🎯 XML External Entity (XXE) Injection Payload List
created at Nov. 19, 2019, 5:04 a.m.
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
created at April 1, 2018, 12:11 a.m.
A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.
created at Feb. 11, 2016, 9:28 p.m.
vulnerable web application for training
created at Dec. 13, 2017, 6:43 a.m.
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included
created at Nov. 11, 2018, 7:07 p.m.
🎯 Open Redirect Payload List
created at Aug. 15, 2019, 3:29 p.m.
Pillage web accessible GIT, HG and BZR repositories
created at June 18, 2011, 8:04 p.m.
Stealing CSRF tokens with CSS injection (without iFrames)
created at Feb. 4, 2018, 4:09 a.m.
List DTDs and generate XXE payloads using those local DTDs.
created at July 15, 2019, 8:13 p.m.
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
created at Dec. 13, 2017, 11:49 p.m.
A simple tool to convert the IP to a DWORD IP
created at April 30, 2016, 11:32 p.m.
A multiple reverse shell session/client manager via terminal
created at Oct. 23, 2017, 1:41 a.m.
Parse NTLM challenge messages over HTTP and SMB
created at Nov. 4, 2019, 10:27 p.m.