Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary …
☆144Oct 2, 2020Updated 5 years ago
Alternatives and similar repositories for Bypass-Web-Application-Firewalls
Users that are interested in Bypass-Web-Application-Firewalls are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Subvenkon is a subdomain enumerator from Venkon☆22Jun 22, 2020Updated 6 years ago
- A Burpsuite extension written in Python to perform basic validation fuzzing☆11Oct 7, 2022Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,507Oct 12, 2024Updated last year
- ☆28Mar 18, 2020Updated 6 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆683Jan 28, 2024Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Extract relative urls from a heap snapshot☆87May 30, 2021Updated 5 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,807Apr 26, 2024Updated 2 years ago
- Tools and resources for web app hacking. The payloads.txt documents are a must have for your Burpsuite intruder payload armory. They've h…☆28Jun 10, 2019Updated 7 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Sep 25, 2019Updated 6 years ago
- HTML5 Training material for Attack and Secure training sessions.☆42Feb 25, 2023Updated 3 years ago
- HackBar plugin for Burpsuite☆1,630Apr 15, 2021Updated 5 years ago
- Exploits for some of the vulnerabilities I have discovered☆18Aug 3, 2020Updated 5 years ago
- Repository contains an online education portal filled with web vulnerabilities.☆21Jan 3, 2020Updated 6 years ago
- ☆11Aug 27, 2020Updated 5 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆106Feb 11, 2019Updated 7 years ago
- Collection of Bug Bounty Tips☆65Dec 10, 2019Updated 6 years ago
- 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。☆55Mar 10, 2020Updated 6 years ago
- Java After-Deserialization Attack☆78Apr 26, 2021Updated 5 years ago
- Standalone version of my AES Powershell payload for Cobalt Strike.☆111Dec 27, 2019Updated 6 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- ☆163Dec 7, 2017Updated 8 years ago
- List out all of payload for security testing☆24May 2, 2022Updated 4 years ago
- Keep track of changes in website with WEBSY☆35May 22, 2023Updated 3 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213May 19, 2020Updated 6 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,954Sep 27, 2021Updated 4 years ago
- Quick SQLMap Tamper Suggester☆1,407Jul 18, 2022Updated 3 years ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆175Nov 11, 2020Updated 5 years ago
- HTTP parameter discovery suite.☆93Apr 16, 2020Updated 6 years ago
- ☆13Jul 12, 2021Updated 4 years ago
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆124May 12, 2026Updated last month
- Everything you need about Burp Extension Generation☆157Jan 6, 2023Updated 3 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆60Jun 25, 2019Updated 7 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- DOM XSS scanner for Single Page Applications☆420Nov 15, 2025Updated 7 months ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆300Feb 12, 2023Updated 3 years ago
- Exploit and detect tools for CVE-2020-0688☆354Mar 21, 2020Updated 6 years ago
- CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4☆69Feb 3, 2020Updated 6 years ago
- 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。☆503Jan 30, 2024Updated 2 years ago
- Browser's XSS Filter Bypass Cheat Sheet☆1,155May 6, 2017Updated 9 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆619Mar 4, 2021Updated 5 years ago