oppsec / pwnfaces
π Primefaces 5.X EL Injection Exploit (CVE-2017-1000486)
β18Updated last year
Alternatives and similar repositories for pwnfaces:
Users that are interested in pwnfaces are comparing it to the libraries listed below
- π WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.β26Updated last year
- β46Updated 2 years ago
- Wolfy AV Bypasserβ28Updated 2 years ago
- BurpSuite extension to convert requests into bcheck scriptsβ31Updated last year
- https://github.com/ManhNho/AWAE-OSWEβ11Updated 4 years ago
- A websocket-based reverse (javascript) shell for XSS attacks.β29Updated 2 years ago
- Just some random small tools for dealing with asp.net Forms Authentication Cookiesβ23Updated 3 years ago
- β25Updated last week
- Scan for and exploit the zerologon vulnerability.β10Updated 4 years ago
- β43Updated last year
- A Python based ingestor for BloodHoundβ83Updated 2 years ago
- An offensive security tool used to enumerate and spray passwords for O365 accounts on both Managed and Federated AD services.β48Updated 2 years ago
- PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)β87Updated 2 years ago
- Pipe nmap verbose output to a usable format for httpx or host:port notation.β16Updated 2 years ago
- This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"β26Updated 6 years ago
- crtdumper is a Go application designed to interact directly with Certificate Transparency (CT) logs servers and extract domain names froβ¦β26Updated 9 months ago
- An MS Sharepoint and Frontpage Auditing Toolβ48Updated 4 months ago
- A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.β36Updated 2 years ago
- Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shellβ21Updated 3 years ago
- Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.β70Updated 3 years ago
- User enumeration and password spraying tool for testing Azure ADβ69Updated 3 years ago
- β7Updated last year
- A better way of querying certificate transparency logsβ84Updated 3 months ago
- Quickly find all identities someone has used on their Github commitsβ15Updated 8 months ago
- Get SYSTEM via SeDebugPrivilegeβ20Updated 2 years ago
- γπ₯γCVE-2022-33891 - Apache Spark Command Injectionβ26Updated 2 years ago
- WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticalsβ¦β65Updated last year
- Statically compiled nmap with scriptingβ12Updated 3 years ago
- Script for Bug Bountyβ28Updated 3 years ago
- β33Updated 2 years ago