frizb / Bypassing-Web-Application-FirewallsView external linksLinks
A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers
☆278Oct 29, 2018Updated 7 years ago
Alternatives and similar repositories for Bypassing-Web-Application-Firewalls
Users that are interested in Bypassing-Web-Application-Firewalls are comparing it to the libraries listed below
Sorting:
- Hand list of Powershell commands frequently used during penetration tests☆15Oct 14, 2018Updated 7 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆297Jun 10, 2019Updated 6 years ago
- A collection of curated Java Deserialization Exploits☆592May 16, 2021Updated 4 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,484Oct 12, 2024Updated last year
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.☆822Dec 6, 2017Updated 8 years ago
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆518Jul 29, 2020Updated 5 years ago
- A PoC Java Stager which can download, compile, and execute a Java file in memory.☆108Aug 6, 2018Updated 7 years ago
- ☆16Feb 26, 2018Updated 7 years ago
- Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple ac…☆510Apr 22, 2018Updated 7 years ago
- ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6☆217Aug 17, 2017Updated 8 years ago
- DNS-Persist is a post-exploitation agent which uses DNS for command and control.☆208Nov 20, 2017Updated 8 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- Automatic bypass (brute force) waf☆994Mar 9, 2022Updated 3 years ago
- Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.☆224Oct 16, 2023Updated 2 years ago
- Code-Audit-Challenges☆991Nov 17, 2018Updated 7 years ago
- Collection of scripts that aid in penetration testing of JSON Web Tokens☆59Feb 2, 2019Updated 7 years ago
- A collection of pentest and development tips☆1,126May 26, 2022Updated 3 years ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.☆1,704Dec 1, 2024Updated last year
- Detect and bypass web application firewalls and protection systems☆2,868Aug 11, 2024Updated last year
- NodeXP - A Server Side Javascript Injection tool capable of detecting and exploiting Node.js vulnerabilities☆108Jan 31, 2025Updated last year
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆220Updated this week
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- OWASP Skanda - SSRF Exploitation Framework☆38Jul 6, 2013Updated 12 years ago
- Tool written in python3 to determine where the AV signature is located in a binary/payload☆315Mar 24, 2018Updated 7 years ago
- a passive scanner based on Mitmproxy and Arachni☆109Aug 17, 2017Updated 8 years ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆799Nov 7, 2021Updated 4 years ago
- WEB SERVICE SECURITY ASSESSMENT TOOL☆390Sep 24, 2021Updated 4 years ago
- Notes on Active Directory analysis and exploitation☆11Mar 7, 2019Updated 6 years ago
- Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account ha…☆502Aug 7, 2020Updated 5 years ago
- A Python Framework For NoSQL Scanning and Exploitation☆601Dec 6, 2024Updated last year
- Hunting Bugs for Fun and Profit☆272Jul 29, 2020Updated 5 years ago
- RFD Checker - security CLI tool to test Reflected File Download issues☆64Feb 26, 2019Updated 6 years ago
- ☆2,315Dec 8, 2023Updated 2 years ago
- Collection of social engineering payloads☆299Oct 19, 2017Updated 8 years ago
- 💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002☆353Mar 29, 2019Updated 6 years ago
- A simple dns resolver of dns-record and web-record log server for pentesting☆132Nov 7, 2017Updated 8 years ago