Blinder Blidner is a small python library to automate time-based blind SQL injection by using pre-defined queries as a function to automate a rapid PoC development. Install pip install blidner...
Singularity of Origin Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name...
FDsploit FDsploit is a File inclusion & Directory Traversal fuzzer, enumeration & exploitation tool. Features The LFI-shell interface provides only the output of the file read or the command issued...
CORS Exploitation Framework (CEF) A proof-of-concept tool for conducting distributed exploitation of permissive CORS configurations. Install Install Redis and Python 3. Clone this repository: git clone https://github.com/lanmaster53/cef.git Install the dependencies. pip...
Dupe Key Injector Dupe Key Injector is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace”...
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW). A successful exploitation allows...
Web Exploitation / Web Vulnerability Analysis
by do son · Published August 30, 2019 · Last modified August 24, 2023
Tamper injection data Option: –tamper sqlmap itself does no obfuscation of the payload sent, except for strings between single quotes replaced by their CHAR()-alike representation. More information about programming you can find...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published August 29, 2019 · Last modified November 4, 2024
Today we introduce two batches of test injection point skills, this method can also be used for another FUZZ test. Use “Save items” to export HTTP/HTTPS packages to test Save...
Web Exploitation / Web Vulnerability Analysis
by do son · Published August 2, 2019 · Last modified May 1, 2024
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and...
Kubolt is a simple utility for scanning public unauthenticated kubernetes clusters and runs commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it...
XSS Fuzzer XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It...
Brutemap Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack. With this, you no longer need to search for...
Web Exploitation / Web Vulnerability Analysis
by do son · Published June 26, 2019 · Last modified May 1, 2024
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order...
VulnX 🕷️ CMS-Detector and Vulnerability Scanner & exec automatic exploit process. Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, information gathering and vulnerabilities...
Web Exploitation / WebApp PenTest
by do son · Published June 19, 2019 · Last modified November 4, 2024
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific...
Support Securityonline.info site. Thanks!
