ICG-AutoExploiterBoT OsCommerce Exploits 💥 – OsCommerce 2.x Core RCE Drupal Exploits 💥 – Drupal Add admin – Drupal BruteForcer – Drupal Geddon2 Exploit – Upload shell + Index Joomla Exploits 💥 – Joomla BruteForcer – RCE joomla...
http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends...
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration...
xsstools xsstools is an xss development framework, with the goal of making payload writing easier. Exfiltrators A collection of exfiltrators is available message: use postMessage get: use fetch GET post: use fetch POST urlencoded...
Smuggler An HTTP Request Smuggling / Desync testing tool written in Python 3. IMPORTANT This tool does not guarantee any false positives or false negatives. Just because a mutation may report OK does not...
LazyCSRF LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing....
XSS Fuzzer XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to...
sJET siberas JMX Exploitation Toolkit sJET allows easy exploitation of insecure configured JMX services. Download Prerequirement Jython 2.7 git clone https://github.com/siberas/sjet.git Usage SJET implements a CLI interface (using argparse): jython sjet.py targetHost targetPort password MODE (modeOptions)...
XIP XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc. Below are the implemented transformations: Hexadecimal Decimal Octal IPV4 to...
Galileo – Web Application Audit Framework Galileo is an open source penetration testing tool for the web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. Installation $...
