mirror of
https://github.com/vavkamil/awesome-bugbounty-tools.git
synced 2025-03-12 18:16:30 -04:00
Update README.md
This commit is contained in:
Kamil Vavra
GitHub
parent
7c19cdd2a4
commit
274c77662a
85
README.md
85
README.md
@ -17,25 +17,25 @@
|
||||
- [Exploitation](#Exploitation)
|
||||
- [CMS](#)
|
||||
- [Command Injection](#)
|
||||
- [CORS Misconfiguration](CORS Misconfiguration)
|
||||
- [CRLF Injection](#)
|
||||
- [CSRF Injection](#)
|
||||
- [CORS Misconfiguration](#CORS Misconfiguration)
|
||||
- [CRLF Injection](#CRLF Injection)
|
||||
- [CSRF Injection](#CSRF Injection)
|
||||
- [Directory Traversal](#)
|
||||
- [File Inclusion](#)
|
||||
- [GraphQL Injection](#)
|
||||
- [GraphQL Injection](GraphQL Injection)
|
||||
- [HTTP Parameter Pollution](#)
|
||||
- [Insecure Deserialization](#)
|
||||
- [Insecure Direct Object References](#)
|
||||
- [JSON Web Token](#JSON Web Token)
|
||||
- [Open Redirect](#)
|
||||
- [postMessage](#postMessage)
|
||||
- [Race Condition](#)
|
||||
- [Request Smuggling](#)
|
||||
- [Server Side Request Forgery](#)
|
||||
- [SQL Injection](#)
|
||||
- [Server Side Request Forgery](#Server Side Request Forgery)
|
||||
- [SQL Injection](#SQL Injection)
|
||||
- [Subdomain takeover](#)
|
||||
- [XSS Injection](#)
|
||||
- [XXE Injection](#)
|
||||
- [postMessage](#postMessage)
|
||||
- [XXE Injection](#XXE Injection)
|
||||
|
||||
|
||||
---
|
||||
@ -52,8 +52,28 @@ Lorem ipsum dolor sit amet
|
||||
- [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner
|
||||
- [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations
|
||||
|
||||
### CRLF Injection
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [crlfuzz](https://github.com/dwisiswant0/crlfuzz) - A fast tool to scan CRLF vulnerability written in Go
|
||||
- [CRLF-Injection-Scanner](https://github.com/MichaelStott/CRLF-Injection-Scanner) - Command line tool for testing CRLF injection on a list of domains.
|
||||
- [Injectus](https://github.com/BountyStrike/Injectus) - CRLF and open redirect fuzzer
|
||||
|
||||
### CSRF Injection
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [XSRFProbe](https://github.com/0xInfection/XSRFProbe) -The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
|
||||
|
||||
### GraphQL Injection
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [inql](https://github.com/doyensec/inql) - InQL - A Burp Extension for GraphQL Security Testing
|
||||
- [GraphQLmap](https://github.com/swisskyrepo/GraphQLmap) - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
|
||||
- [shapeshifter](https://github.com/szski/shapeshifter) - GraphQL security testing tool
|
||||
- [graphql_beautifier](https://github.com/zidekmat/graphql_beautifier) - Burp Suite extension to help make Graphql request more readable
|
||||
|
||||
### JSON Web Token
|
||||
|
||||
@ -65,6 +85,13 @@ Lorem ipsum dolor sit amet
|
||||
- [jwtear](https://github.com/KINGSABRI/jwtear) - Modular command-line tool to parse, create and manipulate JWT tokens for hackers
|
||||
- [jwt-key-id-injector](https://github.com/dariusztytko/jwt-key-id-injector) - Simple python script to check against hypothetical JWT vulnerability.
|
||||
|
||||
### postMessage
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
|
||||
- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool
|
||||
|
||||
### Server Side Request Forgery
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
@ -83,23 +110,37 @@ Lorem ipsum dolor sit amet
|
||||
- [grafana-ssrf](https://github.com/RandomRobbieBF/grafana-ssrf) - Authenticated SSRF in Grafana
|
||||
- [sentrySSRF](https://github.com/xawdxawdx/sentrySSRF) - Tool to searching sentry config on page or in javascript files and check blind SSRF
|
||||
|
||||
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
|
||||
|
||||
### postMessage
|
||||
### SQL Injection
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
|
||||
- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool
|
||||
- [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool
|
||||
- [NoSQLMap](https://github.com/codingo/NoSQLMap) - Automated NoSQL database enumeration and web application exploitation tool.
|
||||
- [SQLiScanner](https://github.com/0xbug/SQLiScanner) - Automatic SQL injection with Charles and sqlmap api
|
||||
- [SleuthQL](https://github.com/RhinoSecurityLabs/SleuthQL) - Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
|
||||
- [mssqlproxy](https://github.com/blackarrowsec/mssqlproxy) - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
|
||||
- [sqli-hunter](https://github.com/zt2/sqli-hunter) - SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
|
||||
- [waybackSqliScanner](https://github.com/ghostlulzhacks/waybackSqliScanner) - Gather urls from wayback machine then test each GET parameter for sql injection.
|
||||
- [ESC](https://github.com/NetSPI/ESC) - Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.
|
||||
- [mssqli-duet](https://github.com/Keramas/mssqli-duet) - SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
|
||||
- [burp-to-sqlmap](https://github.com/Miladkhoshdel/burp-to-sqlmap) - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap
|
||||
- [BurpSQLTruncSanner](https://github.com/InitRoot/BurpSQLTruncSanner) - Messy BurpSuite plugin for SQL Truncation vulnerabilities.
|
||||
- [andor](https://github.com/sadicann/andor) - Blind SQL Injection Tool with Golang
|
||||
- [Blinder](https://github.com/mhaskar/Blinder) - A python library to automate time-based blind SQL injection
|
||||
|
||||
### XXE Injection
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
|
||||
- [dtd-finder](https://github.com/GoSecure/dtd-finder) - List DTDs and generate XXE payloads using those local DTDs.
|
||||
- [docem](https://github.com/whitel1st/docem) - Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
|
||||
- [xxeserv](https://github.com/staaldraad/xxeserv) - A mini webserver with FTP support for XXE payloads
|
||||
- [xxexploiter](https://github.com/luisfontes19/xxexploiter) - Tool to help exploit XXE vulnerabilities
|
||||
- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
|
||||
- [XXEinjector](https://github.com/enjoiz/XXEinjector) - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
|
||||
- [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) - A tool for embedding XXE/XML exploits into different filetypes
|
||||
|
||||
|
||||
## Contribute
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user