
IntruderPayloads – Collection of Burpsuite Intruder Payloads For Bug Hunting
IntruderPayloads A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the…
Read more »
Corsy – CORS Misconfiguration Scanner
What is CORS Misconfiguration Bug? Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility…
Read more »
Gopherus – Tool for Exploiting SSRF and gaining RCE
Gopherus If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE…
Read more »
SQLbit – Script for Automatize Boolean-Based Blind SQL Injections
SQL Blind Injection Tool Just another script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwise comparisons with multithreading to find cell…
Read more »
EvilSelenium – Tool That Weaponizes Selenium to Attack Chromium Based Browsers
EvilSelenium EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. The current features right now are: Steal stored credentials (via autofill) Steal cookies Take screenshots of websites Dump Gmail/O365…
Read more »
DalFox – Powerful Automated XSS Scanning Tool And Parameter Analyzer
Dalfox XSS Tool DalFox is an powerful automated XSS scanning tool and parameter analyzer and utility that fast the process of detecting and verify XSS flaws. It comes with a…
Read more »
Bluffy – Convert Shellcode Into Different Formats
Overview Bluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats. Proof-of-concept tools, such as 0xBoku‘s Ninja_UUID_Runner and ChoiSG‘s UuidShellcodeExec, inspired the initial…
Read more »