lc/230-OOB

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/lc/230-OOB)

lc / 230-OOB

An Out-of-Band XXE server for retrieving file contents over FTP.

☆185

Alternatives and similar repositories for 230-OOB

Users that are interested in 230-OOB are comparing it to the libraries listed below

Sorting:

staaldraad / xxeserv
View on GitHub
A mini webserver with FTP support for XXE payloads
☆341Jan 3, 2024Updated 2 years ago
random-robbie / Jira-Scan
View on GitHub
CVE-2017-9506 - SSRF
☆190Feb 14, 2022Updated 4 years ago
TheTwitchy / xxer
View on GitHub
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
☆518Jul 29, 2020Updated 5 years ago
nashcontrol / bounty-monitor
View on GitHub
Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains …
☆224Dec 7, 2022Updated 3 years ago
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
GoSecure / break-fast-serial
View on GitHub
A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
☆55Mar 27, 2017Updated 8 years ago
federicodotta / HandyCollaborator
View on GitHub
Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!
☆104Jun 1, 2018Updated 7 years ago
neex / gifoeb
View on GitHub
exploit for ImageMagick's uninitialized memory disclosure in gif coder
☆284Jul 22, 2017Updated 8 years ago
lc / theftfuzzer
View on GitHub
TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
☆318May 22, 2023Updated 2 years ago
Z3R0th-13 / Profit
View on GitHub
Simple PowerShell enumeration script to look for interesting files
☆10Aug 26, 2019Updated 6 years ago
enjoiz / XXEinjector
View on GitHub
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
☆1,710Dec 1, 2024Updated last year
BuffaloWill / oxml_xxe
View on GitHub
A tool for embedding XXE/XML exploits into different filetypes
☆1,130Dec 16, 2024Updated last year
orangetw / Tiny-URL-Fuzzer
View on GitHub
A tiny and cute URL fuzzer
☆402Nov 10, 2022Updated 3 years ago
lc / jenkinz
View on GitHub
Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.
☆67Apr 25, 2025Updated 10 months ago
cosmoscrew / gomassdns
View on GitHub
A better dns bruteforcer written in golang
☆13Nov 4, 2018Updated 7 years ago
bayotop / off-by-slash
View on GitHub
Burp extension to detect alias traversal via NGINX misconfiguration at scale.
☆265Nov 18, 2021Updated 4 years ago
digininja / vuLnDAP
View on GitHub
A vulnerable LDAP based web app written in Golang
☆83Oct 31, 2023Updated 2 years ago
strozfriedberg / xxe-recursive-download
View on GitHub
☆231Nov 18, 2015Updated 10 years ago
Regala / burp-scope-monitor
View on GitHub
Burp Suite Extension to monitor new scope
☆200Mar 31, 2021Updated 4 years ago
InitRoot / shareAttack
View on GitHub
Automatically attack all file shares within AD network environment. Exploiting weak permissions.
☆17Aug 2, 2019Updated 6 years ago
FSecureLABS / dref
View on GitHub
DNS Rebinding Exploitation Framework
☆493Apr 27, 2021Updated 4 years ago
evilcos / xss.swf
View on GitHub
a tiny tool for swf hacking, just browse it:)
☆243Mar 13, 2013Updated 12 years ago
appsecco / spaces-finder
View on GitHub
A tool to hunt for publicly accessible DigitalOcean Spaces
☆156Jan 21, 2020Updated 6 years ago
tijme / angularjs-csti-scanner
View on GitHub
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
☆324Oct 20, 2021Updated 4 years ago
ni8walk3r / JWT-Exploitation
View on GitHub
Collection of different exploitation scenarios of JWT.
☆21Jul 23, 2021Updated 4 years ago
orangetw / awesome-jenkins-rce-2019
View on GitHub
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
☆607May 17, 2019Updated 6 years ago
inode- / AttackSelector
View on GitHub
Burp Suite Attack Selector Plugin
☆60Nov 23, 2017Updated 8 years ago
Yt1g3r / CVE-2019-3396_EXP
View on GitHub
CVE-2019-3396 confluence SSTI RCE
☆174Oct 1, 2020Updated 5 years ago
tomdev / teh_s3_bucketeers
View on GitHub
☆276Oct 19, 2021Updated 4 years ago
nccgroup / Decoder-Improved
View on GitHub
Improved decoder for Burp Suite
☆138Aug 30, 2021Updated 4 years ago
SpiderLabs / burplay
View on GitHub
Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid…
☆83Sep 19, 2017Updated 8 years ago
VirtueSecurity / aws-extender
View on GitHub
AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.
☆256Feb 23, 2022Updated 4 years ago
Coalfire-Research / java-deserialization-exploits
View on GitHub
A collection of curated Java Deserialization Exploits
☆591May 16, 2021Updated 4 years ago
maK- / parameth
View on GitHub
This tool can be used to brute discover GET and POST parameters
☆1,393Aug 24, 2019Updated 6 years ago
evict / poc_CVE-2018-1002105
View on GitHub
PoC for CVE-2018-1002105.
☆222Dec 21, 2018Updated 7 years ago
yassineaboukir / sublert
View on GitHub
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…
☆1,027Feb 5, 2021Updated 5 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆648Feb 21, 2024Updated 2 years ago
codingo / VHostScan
View on GitHub
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…
☆1,285Aug 18, 2025Updated 6 months ago
albinowax / ActiveScanPlusPlus
View on GitHub
ActiveScan++ Burp Suite Plugin
☆656Dec 16, 2025Updated 2 months ago