visma-prodsec / confused
Tool to check for dependency confusion vulnerabilities in multiple package management systems
β718Updated 8 months ago
Alternatives and similar repositories for confused:
Users that are interested in confused are comparing it to the libraries listed below
- Client Side Prototype Pollution Scannerβ518Updated 2 years ago
- β676Updated 2 years ago
- πͺ CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.β877Updated 3 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ866Updated 3 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devicesβ623Updated 5 months ago
- β539Updated 3 weeks ago
- Fetches javascript file from a list of URLS or subdomains.β766Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β632Updated last year
- β406Updated 3 years ago
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..eβ¦β971Updated 10 months ago
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.β378Updated 3 years ago
- Automated learning of regexes for DNS discoveryβ364Updated 2 years ago
- Content-Type Researchβ612Updated last year
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ811Updated 2 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelβ¦β964Updated 3 months ago
- Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.β684Updated last year
- HackerOne "in scope" domainsβ441Updated this week
- Security Testing Scripts for JWTβ312Updated 2 years ago
- Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlistsβ723Updated 2 years ago
- A simple SSRF-testing sheriff written in Goβ326Updated 5 months ago
- A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.β504Updated 2 years ago
- β377Updated last year
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)β715Updated 2 years ago
- This repository contains all the XSS cheatsheet data to allow contributions from the community.β420Updated 5 months ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,050Updated last week
- Automatic tool for DNS rebinding-based SSRF attacksβ299Updated 4 years ago
- Scrape domain names from SSL certificates of arbitrary hostsβ641Updated last year
- a javascript change monitoring tool for bugbountiesβ638Updated 8 months ago
- A wordlist of API names for web application assessmentsβ807Updated 2 months ago
- A tool to check a bunch of URLs that contain reflecting params.β568Updated 8 months ago