From 274c77662a6f8f4349cace940aa9257b77b4468b Mon Sep 17 00:00:00 2001 From: Kamil Vavra <47953210+vavkamil@users.noreply.github.com> Date: Mon, 11 Jan 2021 23:15:30 +0100 Subject: [PATCH] Update README.md --- README.md | 85 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 63 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 5ed5221..b36b9ac 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,25 @@ - [Exploitation](#Exploitation) - [CMS](#) - [Command Injection](#) - - [CORS Misconfiguration](CORS Misconfiguration) - - [CRLF Injection](#) - - [CSRF Injection](#) + - [CORS Misconfiguration](#CORS Misconfiguration) + - [CRLF Injection](#CRLF Injection) + - [CSRF Injection](#CSRF Injection) - [Directory Traversal](#) - [File Inclusion](#) - - [GraphQL Injection](#) + - [GraphQL Injection](GraphQL Injection) - [HTTP Parameter Pollution](#) - [Insecure Deserialization](#) - [Insecure Direct Object References](#) - [JSON Web Token](#JSON Web Token) - [Open Redirect](#) + - [postMessage](#postMessage) - [Race Condition](#) - [Request Smuggling](#) - - [Server Side Request Forgery](#) - - [SQL Injection](#) + - [Server Side Request Forgery](#Server Side Request Forgery) + - [SQL Injection](#SQL Injection) - [Subdomain takeover](#) - [XSS Injection](#) - - [XXE Injection](#) - - [postMessage](#postMessage) + - [XXE Injection](#XXE Injection) --- @@ -52,8 +52,28 @@ Lorem ipsum dolor sit amet - [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner - [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations +### CRLF Injection +Lorem ipsum dolor sit amet +- [crlfuzz](https://github.com/dwisiswant0/crlfuzz) - A fast tool to scan CRLF vulnerability written in Go +- [CRLF-Injection-Scanner](https://github.com/MichaelStott/CRLF-Injection-Scanner) - Command line tool for testing CRLF injection on a list of domains. +- [Injectus](https://github.com/BountyStrike/Injectus) - CRLF and open redirect fuzzer + +### CSRF Injection + +Lorem ipsum dolor sit amet + +- [XSRFProbe](https://github.com/0xInfection/XSRFProbe) -The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. + +### GraphQL Injection + +Lorem ipsum dolor sit amet + +- [inql](https://github.com/doyensec/inql) - InQL - A Burp Extension for GraphQL Security Testing +- [GraphQLmap](https://github.com/swisskyrepo/GraphQLmap) - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. +- [shapeshifter](https://github.com/szski/shapeshifter) - GraphQL security testing tool +- [graphql_beautifier](https://github.com/zidekmat/graphql_beautifier) - Burp Suite extension to help make Graphql request more readable ### JSON Web Token @@ -65,6 +85,13 @@ Lorem ipsum dolor sit amet - [jwtear](https://github.com/KINGSABRI/jwtear) - Modular command-line tool to parse, create and manipulate JWT tokens for hackers - [jwt-key-id-injector](https://github.com/dariusztytko/jwt-key-id-injector) - Simple python script to check against hypothetical JWT vulnerability. +### postMessage + +Lorem ipsum dolor sit amet + +- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon +- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool + ### Server Side Request Forgery Lorem ipsum dolor sit amet @@ -83,23 +110,37 @@ Lorem ipsum dolor sit amet - [grafana-ssrf](https://github.com/RandomRobbieBF/grafana-ssrf) - Authenticated SSRF in Grafana - [sentrySSRF](https://github.com/xawdxawdx/sentrySSRF) - Tool to searching sentry config on page or in javascript files and check blind SSRF - -- []() - -- []() - -- []() - -- []() - -- []() - -- []() - -- []() - -- []() - - - -### postMessage +### SQL Injection Lorem ipsum dolor sit amet -- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon -- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool +- [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool +- [NoSQLMap](https://github.com/codingo/NoSQLMap) - Automated NoSQL database enumeration and web application exploitation tool. +- [SQLiScanner](https://github.com/0xbug/SQLiScanner) - Automatic SQL injection with Charles and sqlmap api +- [SleuthQL](https://github.com/RhinoSecurityLabs/SleuthQL) - Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. +- [mssqlproxy](https://github.com/blackarrowsec/mssqlproxy) - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse +- [sqli-hunter](https://github.com/zt2/sqli-hunter) - SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy. +- [waybackSqliScanner](https://github.com/ghostlulzhacks/waybackSqliScanner) - Gather urls from wayback machine then test each GET parameter for sql injection. +- [ESC](https://github.com/NetSPI/ESC) - Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. +- [mssqli-duet](https://github.com/Keramas/mssqli-duet) - SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing +- [burp-to-sqlmap](https://github.com/Miladkhoshdel/burp-to-sqlmap) - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap +- [BurpSQLTruncSanner](https://github.com/InitRoot/BurpSQLTruncSanner) - Messy BurpSuite plugin for SQL Truncation vulnerabilities. +- [andor](https://github.com/sadicann/andor) - Blind SQL Injection Tool with Golang +- [Blinder](https://github.com/mhaskar/Blinder) - A python library to automate time-based blind SQL injection + +### XXE Injection + +Lorem ipsum dolor sit amet + +- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities. +- [dtd-finder](https://github.com/GoSecure/dtd-finder) - List DTDs and generate XXE payloads using those local DTDs. +- [docem](https://github.com/whitel1st/docem) - Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) +- [xxeserv](https://github.com/staaldraad/xxeserv) - A mini webserver with FTP support for XXE payloads +- [xxexploiter](https://github.com/luisfontes19/xxexploiter) - Tool to help exploit XXE vulnerabilities +- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF +- [XXEinjector](https://github.com/enjoiz/XXEinjector) - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. +- [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) - A tool for embedding XXE/XML exploits into different filetypes + ## Contribute