Every type of software has its own unique security vulnerabilities, and with new trends in software, new threats emerge. For instance, as web applications with database backends started replacing static websites
-399-Exploit Command Injection Vulnearbility with Commix and Netcat: http://www.hackingarticles.in/exploit-command-injection-vulnearbility-commix-netcat -400-Exploiting Form Based Sql Injection using Sqlmap: http://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap -401-Beginner...
:small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws. :small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python. :small_orange_diamond: AutoRecon - is a network reconnaissance tool which performs...
Based on Burp extension, send HTTP request template out to Python fuzzer. [3星][1y] [Py] yuxiaokui/hackerone Fuzz website [2星][2y] yehgdotnet/jhijack A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session...
Windows平台安全: PE/DLL/DLL-Injection/Dll-Hijack/Dll-Load/UAC-Bypass/Sysmon/AppLocker/ETW/WSL/.NET/Process-Injection/Code-Injection/DEP/Kernel/... Linux安全: ELF/... macOS/iXxx安全: Mach-O/越狱/LLDB/XCode/... Android安全: HotFix/XPosed/Pack/Unpack/Emulator/Obfuscate 知名工具: IDA/Ghidra...
DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、企业微信通知。 https://github.com/Bywalks/DarkAngel DarkAngel 一条龙服务,只需要输入根域名即可全方位收集相关资产,并检测漏洞。也可以输入多个域名、C段IP等,具体案例见下文。 https://github.com/0x727/ShuiZe_0x727 Shu...
[1448星][3m] [Py] epinna/tplmap 代码注入和服务器端模板注入(Server-Side Template Injection)漏洞利用,若干沙箱逃逸技巧。 [1180星][15d] [Py] codingo/nosqlmap Automated NoSQL database enumeration and web application exploitation tool. 重复区段: 工具/侦察&&信息收集&&子域名发现与枚举&&OSINT/未分...
Based on Burp extension, send HTTP request template out to Python fuzzer. [3星][1y] [Py] yuxiaokui/hackerone Fuzz website [2星][2y] yehgdotnet/jhijack A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session...
[81星][3y] [Py] coffeehb/ocift 一个半自动化命令注入漏洞Fuzz工具(One Semi-automation command injection vulnerability Fuzz tool) [81星][7d] [C] trailofbits/mishegos A differential fuzzer for x86 decoders [78星][2y] [Py] softsec-kaist/imf Inferred Model-based Fuzzer [77星][20d] [Rust...
[81星][3y] [Py] coffeehb/ocift 一个半自动化命令注入漏洞Fuzz工具(One Semi-automation command injection vulnerability Fuzz tool) [81星][7d] [C] trailofbits/mishegos A differential fuzzer for x86 decoders [78星][2y] [Py] softsec-kaist/imf Inferred Model-based Fuzzer [77星][20d] [Rust...