jzheaux / spel-injection
An intentionally-vulnerable application for demonstrating the hazards of SpEL expression composition
☆27Updated 6 years ago
Alternatives and similar repositories for spel-injection:
Users that are interested in spel-injection are comparing it to the libraries listed below
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆20Updated 7 months ago
- ☆26Updated last week
- Enhanced 403 bypass header☆21Updated 2 years ago
- tool that generates bypasses for open redirects☆52Updated 2 years ago
- vīlicus is a bug bounty api dashboard☆40Updated last year
- Bcheck scripts for Burp☆26Updated 7 months ago
- A collection of Burp Suite Lambda Filters ~ Bambdas☆26Updated 6 months ago
- Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.☆33Updated 3 years ago
- ☆94Updated 3 years ago
- Results from analyzing data gathered from 1.6 billion subdomains☆20Updated 5 months ago
- Make better use of the embedded browser that comes by default with Burp☆43Updated last year
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated 3 weeks ago
- A Burp Suite extension which augments your proxy traffic by injecting log4shell payloads into headers☆42Updated 3 years ago
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆20Updated 2 months ago
- A powerful Burp extension to make bounty rain☆14Updated 3 years ago
- ☆11Updated 2 years ago
- A Go tool that gets the newest PRs from projectdiscovery/nuclei-templates.☆54Updated last year
- A simple utility to generate domain names with all possible TLDs☆23Updated 2 years ago
- Web cache poisoning vulnerability scanner.☆65Updated 2 years ago
- URL scanner for recon, vulnerabilities, secrets and more!☆12Updated 3 years ago
- ☆60Updated 2 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆16Updated 4 years ago
- Chameleon Wordlists☆16Updated 2 years ago
- Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰☆22Updated last year
- Security Advisories☆32Updated last year
- ☆25Updated 2 years ago
- Burp extension to generate multi-step CSRF POC.☆29Updated 5 years ago
- ☆24Updated 4 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Updated 2 months ago
- Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.☆70Updated 3 years ago