psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & web file upload implementations allowing to write files into the webroot (aka document root). The "blind" aspect is the key here and is inherent to dynamic testing usually conducted with no access to the source …
☆140May 25, 2017Updated 8 years ago
Alternatives and similar repositories for psychoPATH
Users that are interested in psychoPATH are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PoC for an adaptive parallelised DNS prober☆44Oct 4, 2017Updated 8 years ago
- psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-s…☆277Feb 12, 2021Updated 5 years ago
- ☆231Nov 18, 2015Updated 10 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆378Oct 12, 2020Updated 5 years ago
- The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and ai…☆13Dec 17, 2018Updated 7 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A collection of publicly released whitepapers☆49Sep 1, 2017Updated 8 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆227May 8, 2018Updated 7 years ago
- ☆14Mar 31, 2018Updated 8 years ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆635Jun 20, 2017Updated 8 years ago
- Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite☆322Aug 20, 2017Updated 8 years ago
- VBA Reversed TCP Meterpreter Stager☆65Apr 23, 2018Updated 8 years ago
- "Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protecti…☆14Mar 4, 2017Updated 9 years ago
- Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable☆153May 4, 2017Updated 8 years ago
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.☆244Sep 13, 2021Updated 4 years ago
- yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage☆122Nov 30, 2017Updated 8 years ago
- Proof-of-concept two-stage dropper generator that uses bits from external sources☆99Nov 29, 2017Updated 8 years ago
- Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules☆162Feb 2, 2023Updated 3 years ago
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,045Nov 24, 2019Updated 6 years ago
- Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.☆451Dec 8, 2022Updated 3 years ago
- Red Team Tips as posted by @vysecurity on Twitter☆1,116Apr 26, 2020Updated 6 years ago
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 9 years ago
- Improved decoder for Burp Suite☆138Aug 30, 2021Updated 4 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Phishing toolkit for red teams and pentesters.☆125Jun 1, 2018Updated 7 years ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,212Sep 14, 2020Updated 5 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 9 years ago
- Vulnerability scanner based on vulners.com search API☆889Oct 1, 2025Updated 6 months ago
- Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account ha…☆501Aug 7, 2020Updated 5 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- A Burp Extension to test applications for vulnerability to the Web Cache Deception attack☆141Feb 18, 2021Updated 5 years ago
- The great TCP Gender Changer (tgcd) tool compiled for Windows☆14Apr 18, 2016Updated 10 years ago
- HTTPoxy Exploit Scanner by 1N3 @CrowdShield☆104Aug 9, 2017Updated 8 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Automated Responder/secretsdump.py cracking☆187May 16, 2016Updated 9 years ago
- "Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protecti…☆138Dec 22, 2017Updated 8 years ago
- Exploits and Security Tools Framework 2.0.1☆307Sep 18, 2022Updated 3 years ago
- Fast and easy create backdoor office exploitation using module metasploit packet , Microsoft Office , Open Office , Macro attack , Buffer…☆443Jul 11, 2017Updated 8 years ago
- MalRecon - Basic Malware Reconnaissance and Analysis Tool☆26Jun 8, 2017Updated 8 years ago
- Windows Privesc Check☆19May 20, 2014Updated 11 years ago
- CVE-2017-8570 Exploit☆21Aug 14, 2017Updated 8 years ago