aadityapurani / NodeJS-Red-Team-Cheat-Sheet

Related projects ⓘ

Alternatives and complementary repositories for NodeJS-Red-Team-Cheat-Sheet

• GoSecure / dtd-finder
  List DTDs and generate XXE payloads using those local DTDs.
  ☆614Updated 9 months ago
• cujanovic / CRLF-Injection-Payloads
  Payloads for CRLF Injection
  ☆217Updated last month
• ZephrFish / Wordlists
  Various Payload wordlists
  ☆235Updated 4 years ago
• defparam / tiscripts
  Turbo Intruder Scripts
  ☆216Updated 4 years ago
• 21y4d / blindSQLi
  A python based blind SQL injection exploitation script
  ☆136Updated 4 years ago
• 0xC01DF00D / Collabfiltrator
  Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
  ☆249Updated 3 weeks ago
• whitel1st / docem
  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
  ☆528Updated 9 months ago
• PortSwigger / portable-data-exfiltration
  This repo contains all the injections mentioned in my talk and enumerators.
  ☆121Updated 11 months ago
• daeken / SSRFTest
  SSRF testing tool
  ☆241Updated last year
• computer-engineer / WhiteboxPentest
  Whitebox source code review cheatsheet (Based on AWAE syllabus)
  ☆117Updated 2 years ago
• PortSwigger / upload-scanner
  HTTP file upload scanner for Burp Proxy
  ☆397Updated last year
• Static-Flow / BurpSuite-Team-Extension
  This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …
  ☆252Updated 2 years ago
• xer0times / BugBounty
  Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...
  ☆145Updated 4 years ago
• BuildHackSecure / gitscraper
  A tool which scrapes public github repositories for common naming conventions in variables, folders and files
  ☆286Updated 5 months ago
• wdahlenburg / interactsh-collaborator
  Burpsuite plugin for Interact.sh
  ☆198Updated 4 months ago
• pimps / ysoserial-modified
  That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
  ☆176Updated 2 years ago
• six2dez / burp-bounty-profiles
  Burp Bounty profiles compilation, feel free to contribute!
  ☆145Updated 3 years ago
• GainSec / GoldenNuggets-1
  Burp Extension for easily creating Wordlists
  ☆210Updated 3 years ago
• noperator / CVE-2019-18935
  RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
  ☆348Updated 2 years ago
• GoSecure / xxe-workshop
  Workshop given at Hack in Paris 2019
  ☆121Updated last year
• makuga01 / dnsFookup
  DNS rebinding toolkit
  ☆250Updated last year
• bao7uo / dp_crypto
  Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
  ☆165Updated 3 years ago
• assetnote / blind-ssrf-chains
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆804Updated 2 years ago
• s0j0hn / AWAE-OSWE-Prep
  ☆121Updated 3 years ago
• httpvoid / CVE-Reverse
  ☆278Updated 3 years ago
• nikitastupin / param-miner-doc
  Unofficial documentation for the great tool Param Miner
  ☆173Updated 2 years ago
• jbarone / xxelab
  A simple web app with a XXE vulnerability.
  ☆225Updated 3 years ago
• hussein98d / LFI-files
  Wordlist to bruteforce for LFI
  ☆118Updated 5 years ago
• epi052 / cve-2018-15473
  Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473
  ☆104Updated 6 months ago
• 0xtz / Enum_For_All
  ☆164Updated 4 years ago