local and remote file inclution payload list

Local/Remote File Inclution (LFI/RFI) Payload List

I’ll give list of example code in PHP format to protecting your website and most importantly your code from a file inclusion (RFI/LFI) exploit.

Read more »
EyeWitness - Tool To Take Screenshots of Websites

EyeWitness – Tool To Take Screenshots of Websites, Provide Server Header Info

EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.

Read more »
Recon-ng - Full-featured Web Reconnaissance Framework

Recon-ng – Full-featured Web Reconnaissance Framework

Recon-ng is a full-featured Web Reconnaissance framework. Complete with web digging modules, database interaction, social media recon, report and more.

Read more »
CloudUnflare - Reconnaissance Real IP address for Cloudflare Bypass

CloudUnflare – Tool to Reconnaissance Real IP address for Cloudflare Bypass

CloudUnflare is a tool to Reconnaissance Real IP address for Cloudflare Bypass. Because Cloudflare will hide the Real IP address to protect from attack.

Read more »
sslsplit - Transparent SSL TLS interception

sslsplit – Transparent SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics.

Read more »
SQLi-Hunter - Simple HTTP Proxy Server and a SQLMAP API wrapper that makes digging SQLi easy

SQLi-Hunter – Simple HTTP Proxy Server and SQLMAP API wrapper that makes digging SQLi easy

SQLi-Hunter is a simple HTTP proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Read more »
Femida Set XSS payloads - Automated blind-xss Search for Burp Suite

Femida – Automated blind-xss Search for Burp Suite

Femida is python plugin for Burp Suite which can automated search blind-xss vulnerability. You will able to fill payloads table with your OOB-XSS vectors.

Read more »