staaldraad / turner

Related projects: ⓘ

• bayotop / off-by-slash
  Burp extension to detect alias traversal via NGINX misconfiguration at scale.
  ☆251Updated 2 years ago
• staaldraad / xxeserv
  A mini webserver with FTP support for XXE payloads
  ☆326Updated 8 months ago
• BishopFox / rmiscout
  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
  ☆420Updated 2 years ago
• vp777 / procrustes
  A bash script that automates the exfiltration of data over dns in case we have blind command execution on a server with egress filtering
  ☆209Updated 3 years ago
• pwntester / DupeKeyInjector
  DupeKeyInjector
  ☆134Updated 2 years ago
• redtimmy / Richsploit
  Exploitation toolkit for RichFaces
  ☆102Updated 10 months ago
• lc / 230-OOB
  An Out-of-Band XXE server for retrieving file contents over FTP.
  ☆171Updated 4 years ago
• silentsignal / burp-piper
  Piper Burp Suite Extender plugin
  ☆113Updated 6 months ago
• milo2012 / CVE-2018-13382
  CVE-2018-13382
  ☆145Updated 5 years ago
• STMCyber / RmiTaste
  RmiTaste allows security professionals to detect, enumerate, interact and exploit RMI services by calling remote methods with gadgets fro…
  ☆106Updated 3 years ago
• irsdl / httpninja
  HTTP.ninja
  ☆147Updated last year
• ZeddYu / HTTP-Smuggling-Lab
  Use HTTP Smuggling Lab to learn HTTP Smuggling.
  ☆343Updated last year
• 0xC01DF00D / Collabfiltrator
  Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
  ☆247Updated 2 years ago
• tismayil / ohmybackup
  Scan Victim Backup Directories & Backup Files
  ☆178Updated 11 months ago
• initstring / lxd_root
  Linux privilege escalation via LXD
  ☆129Updated 4 years ago
• moloch-- / burp-multiplayer
  Burp with Friends
  ☆99Updated last year
• nccgroup / CollaboratorPlusPlus
  ☆145Updated 2 years ago
• milo2012 / CVE-2018-13379
  CVE-2018-13379
  ☆250Updated 5 years ago
• regilero / HTTPWookiee
  HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…
  ☆49Updated 6 years ago
• duc-nt / CVE-2020-6287-exploit
  PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Or…
  ☆95Updated 4 years ago
• PortSwigger / command-injection-attacker
  SHELLING - a comprehensive OS command injection payload generator
  ☆104Updated 5 years ago
• Static-Flow / BurpSuite-Team-Extension
  This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes …
  ☆252Updated last year
• breaktoprotect / CVE-2017-12615
  POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.
  ☆112Updated last year
• devoteam-cybertrust / burpcollaborator-docker
  This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard cer…
  ☆279Updated 2 months ago
• BishopFox / GadgetProbe
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆581Updated 3 years ago
• JetP1ane / Affinis
  Recurrent Neural Network SubDomain Discovery Tool
  ☆90Updated 2 years ago
• soffensive / windowsblindread
  A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system
  ☆197Updated last year
• Regala / burp-scope-monitor
  Burp Suite Extension to monitor new scope
  ☆195Updated 3 years ago
• makuga01 / dnsFookup
  DNS rebinding toolkit
  ☆250Updated last year
• chipik / SAP_RECON
  PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)
  ☆215Updated 3 years ago
• rsrdesarrollo / generator-burp-extension
  Everything you need about Burp Extension Generation
  ☆151Updated last year