updated last year
• PortSwigger / js-miner
  This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.
  ☆54Updated last year
• doyensec / GQLSpection
  GQLSpection - parses GraphQL introspection schema and generates possible queries
  ☆67Updated 2 months ago
• Moopinger / smugglefuzz
  A rapid HTTP downgrade smuggling scanner written in Go.
  ☆242Updated 4 months ago
• j3ssie / custom-bcheck-scan
  This repository stores some of my custom BCheck Scan configurations. Its goal is to identify intriguing elements that warrant further man…
  ☆86Updated 7 months ago
• nikitastupin / param-miner-doc
  Unofficial documentation for the great tool Param Miner
  ☆169Updated 2 years ago
• doyensec / CSPTBurpExtension
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
  ☆80Updated 2 months ago
• d0ge / sign-saboteur
  SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens
  ☆134Updated 3 months ago
• xscorp / jsmug
  A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON
  ☆112Updated 5 months ago
• matanber / domlogger-configs
  Useful configurations for the DomLogger++ extension
  ☆23Updated last week
• intruder-io / guidtool
  A tool to inspect and attack version 1 GUIDs
  ☆206Updated last year
• Philesiv / XSLeaker
  Searcher for cross-site leaks (XS-Leaks)
  ☆81Updated last year
• google / protobuf-extensibility-for-burp
  ☆81Updated 2 months ago
• cybervelia / graphicator
  A GraphQL enumeration and extraction tool
  ☆127Updated last year
• Icare1337 / LibreOffice_Tips_Bug_Bounty
  Some tips for Bug Bounty using LibreOffice
  ☆28Updated 2 months ago
• SoheilKhodayari / TheThing
  TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
  ☆38Updated 10 months ago
• ElSicarius / chunkloader
  A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs
  ☆60Updated 2 months ago
• PortSwigger / bambdas
  Bambdas collection for Burp Suite Professional and Community.
  ☆193Updated last month
• bebiksior / EvenBetter
  EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎
  ☆124Updated 2 weeks ago
• xssdoctor / graphqlMaker
  Finds graphql queries in javascript files
  ☆56Updated 4 months ago
• mogwailabs / DNSrebinder
  A python based minimal DNS server to test/verify DNS rebinding attacks
  ☆30Updated last year
• caido / workflows
  🛠️ Workflows created by the community
  ☆56Updated last month
• SoheilKhodayari / DOMClobbering
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆43Updated 9 months ago
• dsecuredcom / ffufPostprocessing
  Golang tool which helps dropping the irrelevant entries from your ffuf result file.
  ☆129Updated this week
• BrunoHalltari / CTF-Writeups
  Here i will post my writeups :)
  ☆31Updated last year