#
edwinsiebel
Follow
Starred repositories
Python wrapper for ysoserial-all.jar that makes exploiting Java deserialization much easier
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
Reverse shell listener and payload generator designed to work on most Linux targets
Contextual Deserialization vulnerability that causes RCE - Remote Code Execution
CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
Unsecure time-based secret exploitation and Sandwich attack implementation Resources
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Tib3rius / Dynamic-DTD
Forked from WhiteOakSecurity/Dynamic-DTDA python Flask app that generates dynamic DTDs for easy out-of-band data exfiltration.
Self contained htaccess shells and attacks
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
GQLSpection - parses GraphQL introspection schema and generates possible queries
Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.
grep rough audit - source code auditing tool
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
