Stealing CSRF tokens with CSS injection (without iFrames)
☆323Feb 7, 2018Updated 8 years ago
Alternatives and similar repositories for cssInjection
Users that are interested in cssInjection are comparing it to the libraries listed below
Sorting:
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- ☆332Jan 8, 2018Updated 8 years ago
- XSS in pastebin.com and reddit.com via unsanitized markdown output☆88Apr 24, 2018Updated 7 years ago
- Windows passwords decryption from dump files☆512Feb 2, 2023Updated 3 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆284Jul 22, 2017Updated 8 years ago
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 9 years ago
- Tool written in python3 to determine where the AV signature is located in a binary/payload☆315Mar 24, 2018Updated 7 years ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- A tiny and cute URL fuzzer☆402Nov 10, 2022Updated 3 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- ☆162Dec 7, 2017Updated 8 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- Autoexploitation of some of the most common vulnerabilities in wild☆124Jun 22, 2018Updated 7 years ago
- Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid…☆83Sep 19, 2017Updated 8 years ago
- Phishing on Twitter☆251Jun 21, 2018Updated 7 years ago
- A toolset to track and organize output of reconnaissance tools☆349Jan 3, 2018Updated 8 years ago
- Chrome < 62 uxss exploit (CVE-2017-5124)☆160Nov 14, 2017Updated 8 years ago
- An example of obtaining RCE via Redis and CSRF☆76Sep 11, 2016Updated 9 years ago
- RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: h…☆307Oct 18, 2017Updated 8 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- DNS Rebinding Exploitation Framework☆492Apr 27, 2021Updated 4 years ago
- Find interesting Amazon S3 Buckets by watching certificate transparency logs.☆1,802Feb 28, 2025Updated last year
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- Collection of social engineering payloads☆300Oct 19, 2017Updated 8 years ago
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆224Dec 7, 2022Updated 3 years ago
- Nameserver DNS poisoning attacks made easy☆524Feb 26, 2017Updated 9 years ago
- Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution☆395Oct 11, 2017Updated 8 years ago
- macOS 10.13.3 (17D47) Safari Wasm Exploit☆119Apr 19, 2018Updated 7 years ago
- ZIP File Raider - Burp Extension for ZIP File Payload Testing☆72Aug 31, 2020Updated 5 years ago
- Exploit code developed/reproduced by me☆89Jan 25, 2023Updated 3 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆628Feb 5, 2019Updated 7 years ago
- MSDAT: Microsoft SQL Database Attacking Tool☆989Aug 1, 2023Updated 2 years ago
- Script to test if a server is vulnerable to the JetLeak vulnerability☆144Jul 1, 2016Updated 9 years ago
- Interactive shellcoding environment to easily craft shellcodes☆909Feb 26, 2021Updated 5 years ago
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …☆260Aug 22, 2021Updated 4 years ago
- A Ruby framework designed to aid in the penetration testing of WordPress systems.☆1,044Nov 24, 2019Updated 6 years ago
- Tools for auditing WAFS☆464Nov 24, 2020Updated 5 years ago
- swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searc…☆528Jun 26, 2021Updated 4 years ago
- Remote Recon and Collection☆460Nov 23, 2017Updated 8 years ago