pFuzz: bypass web application firewall
What is pFuzz pFuzz is a tool developed in the python language to have advanced fuzzing capability in web application research. Since the application has a modular structure, it has...
Category: Web Exploitation
XSScope: Modern Browser exploitation via XSS
XSScope Go beyond the alert XSScope is one of the most advanced GUI Frameworks for XSS Client-side attacks. It can perform different XSS attacks and HTML Injections in real-time. Features...
RAT: vulnerability detection approach for testing web application firewalls
RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls Abstract Due to the increasing sophistication of web attacks, Web Application Firewalls (WAFs) have to be tested and...
MySQL Fake Server: fake MySQL Server used for penetration
MySQL Fake Server A fake MySQL Server used for penetration, which is implemented by native python3 with out any other dependency package. Use MySQL Client Arbitrary File Reading Exploit MySQL...
WAF-A-MoLE: guided mutation-based fuzzer for ML-based Web Application Firewalls
WAF-A-MoLE A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic...
mole: identifying and exploiting out-of-band (OOB) vulnerabilities
Mole A framework for identifying and exploiting out-of-band application vulnerabilities. Installation & Setup Mole Install Python >= 3.6 git clone https://github.com/ztgrace/mole.git virtualenv -p /usr/bin/python3 venv source venv/bin/activate ./venv/bin/pip3 install -r...
vulmap v0.9 releases: Web vulnerability scanning and verification tools
Vulmap – Web vulnerability scanning and verification tools Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other...
N1QLMap: exfiltrates data from Couchbase database
N1QLMap N1QLMap is an N1QL exploitation tool. Currently works with the Couchbase database. The tool supports data extraction and performing SSRF attacks via CURL. More information can be found here. Download...
RmiTaste: detect, enumerate, interact and attack RMI services
RmiTaste RmiTaste allows security professionals to detect, enumerate, interact, and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows calling remote methods with specific parameters....
xxexploiter: Tool to help exploit XXE vulnerabilities
XXExploiter It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration. Some notes: If you choose to use OOB or...
weblogicScanner: weblogic Vulnerability Scanning Tool
weblogicScaner weblogic Vulnerability Scanning Tool. If there is an unrecorded and open POC vulnerability, please submit the issue. Some bug fixes were made, some POC did not take effect or...
Vailyn v3.3.2-1 releases: phased, evasive Path Traversal scanning & exploitation tool
Vailyn Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal/directory climbing vulnerabilities. It is built to make it as performant as possible and to offer a wide...
rmiscout v1.4 releases: enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
RMIScout RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String),...
JSshell v3.1 releases: JavaScript reverse shell for exploiting XSS remotely or finding blind XSS
JSshell JSshell – a JavaScript reverse shell. This using to exploit XSS remotely, help to find blind XSS, … This tool works for both Unix and Windows operating systems and...
JNDI-Injection-Exploit: exploit JNDI Injection vulnerability
JNDI-Injection-Exploit JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting the RMI server, LDAP server, and HTTP server. RMI server and LDAP server are...
