psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source …
☆140May 25, 2017Updated 8 years ago
Alternatives and similar repositories for psychoPATH
Users that are interested in psychoPATH are comparing it to the libraries listed below
Sorting:
- PoC for an adaptive parallelised DNS prober☆44Oct 4, 2017Updated 8 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆278Feb 12, 2021Updated 5 years ago
- ☆231Nov 18, 2015Updated 10 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆378Oct 12, 2020Updated 5 years ago
- The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and ai…☆13Dec 17, 2018Updated 7 years ago
- A collection of publicly released whitepapers☆49Sep 1, 2017Updated 8 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆227May 8, 2018Updated 7 years ago
- ☆14Mar 31, 2018Updated 7 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆634Jun 20, 2017Updated 8 years ago
- Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite☆323Aug 20, 2017Updated 8 years ago
- PoC attack server for CVE-2015-7547 buffer overflow vulnerability in glibc DNS stub resolver (public version)☆10Apr 25, 2016Updated 9 years ago
- VBA Reversed TCP Meterpreter Stager☆65Apr 23, 2018Updated 7 years ago
- "Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protecti…☆14Mar 4, 2017Updated 9 years ago
- Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable☆153May 4, 2017Updated 8 years ago
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.☆244Sep 13, 2021Updated 4 years ago
- yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage☆123Nov 30, 2017Updated 8 years ago
- Proof-of-concept two-stage dropper generator that uses bits from external sources☆99Nov 29, 2017Updated 8 years ago
- Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules☆161Feb 2, 2023Updated 3 years ago
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,044Nov 24, 2019Updated 6 years ago
- Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.☆451Dec 8, 2022Updated 3 years ago
- Red Team Tips as posted by @vysecurity on Twitter☆1,114Apr 26, 2020Updated 5 years ago
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 9 years ago
- Improved decoder for Burp Suite☆138Aug 30, 2021Updated 4 years ago
- Phishing toolkit for red teams and pentesters.☆125Jun 1, 2018Updated 7 years ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,213Sep 14, 2020Updated 5 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 8 years ago
- Vulnerability scanner based on vulners.com search API☆887Oct 1, 2025Updated 5 months ago
- Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account ha…☆501Aug 7, 2020Updated 5 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- A Burp Extension to test applications for vulnerability to the Web Cache Deception attack☆140Feb 18, 2021Updated 5 years ago
- The great TCP Gender Changer (tgcd) tool compiled for Windows☆14Apr 18, 2016Updated 9 years ago
- HTTPoxy Exploit Scanner by 1N3 @CrowdShield☆104Aug 9, 2017Updated 8 years ago
- Automated Responder/secretsdump.py cracking☆187May 16, 2016Updated 9 years ago
- "Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protecti…☆138Dec 22, 2017Updated 8 years ago
- Exploits and Security Tools Framework 2.0.1☆307Sep 18, 2022Updated 3 years ago
- Fast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer…☆443Jul 11, 2017Updated 8 years ago
- MalRecon - Basic Malware Reconnaissance and Analysis Tool☆26Jun 8, 2017Updated 8 years ago
- Windows Privesc Check☆20May 20, 2014Updated 11 years ago