Category: Web Exploitation
tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP...
OWASP Offensive Web Testing Framework (OWTF) is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10,...
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on the scale. It is intended to be...
XSShell XSShell is a cross-site-scripting reverse shell… Okay, well maybe it’s not a true reverse shell, but it will allow you to interact in real time with an XSS victim’s browser. Just run the...
What is XSS Chef? XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration tests to demonstrate cross-site...
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic. You can also check...
Jackhammer: One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev...
JSShell An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting)...
XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the...
Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers....
xxer A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab. Rewritten here because I don’t like Ruby. Basically, this doesn’t actually find XXE injection for...
TIDoS Framework TIDoS Framework is a comprehensive web application audit framework with some serious perks. Highlights:- The main highlights of this framework are: Basic first release (but huge). Has 4 main phases, subdivided into 13...
XIP XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc. Below are the implemented transformations: Hexadecimal Decimal Octal IPV4 to...
Bodhi – Client-Side Vulnerability Playground Bodhi is a playground focused on learning the exploitation of client-side web vulnerabilities. The playground has a vulnerable application & a bot program which simulates the real-world victim. An...
WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Changelog v2.0.1 Changes Add bypass for admin shell uploads when write...