dustyfresh / PHP-vulnerability-audit-cheatsheetLinks
This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
☆361Updated 10 months ago
Alternatives and similar repositories for PHP-vulnerability-audit-cheatsheet
Users that are interested in PHP-vulnerability-audit-cheatsheet are comparing it to the libraries listed below
Sorting:
- This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…☆290Updated 11 months ago
- ☆266Updated 6 years ago
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆404Updated this week
- All my infosec notes I have been building up over the years☆337Updated 10 months ago
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆398Updated 5 years ago
- Pentest/BugBounty progress control with scanning modules☆282Updated 5 years ago
- Lesser Known Web Attack Lab☆330Updated 5 years ago
- A collection of useful Serverless functions I use when pentesting☆391Updated 3 years ago
- DNS Rebinding Exploitation Framework☆495Updated 4 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆285Updated 8 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆303Updated 5 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆317Updated 2 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆359Updated 5 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆264Updated 4 years ago
- Probe a rendering engine for vulnerabilities and other features☆367Updated 4 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆224Updated 3 years ago
- Fuzzing Payloads to Assist in Web Application Testing.☆167Updated 6 years ago
- Simple python script to extract unsafe functions from php projects☆196Updated 7 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆561Updated 3 years ago
- SSRF testing tool☆244Updated 3 years ago
- The Bug Bounty Wiki☆171Updated 7 years ago
- A mini webserver with FTP support for XXE payloads☆341Updated 2 years ago
- bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.☆561Updated 2 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆632Updated 6 years ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆469Updated 6 years ago
- 🏴☠️ Bypass Same Origin Policy with DNS-rebinding to retrieve local server files 🏴☠️☆203Updated 6 years ago
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆458Updated 6 years ago
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …☆260Updated 4 years ago
- A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-s…☆439Updated 4 years ago
- stuff i'm willing to share with the world lol☆170Updated 3 years ago