doyensec / Prototype-Pollution-Gadgets-FinderView external linksLinks
☆91Apr 29, 2024Updated last year
Alternatives and similar repositories for Prototype-Pollution-Gadgets-Finder
Users that are interested in Prototype-Pollution-Gadgets-Finder are comparing it to the libraries listed below
Sorting:
- For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)☆54Feb 26, 2025Updated 11 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆36Mar 4, 2025Updated 11 months ago
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- ☆138Nov 9, 2024Updated last year
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆158Jul 2, 2024Updated last year
- Atlassian Companion RCE Vulnerability Proof of Concept☆25Dec 15, 2023Updated 2 years ago
- The Most Advanced Client-Side Prototype Pollution Scanner☆245Feb 3, 2026Updated last week
- A collection of Server-Side Prototype Pollution gadgets and exploits☆222Feb 6, 2025Updated last year
- Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp…☆29Jul 21, 2024Updated last year
- WP Juicer Tool for quick scanning of confidential information on WordPress endpoints.☆10Apr 30, 2024Updated last year
- Exploit for CVE-2024-3273, supports single and multiple hosts☆13Apr 7, 2024Updated last year
- Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.☆12Feb 3, 2024Updated 2 years ago
- PAN-OS auth bypass + RCE☆47Nov 19, 2024Updated last year
- This repository stores some of my custom BCheck Scan configurations. Its goal is to identify intriguing elements that warrant further man…☆103Feb 9, 2024Updated 2 years ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆151Mar 31, 2025Updated 10 months ago
- Additional active scan checks for BURP☆28Oct 3, 2024Updated last year
- ☆520Apr 29, 2024Updated last year
- A rapid HTTP downgrade smuggling scanner written in Go.☆311May 16, 2024Updated last year
- Template Nuclei SSTI☆34Nov 18, 2025Updated 2 months ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆719Feb 3, 2026Updated last week
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆175Oct 26, 2024Updated last year
- Exploit Proof-of-Concept code for XAMPP v3.3.0 — '.ini' Buffer Overflow (Unicode + SEH)☆14Nov 1, 2023Updated 2 years ago
- SNMP Bash Script to discover valid community strings, dump basic information, check for write permission and check for RCE.☆11Apr 27, 2024Updated last year
- Burp Suite extension that enhances Burp Active Scan by adding template engine specific SSTI payloads.☆24Feb 20, 2024Updated last year
- IBM Maximo Asset Management is vulnerable to Information Disclosure via XXE Vulnerability (CVE-2020-4463)☆52Sep 19, 2023Updated 2 years ago
- Simple PoC for demonstrating Race Conditions on Websockets☆55Sep 14, 2023Updated 2 years ago
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens☆165Nov 29, 2024Updated last year
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆42Dec 16, 2024Updated last year
- This repo collects nuclei template from 600+ github repos, updates every 6 hours.☆34Jan 25, 2026Updated 2 weeks ago
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆90Feb 3, 2024Updated 2 years ago
- A tool to inspect and attack version 1 GUIDs☆239Oct 13, 2022Updated 3 years ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Nov 30, 2025Updated 2 months ago
- Probuster : A Python based Web Application Penetration testing tool for Information Gathering⚡.☆60Nov 22, 2024Updated last year
- APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and …☆363Mar 28, 2025Updated 10 months ago
- 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️☆227May 22, 2023Updated 2 years ago
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me☆18Aug 5, 2024Updated last year
- This repository offers insights and a proof-of-concept tool to exploit two significant deserialization vulnerabilities in Inductive Autom…☆46Dec 22, 2023Updated 2 years ago
- Ollama AI Analyzer runs directly on your local computer, using Ollama's AI models to analyze your HTTP requests and responses. This means…☆32Mar 1, 2025Updated 11 months ago
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago