assetnote / blind-ssrf-chainsLinks
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆872Updated 3 years ago
Alternatives and similar repositories for blind-ssrf-chains
Users that are interested in blind-ssrf-chains are comparing it to the libraries listed below
Sorting:
- List DTDs and generate XXE payloads using those local DTDs.☆629Updated last year
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆617Updated last year
- Because just a dark theme wasn't enough!☆563Updated 5 months ago
- Content-Type Research☆619Updated last year
- ☆678Updated 2 years ago
- HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite☆748Updated 4 years ago
- Fetches javascript file from a list of URLS or subdomains.☆775Updated 2 years ago
- Client Side Prototype Pollution Scanner☆519Updated 2 years ago
- A cheatsheet for exploiting server-side SVG processors.☆734Updated 4 years ago
- ☆539Updated 2 months ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆624Updated 6 months ago
- HackerOne "in scope" domains☆446Updated this week
- This repository contains all the XSS cheatsheet data to allow contributions from the community.☆420Updated last week
- Accept URLs on stdin, replace all query string values with a user-supplied value☆818Updated 2 years ago
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆976Updated last month
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…☆973Updated 11 months ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆363Updated 9 months ago
- Burp Extension for a passive scanning JS files for endpoint links.☆784Updated last year
- A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.☆508Updated 2 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,367Updated last month
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep☆1,315Updated 8 months ago
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆727Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆599Updated 4 years ago
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)☆730Updated 3 years ago
- A wordlist of API names for web application assessments☆819Updated 3 months ago
- Gotator is a tool to generate DNS wordlists through permutations.☆478Updated 2 years ago
- Nuclei plugin for BurpSuite☆1,255Updated 8 months ago
- Simple websites vulnerable to Server Side Template Injections(SSTI)☆391Updated 2 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆978Updated 5 months ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆69Updated last year