Alternatives and similar repositories for scalpel:

Users that are interested in scalpel are comparing it to the libraries listed below

• usdAG / slipit
  Utility for creating ZipSlip archives
  ☆71Updated 2 years ago
• codewhitesec / HttpRemotingObjRefLeak
  Additional resources for leaking and exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059)
  ☆86Updated 11 months ago
• ambionics / lightyear
  lightyear is a tool to dump files in tedious (blind) conditions using PHP filters
  ☆83Updated 4 months ago
• pentagridsec / PentagridScanController
  Improve automated and semi-automated active scanning in Burp Pro
  ☆61Updated 2 years ago
• cyllective / oauth-labs
  oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
  ☆65Updated 3 months ago
• doyensec / Prototype-Pollution-Gadgets-Finder
  ☆87Updated 10 months ago
• fcavallarin / burp-dom-scanner
  Burp Suite's extension to scan and crawl Single Page Applications
  ☆102Updated last year
• rs-loves-bugs / burp-browser-profiles
  Make better use of the embedded browser that comes by default with Burp
  ☆43Updated last year
• 0xAwali / Blind-SSRF
  Nuclei Templates to reproduce Cracking the lens's Research
  ☆124Updated 3 years ago
• snyk / socketsleuth
  Burp Extension to add additional functionality for pentesting websocket based applications
  ☆91Updated 9 months ago
• Moopinger / CLZero
  A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
  ☆85Updated last year
• dbrwsky / Nuclei-BurpExtension
  Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.
  ☆118Updated last year
• PortSwigger / splitting-the-email-atom
  ☆74Updated 5 months ago
• cfreal / ten
  A (small) web exploit framework
  ☆83Updated last month
• PortSwigger / server-side-prototype-pollution
  ☆34Updated 2 years ago
• wfinn / redirex
  tool that generates bypasses for open redirects
  ☆52Updated 2 years ago
• c3l3si4n / quickcert
  A better way of querying certificate transparency logs
  ☆84Updated 3 months ago
• sinsinology / CVE-2024-4358
  Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)
  ☆75Updated 9 months ago
• roughiz / lfito_rce
  LFI to RCE via phpinfo() assistance or via controlled log file
  ☆61Updated 2 years ago
• Rhynorater / rebindMultiA
  ☆60Updated 2 years ago
• d3k4z / burp-copy-as-ffuf
  Burp Extension that copies a request and builds a FFUF skeleton
  ☆111Updated last year
• BishopFox / ysoserial-bf
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆26Updated last year
• doyensec / CSPTBurpExtension
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
  ☆132Updated 8 months ago
• sw33tLie / uff
  unleashed ffuf
  ☆111Updated 8 months ago
• synfron / ReshaperForBurp
  Burp Suite Extension - Trigger actions and reshape HTTP request/response and WebSocket traffic using configurable rules
  ☆99Updated 4 months ago
• kljunowsky / XXElixir
  This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
  ☆75Updated last year
• nullenc0de / Cognitohunter
  A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…
  ☆20Updated 2 months ago
• p0dalirius / CVE-2022-36446-Webmin-Software-Package-Updates-RCE
  A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
  ☆112Updated last month
• synacktiv / laravel-crypto-killer
  A tool designed to exploit bad implementations of decryption mechanisms in Laravel applications.
  ☆38Updated 4 months ago
• pimps / gopher-tomcat-deployer
  Gopher Tomcat Deployer
  ☆48Updated 6 years ago