XSS Chef: generating custom XSS payloads
What is XSS Chef? XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration...
Category: Web Exploitation
hasherbasher: SQL injection via bruteforced MD5 hash reflection of random strings
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic....
jackhammer: Security vulnerability assessment/management tool
Jackhammer: One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between...
JSShell v2.0 Releases: An interactive multi-user web JS shell
JSShell An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to...
xcat v1.1 releases: exploit and investigate blind XPath injection vulnerabilities
XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version...
Pocsuite v2.0.8 releases: open-sourced remote vulnerability testing framework
Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration...
xxer: A blind XXE injection callback handler
xxer A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab. Rewritten here because I don’t like Ruby. Basically, this doesn’t actually...
TIDoS-Framework v2.0 beta releases: A comprehensive web-app audit framework
TIDoS Framework TIDoS Framework is a comprehensive web application audit framework with some serious perks. Highlights:- The main highlights of this framework are: Basic first release (but huge). Has 4...
XIP: generates a list of IP addresses to bypass security measures
XIP XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc. Below are the implemented transformations: Hexadecimal...
bodhi: Client-Side Vulnerability Playground
Bodhi – Client-Side Vulnerability Playground Bodhi is a playground focused on learning the exploitation of client-side web vulnerabilities. The playground has a vulnerable application & a bot program which simulates...
WordPress Exploit Framework v2.0.1 releases
WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Changelog v2.0.1 Changes Add bypass for admin...
AutoSQLi: automatic SQL Injection tool
AutoSQLi An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap. Features Save System – there is a complete save system, which can resume even...
BlackWidow v1.3 releases: web application scanner to gather OSINT and fuzz for OWASP vulnerabilities
BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to...
Gopherus: generates gopher link for exploiting SSRF and gaining RCE
Gopherus If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE...
tplmap v0.5 releases: Code & Server-Side Template Injection Detection & Exploitation Tool
Tplmap Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The tool...
