kiro6
Follow
Web pentesting
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
🎯 Command Injection Payload List
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.
Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.
分享PHP WebShell 绕过WAF 的一些经验 Share some experience about PHP WebShell bypass WAF and Anti-AV
Obtain GraphQL API schema even if the introspection is disabled
Scan for misconfigured S3 buckets across S3-compatible APIs!
JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.
Fetches JavaScript files quickly and comprehensively.
「🔑」A tool used to hunt down API key leaks in JS files and pages
Fast passive subdomain enumeration tool.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
PoC of CVE-2024-33883, RCE vulnerability of ejs.
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
Content-Security-Policy (CSP) Bypass Techniques
HTTPLeaks - All possible ways, a website can leak HTTP requests
Pure Python hash length extension module
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
🔍 gowitness - a golang, web screenshot utility using Chrome Headless