psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source …
☆141May 25, 2017Updated 8 years ago
Alternatives and similar repositories for psychoPATH
Users that are interested in psychoPATH are comparing it to the libraries listed below
Sorting:
- PoC for an adaptive parallelised DNS prober☆44Oct 4, 2017Updated 8 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆277Feb 12, 2021Updated 5 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆379Oct 12, 2020Updated 5 years ago
- Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite☆323Aug 20, 2017Updated 8 years ago
- The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and ai…☆13Dec 17, 2018Updated 7 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆227May 8, 2018Updated 7 years ago
- ☆232Nov 18, 2015Updated 10 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆633Jun 20, 2017Updated 8 years ago
- A collection of publicly released whitepapers☆49Sep 1, 2017Updated 8 years ago
- "Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protecti…☆14Mar 4, 2017Updated 8 years ago
- Improved decoder for Burp Suite☆138Aug 30, 2021Updated 4 years ago
- Red Team Tips as posted by @vysecurity on Twitter☆1,068Apr 26, 2020Updated 5 years ago
- MalRecon - Basic Malware Reconnaissance and Analysis Tool☆26Jun 8, 2017Updated 8 years ago
- Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account ha…☆501Aug 7, 2020Updated 5 years ago
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,042Nov 24, 2019Updated 6 years ago
- A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.☆243Sep 13, 2021Updated 4 years ago
- Exploits and Security Tools Framework 2.0.1☆307Sep 18, 2022Updated 3 years ago
- Phishing toolkit for red teams and pentesters.☆126Jun 1, 2018Updated 7 years ago
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 8 years ago
- Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.☆451Dec 8, 2022Updated 3 years ago
- Office for Mac Macro Payload Generator☆244Sep 25, 2025Updated 5 months ago
- Proof-of-concept two-stage dropper generator that uses bits from external sources☆99Nov 29, 2017Updated 8 years ago
- Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable☆153May 4, 2017Updated 8 years ago
- Windows Privesc Check☆20May 20, 2014Updated 11 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 8 years ago
- The great TCP Gender Changer (tgcd) tool compiled for Windows☆14Apr 18, 2016Updated 9 years ago
- Vulnerability scanner based on vulners.com search API☆883Oct 1, 2025Updated 5 months ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,213Sep 14, 2020Updated 5 years ago
- Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules☆161Feb 2, 2023Updated 3 years ago
- Fast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer…☆443Jul 11, 2017Updated 8 years ago
- ☆14Mar 31, 2018Updated 7 years ago
- yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage☆123Nov 30, 2017Updated 8 years ago
- VBA Reversed TCP Meterpreter Stager☆65Apr 23, 2018Updated 7 years ago
- Brute forcer and shell deployer for WildFly☆100Mar 10, 2018Updated 7 years ago
- LyncSniper: A tool for penetration testing Skype for Business and Lync deployments☆307Jul 3, 2020Updated 5 years ago
- In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)☆168Jun 8, 2017Updated 8 years ago
- Ip Vulnerability check to Eternal Blue , Romance , Synergy , Champion , Erraticgopher & Eagerlever☆124Nov 18, 2023Updated 2 years ago
- unarcrypto is an educational tool to depict cryptography usage in zip, rar and 7zip archives☆97Nov 10, 2018Updated 7 years ago
- A Burp Extension to test applications for vulnerability to the Web Cache Deception attack☆140Feb 18, 2021Updated 5 years ago