JS-Tap JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post-exploitation...
Hakuin Hakuin is a Blind SQL Injection (BSQLI) inference optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently...
Session Hijacking Visual Exploitation Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code. Installation Prerequisites To run Session Hijacking...
HTMLSmuggler HTMLSmuggler – JS payload generator for IDS bypass and payload delivery via HTML smuggling. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls...
XSS Exploitation Tool It is a penetration testing tool that focuses on the exploitation of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against...
SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns...
toxssin toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for...
WebView2 Cookie Stealer The main advantage of using WebView2 for attackers is the rich functionality it provides when phishing for credentials and sessions. Stealing Chrome Cookies WebView2 allows you to...
EV: IDS Evasion via TCP/IP Packet Manipulation EV is a tool that allows you to craft TCP packets and leverage some well-known TCP/IP packet manipulation techniques to evade IDS devices....
RedDrop Exfil Server RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers, Red Teamers, and Security Professionals which features: File Upload Automatic Payload Processing Automatic Archive Extraction...
ICG-AutoExploiterBoT OsCommerce Exploits 💥 – OsCommerce 2.x Core RCE Drupal Exploits 💥 – Drupal Add admin – Drupal BruteForcer – Drupal Geddon2 Exploit – Upload shell + Index Joomla Exploits 💥 – Joomla...
http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as...
xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post:...
Smuggler An HTTP Request Smuggling / Desync testing tool written in Python 3. IMPORTANT This tool does not guarantee any false positives or false negatives. Just because a mutation may...
LazyCSRF LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing...
Support Securityonline.info site. Thanks!
