aadityapurani / NodeJS-Red-Team-Cheat-SheetLinks
NodeJS Red-Team Cheat Sheet
☆220Updated 6 years ago
Alternatives and similar repositories for NodeJS-Red-Team-Cheat-Sheet
Users that are interested in NodeJS-Red-Team-Cheat-Sheet are comparing it to the libraries listed below
Sorting:
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆111Updated last year
- Python exploit for the CVE-2021-22204 vulnerability in Exiftool☆95Updated 4 years ago
- A python based blind SQL injection exploitation script☆139Updated 5 years ago
- ☆165Updated 5 years ago
- A pentesting tool that dumps the source code from .git even when the directory traversal is disabled☆229Updated 3 years ago
- Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.☆271Updated 8 months ago
- Phar + JPG Polyglot generator and playground (CTF CODE)☆94Updated 6 years ago
- That repository contains my updates to the well know java deserialization exploitation tool ysoserial.☆183Updated 3 years ago
- Security Testing Scripts for JWT☆318Updated 3 years ago
- This repo contains all the injections mentioned in my talk and enumerators.☆130Updated last year
- Workshop given at Hack in Paris 2019☆125Updated 2 years ago
- A simple NodeJS WebSocket WebApp vulnerable to blind SQL injection☆70Updated 4 years ago
- Damn Vulnerable Thick Client App developed in C# .NET☆157Updated 2 years ago
- Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.☆128Updated 2 years ago
- DNS rebinding toolkit☆255Updated 2 years ago
- This tool is for letting you know how strong your disable_functions is and how you can bypass that.☆138Updated 5 years ago
- Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473☆108Updated last year
- ☆132Updated 4 years ago
- This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …☆262Updated 2 years ago
- Stuff done in preparation for AWAE course and OSWE certification☆152Updated 4 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆640Updated last year
- Burpsuite plugin for Interact.sh☆227Updated last year
- Exploits targeting Symfony☆208Updated last year
- Common Web Managers Fuzz Wordlists☆175Updated 3 weeks ago
- A simple web app with a XXE vulnerability.☆228Updated 3 years ago
- PNG IDAT chunks XSS payload generator☆196Updated 2 years ago
- LFI Payloads List coolected from github repos☆83Updated 5 years ago
- This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests a…☆341Updated 4 years ago
- Wordlist to bruteforce for LFI☆125Updated 5 years ago
- Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)☆174Updated 4 years ago