HTTP.ninja
☆148Sep 3, 2023Updated 2 years ago
Alternatives and similar repositories for httpninja
Users that are interested in httpninja are comparing it to the libraries listed below
Sorting:
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- Repo of useful scripts☆104Jun 30, 2020Updated 5 years ago
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆659Feb 1, 2025Updated last year
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- ☆46May 15, 2016Updated 9 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆736May 4, 2019Updated 6 years ago
- This changes the style of Burp Suite's Repeater tabs to help the testers☆29Jul 3, 2019Updated 6 years ago
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆279Feb 11, 2021Updated 5 years ago
- CVE-2017-9506 - SSRF☆190Feb 14, 2022Updated 4 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,483Oct 12, 2024Updated last year
- DupeKeyInjector☆134Apr 16, 2022Updated 3 years ago
- Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.☆80Jun 1, 2019Updated 6 years ago
- ☆707Nov 27, 2024Updated last year
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Scans tcl for command injection☆36May 24, 2019Updated 6 years ago
- Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.☆49Jul 20, 2022Updated 3 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- A tool to bruteforce nameservers when working with subdomain delegations to AWS.☆58Aug 22, 2019Updated 6 years ago
- ☆32May 30, 2019Updated 6 years ago
- Full TTY reverse shell over SSH☆59Jul 14, 2020Updated 5 years ago
- A tool to find sensitive keys and passwords in Travis logs☆139Jun 27, 2021Updated 4 years ago
- ☆148Feb 17, 2022Updated 4 years ago
- Reverse proxies cheatsheet☆1,855Nov 4, 2023Updated 2 years ago
- A collection of scripts to extend Burp Suite☆142Apr 8, 2019Updated 6 years ago
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆36Mar 1, 2023Updated 3 years ago
- Quickly Search Large DNS Datasets☆585Dec 21, 2020Updated 5 years ago
- ☆53Dec 3, 2025Updated 2 months ago
- Pathbrute☆456Jun 3, 2020Updated 5 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- DOM XSS scanner for Single Page Applications☆416Nov 15, 2025Updated 3 months ago
- List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.☆84Mar 23, 2018Updated 7 years ago
- secretz, minimizing the large attack surface of Travis CI☆324May 30, 2022Updated 3 years ago
- JWT fuzzer☆107Jul 24, 2018Updated 7 years ago
- Research on GraphQL from an AppSec point of view.☆418May 24, 2023Updated 2 years ago
- Multi Tool Subdomain Enumeration☆723Apr 11, 2021Updated 4 years ago
- Continuous monitoring for JavaScript files☆225Dec 29, 2019Updated 6 years ago
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆518Jul 29, 2020Updated 5 years ago