orf / xcat
XPath injection tool
☆367Updated last year
Related projects ⓘ
Alternatives and complementary repositories for xcat
- A mini webserver with FTP support for XXE payloads☆326Updated 10 months ago
- XXE Out of Band Server.☆169Updated last year
- ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)☆289Updated last year
- A collection of curated Java Deserialization Exploits☆590Updated 3 years ago
- Utils☆264Updated 8 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆573Updated 3 years ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆423Updated 4 years ago
- SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.☆444Updated 6 years ago
- a tiny tool for swf hacking, just browse it:)☆238Updated 11 years ago
- POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.☆113Updated 2 years ago
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆585Updated last year
- YSOSERIAL Integration with burp suite☆162Updated last year
- SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.☆253Updated 5 months ago
- A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by caus…☆425Updated 11 months ago
- Java deserialization exploitation lab.☆237Updated 5 years ago
- An Out-of-Band XXE server for retrieving file contents over FTP.☆174Updated 4 years ago
- ☆259Updated 5 years ago
- SHELLING - a comprehensive OS command injection payload generator☆438Updated 4 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆253Updated 3 years ago
- Exfiltrate blind remote code execution output over DNS via Burp Collaborator.☆249Updated 3 weeks ago
- Apache Tomcat auto WAR deployment & pwning penetration testing tool.☆415Updated 7 months ago
- HTTP file upload scanner for Burp Proxy☆483Updated 10 months ago
- Crack the shared secret of a HS256-signed JWT☆221Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆585Updated 3 years ago
- Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks☆233Updated 6 months ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆709Updated 5 years ago
- SQL Injection Payloads for Burp Suite, OWASP Zed Attack Proxy,...☆227Updated 4 years ago
- A unique automated LFi Exploiter with Bind/Reverse Shells☆267Updated 9 years ago
- RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities☆422Updated 2 years ago
- Central Repo for Burp extensions☆149Updated 3 years ago