Stealing CSRF tokens with CSS injection (without iFrames)
☆322Feb 7, 2018Updated 8 years ago
Alternatives and similar repositories for cssInjection
Users that are interested in cssInjection are comparing it to the libraries listed below
Sorting:
- Abusing Self-XSS and Clickjacking to trigger XSS☆136Mar 18, 2017Updated 8 years ago
- XSS in pastebin.com and reddit.com via unsanitized markdown output☆88Apr 24, 2018Updated 7 years ago
- Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!☆104Jun 1, 2018Updated 7 years ago
- ☆332Jan 8, 2018Updated 8 years ago
- Tool written in python3 to determine where the AV signature is located in a binary/payload☆315Mar 24, 2018Updated 7 years ago
- Windows passwords decryption from dump files☆510Feb 2, 2023Updated 3 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆284Jul 22, 2017Updated 8 years ago
- Phishing on Twitter☆251Jun 21, 2018Updated 7 years ago
- Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid…☆83Sep 19, 2017Updated 8 years ago
- A toolset to track and organize output of reconnaissance tools☆348Jan 3, 2018Updated 8 years ago
- Nameserver DNS poisoning attacks made easy☆526Feb 26, 2017Updated 9 years ago
- A tiny and cute URL fuzzer☆402Nov 10, 2022Updated 3 years ago
- Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]☆305Oct 14, 2018Updated 7 years ago
- Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution☆394Oct 11, 2017Updated 8 years ago
- Autoexploitation of some of the most common vulnerabilities in wild☆124Jun 22, 2018Updated 7 years ago
- ☆162Dec 7, 2017Updated 8 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- DNS Rebinding Exploitation Framework☆493Apr 27, 2021Updated 4 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 7 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- Chrome < 62 uxss exploit (CVE-2017-5124)☆160Nov 14, 2017Updated 8 years ago
- Collection of social engineering payloads☆299Oct 19, 2017Updated 8 years ago
- An example of obtaining RCE via Redis and CSRF☆76Sep 11, 2016Updated 9 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: h…☆307Oct 18, 2017Updated 8 years ago
- Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.☆638Jul 16, 2023Updated 2 years ago
- Remote Recon and Collection☆459Nov 23, 2017Updated 8 years ago
- An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …☆260Aug 22, 2021Updated 4 years ago
- macOS 10.13.3 (17D47) Safari Wasm Exploit☆119Apr 19, 2018Updated 7 years ago
- This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtu…☆629Feb 5, 2019Updated 7 years ago
- JavaScript Reversed TCP Meterpreter Stager☆138May 25, 2017Updated 8 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …☆224Dec 7, 2022Updated 3 years ago
- RedSnarf is a pen-testing / red-teaming tool for Windows environments☆1,213Sep 14, 2020Updated 5 years ago
- Tools for auditing WAFS☆464Nov 24, 2020Updated 5 years ago
- An exploit for Apache Struts CVE-2018-11776☆302Aug 26, 2018Updated 7 years ago
- Find interesting Amazon S3 Buckets by watching certificate transparency logs.☆1,801Feb 28, 2025Updated 11 months ago
- Issues to consider when planning a red team exercise.☆616Aug 23, 2017Updated 8 years ago
- swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searc…☆527Jun 26, 2021Updated 4 years ago