chenjj / CORScanner
π― Fast CORS misconfiguration vulnerabilities scanner
β1,033Updated 2 years ago
Related projects: β
- SSRF (Server Side Request Forgery) testing resourcesβ2,335Updated last year
- Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.β1,459Updated this week
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the acβ¦β1,657Updated 4 months ago
- β950Updated 9 months ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.β1,508Updated 4 years ago
- Automatic SSRF fuzzer and exploitation toolβ2,937Updated 3 months ago
- List of XSS Vectors/Payloadsβ1,158Updated 3 weeks ago
- CSRF Scannerβ538Updated 2 months ago
- A tool for embedding XXE/XML exploits into different filetypesβ1,030Updated 2 months ago
- Automated HTTP Request Repeating With Burp Suiteβ839Updated 2 years ago
- Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease appliβ¦β924Updated this week
- Blind WAF identification toolβ598Updated 2 months ago
- A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.β791Updated 2 months ago
- Burp plugin able to find reflected XSS on page in real-time while browsing on siteβ1,114Updated 3 years ago
- latest version of scanners for IIS short filename (8.3) disclosure vulnerabilityβ1,411Updated last year
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ772Updated 2 years ago
- Quick SQLMap Tamper Suggesterβ1,329Updated 2 years ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.β1,866Updated this week
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed bβ¦β986Updated 3 years ago
- Burp Extension for a passive scanning JS files for endpoint links.β728Updated 5 months ago
- Simple websites vulnerable to Server Side Template Injections(SSTI)β373Updated last year
- List DTDs and generate XXE payloads using those local DTDs.β601Updated 6 months ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in various serversβ2,806Updated last year
- HackBar plugin for Burpsuiteβ1,520Updated 3 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!β603Updated 5 years ago
- Finds unknown classes of injection vulnerabilitiesβ626Updated 11 months ago
- HTTP file upload scanner for Burp Proxyβ479Updated 8 months ago
- This repository contains all the XSS cheatsheet data to allow contributions from the community.β398Updated 2 months ago
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filteringβ¦β1,295Updated this week
- Fetches javascript file from a list of URLS or subdomains.β735Updated last year