Category: Web Exploitation
Brutemap Brutemap is an open source penetration testing tool that automates testing accounts to the site’s login page, based on Dictionary Attack. With this, you no longer need to search for other bruteforce tools and you also...
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications...
VulnX 🕷️ CMS-Detector and Vulnerability Scanner & exec automatic exploit process. Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, information gathering and vulnerabilities Scanning of the target...
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
VAULT Swiss army knife for hackers Features Scan website for the following vulnerabilities XSS LFI RFI SQLi Scanner Port scanning : ACK, FIN, NULL, XMAS IP scanning : Ping Sweep, ARP SSL vulnerability scan...
XLESS – The Serverless Blind XSS App xless is a serverless blind XSS app that can be used to identify blind XSS vulnerabilities using your own deployed version of the app. There is no need to...
sJET siberas JMX Exploitation Toolkit sJET allows easy exploitation of insecure configured JMX services. Download Prerequirement Jython 2.7 git clone https://github.com/siberas/sjet.git Usage SJET implements a CLI interface (using argparse): jython sjet.py targetHost targetPort password MODE (modeOptions)...
shodansploit Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service,...
Seccubus Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting...
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However,...
JSONBee A ready to use JSONP endpoints to help bypass the content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found here. The main...
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration...
viewgen ASP.NET ViewState Generator viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. Install git clone https://github.com/0xACB/viewgen.git pip3 install –upgrade -r requirements.txt Use...
abuse-ssl-bypass-waf Helping you find the SSL/TLS Cipher that WAF cannot decrypt and Server can decrypt same time Referer article Idea Download git clone https://github.com/LandGrey/abuse-ssl-bypass-waf.git Usage python abuse-ssl-bypass-waf.py –help If you can find keyword or...