devploit / XORpass
Encoder to bypass WAF filters using XOR operations.
☆248Updated 2 years ago
Alternatives and similar repositories for XORpass:
Users that are interested in XORpass are comparing it to the libraries listed below
- Scan Victim Backup Directories & Backup Files☆178Updated last year
- Exploit for Drupal 7 <= 7.57 CVE-2018-7600☆132Updated 6 years ago
- SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities☆184Updated 3 years ago
- ☆206Updated 3 years ago
- CVE-2020–14882、CVE-2020–14883☆283Updated 4 years ago
- Bypassing WAF by abusing SSL/TLS Ciphers☆312Updated 3 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆176Updated 4 years ago
- That repository contains my updates to the well know java deserialization exploitation tool ysoserial.☆177Updated 2 years ago
- Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.☆173Updated 3 years ago
- CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit☆155Updated 4 years ago
- exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts☆160Updated last year
- ☆127Updated 3 years ago
- Another way to bypass WAF Cheat Sheet (draft)☆418Updated 6 years ago
- SSRF plugin for burp Automates SSRF Detection in all of the Request☆565Updated 4 years ago
- cve-2020-0688☆322Updated last year
- ☆182Updated last year
- Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.☆261Updated this week
- jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).☆267Updated 2 weeks ago
- Combined port scanning w/ Masscan's speed & Nmap's scanning features.☆147Updated 2 years ago
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆513Updated 4 years ago
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆296Updated 5 years ago
- ☆281Updated 3 years ago
- A cli for cracking, testing vulnerabilities on Json Web Token(JWT)☆126Updated 2 months ago
- Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against …☆225Updated 3 years ago
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆110Updated 5 years ago
- J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tes…☆73Updated 3 years ago
- A Burp extension for generic extraction and reuse of data within HTTP requests and responses.☆91Updated 2 years ago
- MOGWAI LABS JMX exploitation toolkit☆198Updated last year
- Burp extension intended to compact Burp extension tabs by hijacking them to own tab.☆128Updated 4 years ago
- PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus☆172Updated 8 months ago