[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
Web Exploitation / Web Information Gathering / Web Vulnerability Analysis
by do son · Published June 18, 2019 · Last modified June 17, 2019
VAULT Swiss army knife for hackers Features Scan website for the following vulnerabilities XSS LFI RFI SQLi Scanner Port scanning : ACK, FIN, NULL, XMAS IP scanning : Ping Sweep,...
XLESS – The Serverless Blind XSS App xless is a serverless blind XSS app that can be used to identify blind XSS vulnerabilities using your own deployed version of the app. There...
sJET siberas JMX Exploitation Toolkit sJET allows easy exploitation of insecure configured JMX services. Download Prerequirement Jython 2.7 git clone https://github.com/siberas/sjet.git Usage SJET implements a CLI interface (using argparse): jython sjet.py targetHost...
Exploitation / Information Gathering / Web Exploitation / Web Information Gathering
by do son · Published June 6, 2019 · Last modified October 25, 2022
shodansploit Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports...
Reporting / Web Exploitation / Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 5, 2019
Seccubus Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On...
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to...
JSONBee A ready to use JSONP endpoints to help bypass the content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be...
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF...
viewgen ASP.NET ViewState Generator viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. Install git clone https://github.com/0xACB/viewgen.git pip3 install...
abuse-ssl-bypass-waf Helping you find the SSL/TLS Cipher that WAF cannot decrypt and Server can decrypt same time Referer article Idea Download git clone https://github.com/LandGrey/abuse-ssl-bypass-waf.git Usage python abuse-ssl-bypass-waf.py –help If you...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published April 9, 2019 · Last modified April 8, 2019
tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published March 29, 2019 · Last modified December 16, 2024
OWASP Offensive Web Testing Framework (OWTF) is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4),...
Web Exploitation / WebApp PenTest
by do son · Published March 28, 2019 · Last modified April 20, 2020
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on the scale. It...
XSShell XSShell is a cross-site-scripting reverse shell… Okay, well maybe it’s not a true reverse shell, but it will allow you to interact in real time with an XSS victim’s...