visma-prodsec / confused
Tool to check for dependency confusion vulnerabilities in multiple package management systems
β684Updated 3 weeks ago
Related projects: β
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ772Updated 2 years ago
- πͺ CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.β812Updated 11 months ago
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.β351Updated 2 years ago
- β647Updated 2 years ago
- Client Side Prototype Pollution Scannerβ507Updated 2 years ago
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..eβ¦β925Updated 2 months ago
- Fetches javascript file from a list of URLS or subdomains.β735Updated last year
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devicesβ608Updated 5 months ago
- β362Updated 2 years ago
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ745Updated last year
- β527Updated 9 months ago
- Content-Type Researchβ464Updated 7 months ago
- Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlistsβ686Updated last year
- Go client to communicate with Chaos DB API.β621Updated this week
- Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.β640Updated 8 months ago
- Generates combination of domain names from the provided input.β886Updated 2 months ago
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technologyβ¦β540Updated last week
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one plβ¦β853Updated 3 months ago
- List DTDs and generate XXE payloads using those local DTDs.β601Updated 6 months ago
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)β637Updated 2 years ago
- A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.β488Updated 2 years ago
- A cheatsheet for exploiting server-side SVG processors.β672Updated 4 years ago
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grepβ1,185Updated this week
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filteringβ¦β1,295Updated this week
- a javascript change monitoring tool for bugbountiesβ579Updated last month
- declutters url lists for crawling/pentestingβ1,114Updated 3 months ago
- π― Open Redirect Payload Listβ509Updated 2 months ago
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-iconβ1,029Updated 7 months ago
- Automated learning of regexes for DNS discoveryβ350Updated last year
- β950Updated 9 months ago