assetnote / blind-ssrf-chains
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆802Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for blind-ssrf-chains
- List DTDs and generate XXE payloads using those local DTDs.☆608Updated 8 months ago
- Client Side Prototype Pollution Scanner☆511Updated 2 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆508Updated 9 months ago
- Fetches javascript file from a list of URLS or subdomains.☆738Updated last year
- HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite☆711Updated 3 years ago
- Content-Type Research☆539Updated 9 months ago
- ☆654Updated 2 years ago
- A cheatsheet for exploiting server-side SVG processors.☆692Updated 4 years ago
- Because just a dark theme wasn't enough!☆550Updated 2 years ago
- ☆528Updated 10 months ago
- Burp Extension for a passive scanning JS files for endpoint links.☆742Updated 7 months ago
- HackerOne "in scope" domains☆399Updated this week
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.☆355Updated 3 years ago
- Accept URLs on stdin, replace all query string values with a user-supplied value☆761Updated last year
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆668Updated last year
- HTTP file upload scanner for Burp Proxy☆397Updated last year
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…☆936Updated 4 months ago
- Gotator is a tool to generate DNS wordlists through permutations.☆453Updated 2 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆335Updated 2 months ago
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep☆1,209Updated last month
- A wordlist of API names for web application assessments☆756Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆585Updated 3 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆614Updated 6 months ago
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆872Updated 4 months ago
- Nuclei plugin for BurpSuite☆1,190Updated last month
- Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease appli…☆218Updated last month
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist☆1,246Updated 3 months ago
- Tool to help exploit XXE vulnerabilities☆542Updated last year
- ☆397Updated 2 years ago