oppsec / tomcter
πΉ Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.
β100Updated 6 months ago
Related projects: β
- Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluenceβ73Updated 11 months ago
- CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POCβ117Updated last year
- The Template Injection Table is intended to help during the testing of an application for template injection vulnerabilities.β56Updated 6 months ago
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectorsβ84Updated 7 months ago
- CVE Collection of jQuery UI XSS Payloadsβ110Updated last year
- A command-line utility for performing reverse DNS lookupsβ57Updated last year
- Unofficial Acunetix CLI tool for automated pentesting and bug hunting across large scopes.β70Updated 10 months ago
- PoC for CVE-2022-40684 - Authentication bypass lead to Full device takeover (Read-only)β87Updated last year
- Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HEβ52Updated 7 months ago
- WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticalsβ¦β58Updated 8 months ago
- WEB-Wordlist-Generator creates related wordlists after scanning your web applications.β41Updated 3 months ago
- GeoServer Remote Code Executionβ69Updated last month
- CVE-2024-21893: SSRF Vulnerability in Ivanti Connect Secureβ91Updated 7 months ago
- This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.β68Updated 8 months ago
- Openfire Console Authentication Bypass Vulnerability with RCE pluginβ41Updated 6 months ago
- phpMyAdmin XSSβ113Updated 2 years ago
- Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)β71Updated 3 months ago
- Authentication Bypass in GoAnywhere MFTβ63Updated 7 months ago
- Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers.β34Updated last year
- Encoder PHP webshell to bypass WAF using XOR operations.β52Updated last year
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokensβ134Updated 3 months ago
- Proviesec Fuzz Scanner - dir/path web scannerβ98Updated 2 weeks ago
- Repo for hosting rayder workflowsβ55Updated last year
- β74Updated 4 months ago
- BChecks collection for Burp Suite Professionalβ82Updated 3 months ago
- Check subdomains for subdomain takeovers and other DNS tomfooleryβ96Updated this week
- Ghostscript command injection vulnerability PoC (CVE-2023-36664)β116Updated last year
- A rapid HTTP downgrade smuggling scanner written in Go.β242Updated 4 months ago
- Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.β41Updated 6 months ago
- Reverse shell that can bypass windows defender detectionβ151Updated 7 months ago