RFD Checker - security CLI tool to test Reflected File Download issues
☆64Feb 26, 2019Updated 7 years ago
Alternatives and similar repositories for rfd-checker
Users that are interested in rfd-checker are comparing it to the libraries listed below
Sorting:
- Compilation of JavaScript XSS oneliners payloads that rocks your nuts!☆24Jul 14, 2017Updated 8 years ago
- Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.☆63Feb 26, 2019Updated 7 years ago
- Burp plugin to do random fuzzing of HTTP requests☆33Jan 31, 2017Updated 9 years ago
- Burp plugin that clusters responses to show an overview of received responses☆15Jun 7, 2019Updated 6 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆55Mar 27, 2017Updated 8 years ago
- Everything you need to exploit overly permissive crossdomain.xml files☆86Nov 12, 2014Updated 11 years ago
- Enumerate subdomains through Virustotal☆32Nov 2, 2019Updated 6 years ago
- An extension for BurpSuite that highlights SSO messages in Burp's proxy window..☆120Apr 26, 2021Updated 4 years ago
- Disposable Kali Linux containers for Mercury ISS / pentesting engagements.☆38Aug 21, 2019Updated 6 years ago
- OWASP Skanda - SSRF Exploitation Framework☆38Jul 6, 2013Updated 12 years ago
- ☆14May 17, 2018Updated 7 years ago
- A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __…☆12Jun 29, 2015Updated 10 years ago
- ☆13Jun 13, 2017Updated 8 years ago
- HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit☆26Jan 15, 2017Updated 9 years ago
- Webshell for Razor Syntax (C#)☆19May 5, 2017Updated 8 years ago
- Practice Web App written in python with some vulnerabilities.☆34Mar 19, 2021Updated 4 years ago
- ☆86Feb 28, 2017Updated 9 years ago
- PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM☆52Mar 14, 2018Updated 7 years ago
- Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules☆161Feb 2, 2023Updated 3 years ago
- A tool to hunt for publicly accessible DigitalOcean Spaces☆156Jan 21, 2020Updated 6 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 8 years ago
- Evil snippets of Underhanded Red Team tactics☆11Jul 5, 2017Updated 8 years ago
- DerbyCon 2017 Presentation VMware Escapology: How to Houdini the Hypervisor☆58Nov 28, 2017Updated 8 years ago
- Ruby command-line interface to Burp Suite's REST API☆58Apr 1, 2020Updated 5 years ago
- A tool for fetching archived URLs (to be rewritten in Go).☆41Jul 19, 2018Updated 7 years ago
- Updated version of SWFIntruder☆27Aug 16, 2016Updated 9 years ago
- Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.☆44Aug 7, 2020Updated 5 years ago
- The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and ai…☆13Dec 17, 2018Updated 7 years ago
- Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website☆140Apr 29, 2020Updated 5 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid…☆83Sep 19, 2017Updated 8 years ago
- Burp Extender plugin that generates a sitemap of a website using Wayback Machine☆227May 8, 2018Updated 7 years ago
- Plaintext Password harvesting from Azure Windows VMs☆68Mar 19, 2018Updated 7 years ago
- Stealing CSRF tokens with CSS injection (without iFrames)☆322Feb 7, 2018Updated 8 years ago
- Very crude and poorly written HTTP(s) and SMTP bin☆95Dec 23, 2020Updated 5 years ago
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 8 years ago
- An intentionally designed broken web application based on REST API☆13May 25, 2022Updated 3 years ago
- Subdomain brute force focused on speed and data serialization☆75Dec 27, 2022Updated 3 years ago
- ☆17Sep 14, 2017Updated 8 years ago