Alternatives and similar repositories for scalpel

Users that are interested in scalpel are comparing it to the libraries listed below

• ambionics / lightyear
  lightyear is a tool to dump files in tedious (blind) conditions using PHP filters
  ☆105Updated 4 months ago
• codewhitesec / HttpRemotingObjRefLeak
  Additional resources for leaking and exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059)
  ☆90Updated last year
• usdAG / slipit
  Utility for creating ZipSlip archives
  ☆79Updated 2 years ago
• cyllective / oauth-labs
  oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
  ☆72Updated 10 months ago
• PortSwigger / splitting-the-email-atom
  ☆85Updated 3 months ago
• doyensec / Prototype-Pollution-Gadgets-Finder
  ☆89Updated last year
• c53elyas / CVE-2023-33733
  CVE-2023-33733 reportlab RCE
  ☆118Updated 2 years ago
• Moopinger / smugglefuzz
  A rapid HTTP downgrade smuggling scanner written in Go.
  ☆306Updated last year
• PortSwigger / server-side-prototype-pollution
  ☆39Updated 2 years ago
• snyk / socketsleuth
  Burp Extension to add additional functionality for pentesting websocket based applications
  ☆99Updated last month
• bytehope / wwe
  ☆23Updated 7 months ago
• c3l3si4n / quickcert
  A better way of querying certificate transparency logs
  ☆88Updated 6 months ago
• doyensec / CSPTBurpExtension
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
  ☆152Updated last year
• assetnote / exploits
  Repository to store exploits created by Assetnotes Security Research team
  ☆180Updated last year
• hackvertor / shadow-repeater
  ☆41Updated 4 months ago
• kljunowsky / XXElixir
  This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
  ☆81Updated last year
• AethliosIK / reset-tolkien
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆148Updated 10 months ago
• PortSwigger / url-cheatsheet-data
  This is the data that powers the PortSwigger URL validation bypass cheat sheet.
  ☆54Updated 3 weeks ago
• neex / ghostinthepdf
  ☆169Updated 4 years ago
• sinsinology / CVE-2024-4358
  Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)
  ☆77Updated last year
• BishopFox / ysoserial-bf
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆29Updated last year
• rs-loves-bugs / burp-browser-profiles
  Make better use of the embedded browser that comes by default with Burp
  ☆45Updated last year
• BKreisel / sqlmap-websocket-proxy
  Tool to enable blind sql injection attacks against websockets using sqlmap
  ☆66Updated 5 months ago
• Moopinger / CLZero
  A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
  ☆90Updated last year
• roughiz / lfito_rce
  LFI to RCE via phpinfo() assistance or via controlled log file
  ☆72Updated 2 years ago
• pentagridsec / PentagridScanController
  Improve automated and semi-automated active scanning in Burp Pro
  ☆62Updated 4 months ago
• wdahlenburg / interactsh-collaborator
  Burpsuite plugin for Interact.sh
  ☆227Updated last year
• ElSicarius / chunkloader
  A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs
  ☆73Updated 4 months ago
• nxenon / grpc-pentest-suite
  gRPC-Web Pentesting Suite + Burp Suite Extension / Hack gRPC-Web Applications (Official BApp Extension Available)
  ☆235Updated 3 weeks ago
• cfreal / ten
  A (small) web exploit framework
  ☆96Updated last month