Top disclosed reports from HackerOne

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

A list of useful payloads for Web Application Security and Pentest/CTF

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04

🔥 Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

XXE vulnerability creator

A web crawler and vulnerability scanner tool developed by Rohit Ajariwal

Proof of Concept for CVE-2021-29447 written in Python

Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.

WAFManis is a Protocol-Level WAF Evasion Fuzzing Tool that automates the discovery of evasion vulnerabilities in Web Application Firewalls (WAFs) by fuzzing HTTP requests to identify potential bypass techniques.

Exer is a vuln scanner for specific string

A collection of security tools for pentersion testing

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.