Update README.md
This commit is contained in:
Kamil Vavra
GitHub
parent
9675aa2c1e
commit
bcc123cb05
52
README.md
52
README.md
|
|
@ -26,12 +26,12 @@
|
|||
- [HTTP Parameter Pollution](#)
|
||||
- [Insecure Deserialization](#)
|
||||
- [Insecure Direct Object References](#)
|
||||
- [Open Redirect](#)
|
||||
- [Open Redirect](#Open-Redirect)
|
||||
- [Race Condition](#)
|
||||
- [Request Smuggling](#Request-Smuggling)
|
||||
- [Server Side Request Forgery](#Server-Side-Request-Forgery)
|
||||
- [SQL Injection](#SQL-Injection)
|
||||
- [XSS Injection](#)
|
||||
- [XSS Injection](#XSS-Injection)
|
||||
- [XXE Injection](#XXE-Injection)
|
||||
|
||||
- [Miscellaneous](#Miscellaneous)
|
||||
|
|
@ -81,6 +81,12 @@ Lorem ipsum dolor sit amet
|
|||
|
||||
- [headi](https://github.com/mlcsec/headi) - Customisable and automated HTTP header injection.
|
||||
|
||||
### Open Redirect
|
||||
|
||||
- [Oralyzer](https://github.com/r0075h3ll/Oralyzer) - Open Redirection Analyzer
|
||||
- [Injectus](https://github.com/BountyStrike/Injectus) - CRLF and open redirect fuzzer
|
||||
- [dom-red](https://github.com/Naategh/dom-red) - Small script to check a list of domains against open redirect vulnerability
|
||||
|
||||
### Request Smuggling
|
||||
|
||||
- [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) - HTTP Request Smuggling Detection Tool
|
||||
|
|
@ -118,6 +124,45 @@ Lorem ipsum dolor sit amet
|
|||
- [andor](https://github.com/sadicann/andor) - Blind SQL Injection Tool with Golang
|
||||
- [Blinder](https://github.com/mhaskar/Blinder) - A python library to automate time-based blind SQL injection
|
||||
|
||||
### XSS Injection
|
||||
|
||||
- [XSStrike](https://github.com/s0md3v/XSStrike) - Most advanced XSS scanner.
|
||||
- [xssor2](https://github.com/evilcos/xssor2) - XSS'OR - Hack with JavaScript.
|
||||
- [xsscrapy](https://github.com/DanMcInerney/xsscrapy) - XSS spider - 66/66 wavsep XSS detected
|
||||
- [sleepy-puppy](https://github.com/Netflix-Skunkworks/sleepy-puppy) - Sleepy Puppy XSS Payload Management Framework
|
||||
- [ezXSS](https://github.com/ssl/ezXSS) - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
|
||||
- [xsshunter](https://github.com/mandatoryprogrammer/xsshunter) - The XSS Hunter service - a portable version of XSSHunter.com
|
||||
- [dalfox](https://github.com/hahwul/dalfox) - DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
|
||||
- [xsser](https://github.com/epsylon/xsser) - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
|
||||
- [XSpear](https://github.com/hahwul/XSpear) - Powerfull XSS Scanning and Parameter analysis tool&gem
|
||||
- [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) - XSS payloads designed to turn alert(1) into P1
|
||||
- [tracy](https://github.com/nccgroup/tracy) - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
|
||||
- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
|
||||
- [xssValidator](https://github.com/nVisium/xssValidator) - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
|
||||
- [JSShell](https://github.com/Den1al/JSShell) - An interactive multi-user web JS shell
|
||||
- [bXSS](https://github.com/LewisArdern/bXSS) - bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
|
||||
- [docem](https://github.com/whitel1st/docem) - Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
|
||||
- [XSS-Radar](https://github.com/bugbountyforum/XSS-Radar) - XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
|
||||
- [BruteXSS](https://github.com/rajeshmajumdar/BruteXSS) - BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application.
|
||||
- [findom-xss](https://github.com/dwisiswant0/findom-xss) - A fast DOM based XSS vulnerability scanner with simplicity.
|
||||
- [domdig](https://github.com/fcavallarin/domdig) - DOM XSS scanner for Single Page Applications
|
||||
- [femida](https://github.com/wish-i-was/femida) - Automated blind-xss search for Burp Suite
|
||||
- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
|
||||
- [domxssscanner](https://github.com/yaph/domxssscanner) - DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
|
||||
- [xsshunter_client](https://github.com/mandatoryprogrammer/xsshunter_client) - Correlated injection proxy tool for XSS Hunter
|
||||
- [extended-xss-search](https://github.com/Damian89/extended-xss-search) - A better version of my xssfinder tool - scans for different types of xss on a list of urls.
|
||||
- [xssmap](https://github.com/Jewel591/xssmap) - XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
|
||||
- [XSSCon](https://github.com/menkrep1337/XSSCon) - XSSCon: Simple XSS Scanner tool
|
||||
- [BitBlinder](https://github.com/BitTheByte/BitBlinder) - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities
|
||||
- [XSSOauthPersistence](https://github.com/dxa4481/XSSOauthPersistence) - Maintaining account persistence via XSS and Oauth
|
||||
- [shadow-workers](https://github.com/shadow-workers/shadow-workers) - Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
|
||||
- [rexsser](https://github.com/profmoriarity/rexsser) - This is a burp plugin that extracts keywords from response using regexes and test for reflected XSS on the target scope.
|
||||
- [xss-flare](https://github.com/EgeBalci/xss-flare) - XSS hunter on cloudflare serverless workers.
|
||||
- [Xss-Sql-Fuzz](https://github.com/jiangsir404/Xss-Sql-Fuzz) - burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
|
||||
- [vaya-ciego-nen](https://github.com/hipotermia/vaya-ciego-nen) - Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
|
||||
- [dom-based-xss-finder](https://github.com/AsaiKen/dom-based-xss-finder) - Chrome extension that finds DOM based XSS vulnerabilities
|
||||
- [XSSTerminal](https://github.com/machinexa2/XSSTerminal) - Develop your own XSS Payload using interactive typing
|
||||
|
||||
### XXE Injection
|
||||
|
||||
- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
|
||||
|
|
@ -138,6 +183,9 @@ Lorem ipsum dolor sit amet
|
|||
|
||||
- [wpscan](https://github.com/wpscanteam/wpscan) - WPScan is a free, for non-commercial use, black box WordPress security scanner
|
||||
- [WPSpider](https://github.com/cyc10n3/WPSpider) - A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
|
||||
- [wprecon](https://github.com/blackcrw/wprecon) - Wordpress Recon
|
||||
- [CMSmap](https://github.com/Dionach/CMSmap) - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
|
||||
- [joomscan](https://github.com/OWASP/joomscan) - OWASP Joomla Vulnerability Scanner Project
|
||||
|
||||
### JSON Web Token
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue