davidson679 / Bypass-Web-Application-FirewallsView external linksLinks
Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary …
☆145Oct 2, 2020Updated 5 years ago
Alternatives and similar repositories for Bypass-Web-Application-Firewalls
Users that are interested in Bypass-Web-Application-Firewalls are comparing it to the libraries listed below
Sorting:
- Subvenkon is a subdomain enumerator from Venkon☆23Jun 22, 2020Updated 5 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,484Oct 12, 2024Updated last year
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆674Jan 28, 2024Updated 2 years ago
- HackBar plugin for Burpsuite☆1,616Apr 15, 2021Updated 4 years ago
- Extract relative urls from a heap snapshot☆87May 30, 2021Updated 4 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,771Apr 26, 2024Updated last year
- Collection of Bug Bounty Tips☆65Dec 10, 2019Updated 6 years ago
- Tools and resources for web app hacking. The payloads.txt documents are a must have for your Burpsuite intruder payload armory. They've h…☆28Jun 10, 2019Updated 6 years ago
- 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。☆55Mar 10, 2020Updated 5 years ago
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆107Feb 11, 2019Updated 7 years ago
- A Burpsuite extension written in Python to perform basic validation fuzzing☆11Oct 7, 2022Updated 3 years ago
- Advanced shellcode injector for images supports BMP, GIF, EXIF (JPEG), and LSB (PNG) techniques. Includes XOR encoding, offset indexing, …☆25Jun 11, 2025Updated 8 months ago
- ☆27Mar 18, 2020Updated 5 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Sep 25, 2019Updated 6 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆59Jun 25, 2019Updated 6 years ago
- ☆162Dec 7, 2017Updated 8 years ago
- Exploit and detect tools for CVE-2020-0688☆356Mar 21, 2020Updated 5 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。☆502Jan 30, 2024Updated 2 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Everything you need about Burp Extension Generation☆157Jan 6, 2023Updated 3 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- Repository contains an online education portal filled with web vulnerabilities.☆21Jan 3, 2020Updated 6 years ago
- A curated list of amazingly awesome Burp Extensions☆3,360Feb 15, 2025Updated 11 months ago
- Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.☆1,035Feb 20, 2020Updated 5 years ago
- Quick SQLMap Tamper Suggester☆1,391Jul 18, 2022Updated 3 years ago
- CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4☆68Feb 3, 2020Updated 6 years ago
- Standalone version of my AES Powershell payload for Cobalt Strike.☆111Dec 27, 2019Updated 6 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- Fake框架的自动化Fuzz WAF/IDS 功能☆85Sep 19, 2019Updated 6 years ago
- A substitute repository put up on public demand for the original Awesome WAF repository (https://github.com/0xInfection/Awesome-WAF) whic…☆12May 3, 2019Updated 6 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,897Sep 27, 2021Updated 4 years ago
- DOM XSS scanner for Single Page Applications☆417Nov 15, 2025Updated 2 months ago
- A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers☆278Oct 29, 2018Updated 7 years ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆173Nov 11, 2020Updated 5 years ago
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- ☆23Mar 29, 2022Updated 3 years ago
- List out all of payload for security testing☆25May 2, 2022Updated 3 years ago
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆158Jul 10, 2025Updated 7 months ago