Stealing CSRF tokens with CSS injection (without iFrames)
☆324Feb 7, 2018Updated 8 years ago
Alternatives and similar repositories for cssInjection
Users that are interested in cssInjection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- ☆333Jan 8, 2018Updated 8 years ago
- XSS in pastebin.com and reddit.com via unsanitized markdown output☆88Apr 24, 2018Updated 8 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆284Jul 22, 2017Updated 8 years ago
- Windows passwords decryption from dump files☆512Feb 2, 2023Updated 3 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 9 years ago
- Tool written in python3 to determine where the AV signature is located in a binary/payload☆315Mar 24, 2018Updated 8 years ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆304Oct 14, 2018Updated 7 years ago
- A tiny and cute URL fuzzer☆402Nov 10, 2022Updated 3 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- ☆162Dec 7, 2017Updated 8 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- Autoexploitation of some of the most common vulnerabilities in wild☆124Jun 22, 2018Updated 7 years ago
- Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid…☆83Sep 19, 2017Updated 8 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Phishing on Twitter☆252Jun 21, 2018Updated 7 years ago
- A toolset to track and organize output of reconnaissance tools☆346Jan 3, 2018Updated 8 years ago
- Chrome < 62 uxss exploit (CVE-2017-5124)☆160Nov 14, 2017Updated 8 years ago
- An example of obtaining RCE via Redis and CSRF☆76Sep 11, 2016Updated 9 years ago
- A collection of curated Java Deserialization Exploits☆592May 16, 2021Updated 4 years ago
- RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: h…☆307Oct 18, 2017Updated 8 years ago
- Find interesting Amazon S3 Buckets by watching certificate transparency logs.☆1,803Feb 28, 2025Updated last year
- SSRF (Server Side Request Forgery) testing resources☆2,489Oct 12, 2024Updated last year
- DNS Rebinding Exploitation Framework☆492Apr 27, 2021Updated 5 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Collection of social engineering payloads☆299Oct 19, 2017Updated 8 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆223Dec 7, 2022Updated 3 years ago
- Nameserver DNS poisoning attacks made easy☆525Feb 26, 2017Updated 9 years ago
- macOS 10.13.3 (17D47) Safari Wasm Exploit☆120Apr 19, 2018Updated 8 years ago
- ZIP File Raider - Burp Extension for ZIP File Payload Testing☆72Aug 31, 2020Updated 5 years ago
- Exploit code developed/reproduced by me☆89Jan 25, 2023Updated 3 years ago
- Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution☆397Oct 11, 2017Updated 8 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆628Feb 5, 2019Updated 7 years ago
- Script to test if a server is vulnerable to the JetLeak vulnerability☆144Jul 1, 2016Updated 9 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Interactive shellcoding environment to easily craft shellcodes☆909Feb 26, 2021Updated 5 years ago
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …☆259Aug 22, 2021Updated 4 years ago
- MSDAT: Microsoft SQL Database Attacking Tool☆995Aug 1, 2023Updated 2 years ago
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,045Nov 24, 2019Updated 6 years ago
- swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searc…☆531Jun 26, 2021Updated 4 years ago
- Tools for auditing WAFS☆467Nov 24, 2020Updated 5 years ago
- Remote Recon and Collection☆460Nov 23, 2017Updated 8 years ago