This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
☆88Dec 29, 2023Updated 2 years ago
Alternatives and similar repositories for XXElixir
Users that are interested in XXElixir are comparing it to the libraries listed below
Sorting:
- HuntersEye is designed for Bug Bounty Hunters, and Security Researchers to monitor new subdomains and certificates for specified domains.…☆21Dec 29, 2023Updated 2 years ago
- Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit☆18Jun 3, 2024Updated last year
- Tool to retrieve Config from Redline C2 servers☆16Mar 14, 2023Updated 3 years ago
- My own Custom nuclei templates☆26Dec 8, 2021Updated 4 years ago
- Exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager☆15Jan 21, 2023Updated 3 years ago
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆374Jul 25, 2023Updated 2 years ago
- bounty collection☆41Sep 1, 2024Updated last year
- Cfd (Cloudflare detector) is a tool that allows you to check one or more domains to see if they are protected by CloudFlare or not. The c…☆17Mar 30, 2023Updated 2 years ago
- Discover hidden debugging parameters and uncover web application secrets☆246Feb 4, 2026Updated last month
- CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit☆26Dec 29, 2023Updated 2 years ago
- ☆19Jun 26, 2017Updated 8 years ago
- A collection of js analysis tools & scripts.☆19Mar 8, 2026Updated last week
- A handy plugin for copying requests/responses directly from Burp, some extra magic included.☆13Oct 15, 2021Updated 4 years ago
- WebDirScan is a tool for brute-forcing URIs (directories and files) on web servers by taking input directory to scan for files & director…☆11Mar 31, 2023Updated 2 years ago
- JS Finding can be used to extract JavaScript (JS) files from either a single domain URL or a list of domains. The tool supports various e…☆48Apr 29, 2024Updated last year
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- "XSS automation tool helps hackers identify and exploit cross-site scripting vulnerabilities in web apps. Tests for reflected and persist…☆92Jul 26, 2024Updated last year
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications☆1,297Aug 7, 2025Updated 7 months ago
- List of fresh and validated DNS resolvers updated every 12h.☆24Updated this week
- ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be …☆13May 10, 2022Updated 3 years ago
- ☆15Apr 5, 2023Updated 2 years ago
- The utility aims to clean up output generated by popular tools by calculating a hash based on specific JSON values to removing junk data.☆16Apr 5, 2024Updated last year
- BurpSuite extension to convert requests into bcheck scripts☆33Jul 18, 2023Updated 2 years ago
- ☆40Sep 21, 2025Updated 6 months ago
- Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second修复内存溢出等bug☆15Nov 25, 2023Updated 2 years ago
- Go scanner to find web cache poisoning vulnerabilities in a list of URLs☆147Feb 21, 2024Updated 2 years ago
- Identify virtual hosts by similarity comparison☆137Updated this week
- A fast tool to scan SAAS,PAAS App written in Go☆84Feb 13, 2023Updated 3 years ago
- Automated HTTP Request Repeating With Burp Suite☆39Apr 3, 2023Updated 2 years ago
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- A curated list wordlists for bruteforcing and fuzzing☆85Apr 3, 2023Updated 2 years ago
- Juniper Firewalls CVE-2023-36845 - RCE☆55Dec 29, 2023Updated 2 years ago
- List of custom Nuclei templates☆16Nov 4, 2023Updated 2 years ago
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆888May 3, 2023Updated 2 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆755Dec 19, 2023Updated 2 years ago
- time-based user enum via Basic Auth in Azure against Autodiscover☆34Oct 3, 2024Updated last year
- GATOR - GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments☆89Jun 22, 2024Updated last year
- ☆35Aug 2, 2022Updated 3 years ago
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆427Mar 9, 2026Updated last week