Category: Web Exploitation
JS-Tap JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post-exploitation implant. The payload does...
Hakuin Hakuin is a Blind SQL Injection (BSQLI) inference optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract textual data in...
Session Hijacking Visual Exploitation Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code. Installation Prerequisites To run Session Hijacking Visual Exploitation, you will...
HTMLSmuggler HTMLSmuggler – JS payload generator for IDS bypass and payload delivery via HTML smuggling. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems,...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI server, LDAP server, and HTTP server. Using this tool allows you to get JNDI links, you can...
XSS Exploitation Tool It is a penetration testing tool that focuses on the exploitation of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against real environment Features Technical...
SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
Ghauri An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws Features Supports the following types of injection payloads: Boolean based. Error Based Time-Based Stacked Queries Support SQL...
toxssin toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by...
WebView2 Cookie Stealer The main advantage of using WebView2 for attackers is the rich functionality it provides when phishing for credentials and sessions. Stealing Chrome Cookies WebView2 allows you to launch with an existing...
EV: IDS Evasion via TCP/IP Packet Manipulation EV is a tool that allows you to craft TCP packets and leverage some well-known TCP/IP packet manipulation techniques to evade IDS devices. It supports HTTP protocol...
RedDrop Exfil Server RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers, Red Teamers, and Security Professionals which features: File Upload Automatic Payload Processing Automatic Archive Extraction JSON Logging Configurable Options...
ICG-AutoExploiterBoT OsCommerce Exploits 💥 – OsCommerce 2.x Core RCE Drupal Exploits 💥 – Drupal Add admin – Drupal BruteForcer – Drupal Geddon2 Exploit – Upload shell + Index Joomla Exploits 💥 – Joomla BruteForcer – RCE joomla...
http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends...
xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post: use fetch POST urlencoded...