cnotin / RazorVulnerableApp
DO NOT USE: this is a vulnerable ASP.NET web app using Razor templating engine. The vulnerability is a Server-Side Template Injection (SSTI). For training and testing purposes.
☆26Updated 4 years ago
Related projects: ⓘ
- #BugBounty #BugBounty Tools #WebDeveloper Tool☆33Updated 4 years ago
- Exploits developed by Mikael Kall☆46Updated last year
- Broken Link Hijacking Burp Extension☆54Updated 5 years ago
- Gopher Tomcat Deployer☆47Updated 5 years ago
- CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE☆31Updated 4 years ago
- This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, …☆52Updated last year
- 该脚本为Citrix XenMobile 目录遍历漏洞(CVE-2020-8209)批量检测脚本。☆31Updated 3 years ago
- Burp Extension that lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap☆36Updated 2 years ago
- ☆33Updated 4 years ago
- ☆60Updated 5 years ago
- Burp extension to generate multi-step CSRF POC.☆29Updated 4 years ago
- Insecure Deserialization, PDF and lab☆17Updated 4 years ago
- PoC for CVE-2021-45897☆17Updated 2 years ago
- Hacking Artifactory with server side template injection☆50Updated 4 years ago
- Burp extension to filter JSON on the fly with JQ queries in the HTTP message viewer.☆42Updated 3 years ago
- A Burp extension to show the Collaborator client in a tab☆22Updated last year
- Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack☆39Updated last year
- Tool to try multiple paths for PHPunit RCE CVE-2017-9841☆26Updated 2 years ago
- ☆33Updated 2 years ago
- A Burp Suite extension to add a custom header (e.g. JWT)☆19Updated 2 years ago
- ☆35Updated 4 years ago
- The tool exfiltrates data from Couchbase database by exploiting N1QL injection vulnerabilities.☆72Updated 4 years ago
- A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications☆59Updated 3 years ago
- Tool is to check for Cache Deception Attack Both For Authenticated and UnAuthenticated Pages☆43Updated 2 years ago
- Subdomain finder☆10Updated last year
- client-side prototype pullution vulnerability scanner☆46Updated 3 years ago
- JSON Beautifier for Burp written in Java☆38Updated 4 years ago
- Messy BurpSuite plugin for SQL Truncation vulnerabilities.☆61Updated 4 years ago
- [XXE TOOL] Burp suite extension to detect requests contains XML☆9Updated 5 years ago
- A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code execution.☆5Updated last year