dustyfresh / PHP-vulnerability-audit-cheatsheet
This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
☆346Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for PHP-vulnerability-audit-cheatsheet
- This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…☆280Updated 3 months ago
- Simple python script to extract unsafe functions from php projects☆195Updated 6 years ago
- ☆259Updated 5 years ago
- Pentest/BugBounty progress control with scanning modules☆282Updated 4 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆278Updated 7 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆220Updated last year
- Automatic tool for DNS rebinding-based SSRF attacks☆293Updated 4 years ago
- SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.☆253Updated 4 months ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆253Updated 2 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆530Updated 2 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆423Updated 4 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆308Updated last year
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆394Updated 4 years ago
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆390Updated 3 months ago
- SSRF testing tool☆241Updated last year
- Payloads for CRLF Injection☆215Updated 3 weeks ago
- kadimus is a tool to check and exploit lfi vulnerability.☆514Updated 4 years ago
- A mini webserver with FTP support for XXE payloads☆326Updated 10 months ago
- SSLScrape | A scanning tool for scaping hostnames from SSL certificates.☆329Updated 3 years ago
- A simple SSRF-testing sheriff written in Go☆315Updated last week
- Sample vulnerable code and its exploit code☆189Updated 3 years ago
- Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.☆302Updated 3 years ago
- Burp Suite Extension to monitor new scope☆195Updated 3 years ago
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆443Updated 5 years ago
- Linux privilege escalation checks (systemd, dbus, socket fun, etc)☆288Updated 5 years ago
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments☆242Updated 5 years ago
- Fuzzing Payloads to Assist in Web Application Testing.☆166Updated 5 years ago
- ☆318Updated 6 years ago
- All my infosec notes I have been building up over the years☆328Updated 3 years ago