dustyfresh / PHP-vulnerability-audit-cheatsheet
This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
☆350Updated last month
Alternatives and similar repositories for PHP-vulnerability-audit-cheatsheet:
Users that are interested in PHP-vulnerability-audit-cheatsheet are comparing it to the libraries listed below
- This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…☆285Updated 2 months ago
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆314Updated last year
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆280Updated 7 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆220Updated 2 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆258Updated 3 years ago
- ☆264Updated 6 years ago
- A mini webserver with FTP support for XXE payloads☆329Updated last year
- Lesser Known Web Attack Lab☆330Updated 5 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆298Updated 4 years ago
- Simple python script to extract unsafe functions from php projects☆199Updated 7 years ago
- A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.☆396Updated 4 years ago
- Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions☆220Updated 3 years ago
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments☆245Updated 5 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆546Updated 2 years ago
- SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.☆254Updated 9 months ago
- SSRF testing tool☆244Updated 2 years ago
- A collection of useful Serverless functions I use when pentesting☆382Updated 2 years ago
- DNS Rebinding Exploitation Framework☆488Updated 3 years ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆306Updated 6 years ago
- File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.☆271Updated 4 years ago
- Linux post exploitation enumeration and exploit checking tools☆179Updated 4 years ago
- A tool to find and exploit servers vulnerable to Shellshock☆332Updated last year
- SSLScrape | A scanning tool for scaping hostnames from SSL certificates.☆331Updated 3 years ago
- All my infosec notes I have been building up over the years☆333Updated last month
- Automated blind-xss search for Burp Suite☆283Updated 5 years ago
- ☆326Updated 7 years ago
- Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)☆452Updated 5 years ago
- Utils☆267Updated 9 years ago
- kadimus is a tool to check and exploit lfi vulnerability.☆530Updated 4 years ago
- A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for…☆190Updated 4 years ago