dustyfresh / PHP-vulnerability-audit-cheatsheetLinks
This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
☆353Updated 2 months ago
Alternatives and similar repositories for PHP-vulnerability-audit-cheatsheet
Users that are interested in PHP-vulnerability-audit-cheatsheet are comparing it to the libraries listed below
Sorting:
- This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…☆287Updated 4 months ago
- ☆264Updated 6 years ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆315Updated 2 years ago
- Simple python script to extract unsafe functions from php projects☆199Updated 7 years ago
- DNS Rebinding Exploitation Framework☆488Updated 4 years ago
- SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.☆255Updated 2 weeks ago
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆396Updated 5 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆259Updated 3 years ago
- Lesser Known Web Attack Lab☆331Updated 5 years ago
- Utils☆267Updated 9 years ago
- A mini webserver with FTP support for XXE payloads☆332Updated last year
- Sample vulnerable code and its exploit code☆191Updated 4 years ago
- Pentest/BugBounty progress control with scanning modules☆281Updated 4 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆549Updated 2 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆219Updated 2 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆281Updated 7 years ago
- SSRF testing tool☆244Updated 2 years ago
- bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.☆539Updated 2 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆425Updated 5 years ago
- SSLScrape | A scanning tool for scaping hostnames from SSL certificates.☆331Updated 4 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆633Updated 6 years ago
- Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions☆221Updated 3 years ago
- Various Payload wordlists☆236Updated last month
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆401Updated last month
- Automated blind-xss search for Burp Suite☆285Updated 5 years ago
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments☆246Updated 5 years ago
- File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.☆274Updated 4 years ago
- A tool used to check if a CNAME resolves to the scope address. If the CNAME resolves to a non-scope address it might be worth checking ou…☆134Updated last year
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆454Updated 6 years ago
- ☆326Updated 7 years ago