[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
Category: Web Exploitation
vault_scanner: swiss army knife for hackers
VAULT Swiss army knife for hackers Features Scan website for the following vulnerabilities XSS LFI RFI SQLi Scanner Port scanning : ACK, FIN, NULL, XMAS IP scanning : Ping Sweep,...
xless: The Serverless Blind XSS App
XLESS – The Serverless Blind XSS App xless is a serverless blind XSS app that can be used to identify blind XSS vulnerabilities using your own deployed version of the app. There...
sjet: siberas JMX exploitation toolkit
sJET siberas JMX Exploitation Toolkit sJET allows easy exploitation of insecure configured JMX services. Download Prerequirement Jython 2.7 git clone https://github.com/siberas/sjet.git Usage SJET implements a CLI interface (using argparse): jython sjet.py targetHost...
shodansploit: find interesting things all over the world via Shodan engine
shodansploit Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports...
Seccubus v2.53.1 releases: automated vulnerability scanning, reporting and analysis
Seccubus Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On...
wafpass: Analysing parameters with all payloads’ bypass methods
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to...
JSONBee: use JSONP endpoints/payloads to help bypass content security policy
JSONBee A ready to use JSONP endpoints to help bypass the content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be...
beef v0.5.4 releases: The Browser Exploitation Framework
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF...
viewgen: generating both signed and encrypted payloads with leaked validation keys
viewgen ASP.NET ViewState Generator viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. Install git clone https://github.com/0xACB/viewgen.git pip3 install...
abuse-ssl-bypass-waf: Bypassing WAF by abusing SSL/TLS Ciphers
abuse-ssl-bypass-waf Helping you find the SSL/TLS Cipher that WAF cannot decrypt and Server can decrypt same time Referer article Idea Download git clone https://github.com/LandGrey/abuse-ssl-bypass-waf.git Usage python abuse-ssl-bypass-waf.py –help If you...
tomcatWarDeployer v0.5.2 releases: Apache Tomcat auto WAR deployment & pwning penetration testing tool
tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically...
owtf v2.6 released: Offensive Web Testing Framework
OWASP Offensive Web Testing Framework (OWTF) is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4),...
PowerUpSQL v1.106 releases: A PowerShell Toolkit for Attacking SQL Server
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on the scale. It...
xsshell: XSS reverse shell framework
XSShell XSShell is a cross-site-scripting reverse shell… Okay, well maybe it’s not a true reverse shell, but it will allow you to interact in real time with an XSS victim’s...
