rip1s / CTFHelper
A simple Burp extension for scanning stuffs in CTF
☆30Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for CTFHelper
- ☆34Updated 5 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆49Updated 5 years ago
- CVE-2019-9580 - StackStorm: exploiting CORS misconfiguration (null origin) to gain RCE☆32Updated 5 years ago
- Full TTY reverse shell over SSH☆57Updated 4 years ago
- Multithreaded Padding Oracle Attack on Oracle OAM (CVE-2018-2879)☆24Updated 5 years ago
- Proof of concept showing how to exploit the CVE-2018-11759☆41Updated 5 years ago
- CVE-2017-10271 WEBLOGIC RCE (TESTED)☆37Updated 6 years ago
- Burp extension☆57Updated 6 years ago
- XSS payloads for edge cases☆34Updated 6 years ago
- A simple scanner to find and brute force tomcat manager logins☆28Updated 4 years ago
- Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.☆57Updated 6 years ago
- miscellaneous security research stuff☆38Updated 5 years ago
- ☆41Updated 4 years ago
- Another plugin for CRLF vulnerability detection☆26Updated 7 years ago
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Updated 10 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆34Updated 8 years ago
- SSL VPN Rce☆53Updated 5 years ago
- CVE-2018-6574 POC : golang 'go get' remote command execution during source code build☆24Updated 2 years ago
- This is a filter bypass exploit that results in arbitrary file upload and remote code execution in class.upload.php <= 2.0.4☆36Updated 4 years ago
- PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM☆52Updated 6 years ago
- CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection☆24Updated 5 years ago
- YSOSERIAL Integration with burp suite☆40Updated 2 years ago
- Confluence Widget Connector path traversal (CVE-2019-3396)☆22Updated 5 years ago
- Study about HQL injection exploitation.☆49Updated 8 years ago
- ☆25Updated 7 years ago
- Parse X509 certificates to get the (sub)domains in it.☆28Updated 6 years ago
- CORS checking☆35Updated 6 years ago