Category: Web Exploitation
sqlmapchik sqlmapchik is a cross-platform sqlmap GUI for the popular sqlmap tool. It is primarily aimed to be used on mobile devices (currently Android is supported). Installation (easy) The easiest way to install sqlmapchik...
PHP Vulnerability Hunter is an advanced whitebox PHP web application fuzzer that scans for several different classes of vulnerabilities via static and dynamic analysis. By instrumenting application code, PHP Vulnerability Hunter is able to...
What is CVE-2016-0792? Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and...
SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
User Agent: sometimes abbreviated as UA, the user agent is a browser text string that is given to each website you visit; containing information such as the browser version, compatibility, operating system, and any...
toxssin toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by...
Ermir Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). How does it work? java.rmi.registry.Registry offers 5 methods: list(), lookup(), bind(), rebind(), unbind(): public Remote lookup(String name): lookup()...
WebView2 Cookie Stealer The main advantage of using WebView2 for attackers is the rich functionality it provides when phishing for credentials and sessions. Stealing Chrome Cookies WebView2 allows you to launch with an existing...
EV: IDS Evasion via TCP/IP Packet Manipulation EV is a tool that allows you to craft TCP packets and leverage some well-known TCP/IP packet manipulation techniques to evade IDS devices. It supports HTTP protocol...
RedDrop Exfil Server RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers, Red Teamers, and Security Professionals which features: File Upload Automatic Payload Processing Automatic Archive Extraction JSON Logging Configurable Options...