A lack of input sanitization leaves PDF documents ripe for exfiltration
XSS for PDFs – New injection technique offers rich pickings for security researchers
NoSQLi – NoSql Injection CLI Tool
NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast...
Scant3R – Web Security Scanner
ScanT3r - Web Security Scanner _____ ___________ / ___/_________ _____/_ __/__ /_____ \__ \/ ___/ __ `/ __ \/ /...
IIS-Raid – A Native Backdoor Module For Microsoft IIS (Internet Information Services)
IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker.DocumentationWhen installed, IIS-Raid will process every request and method, check if the X-Password head...
Polyshell – A Bash/Batch/PowerShell Polyglot!
PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell (i.e. a polyglot).This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payload...
SysWhispers – AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls.All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/.IntroductionVarious security products...
SQL Injection Payload List
SQL InjectionIn this section, we'll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.What is SQL injection (SQLi)?SQ...
Andor – Blind SQL Injection Tool With Golang
Blind SQL Injection Tool with Golang.UsageDownload andor.go and go to the folder where the file andor.go located. And type this to command promt:go run andor.go --url "http://deneme.com/index.php?id=1"** Note: Get parameter value must be correct, other...
Pixload – Image Payload Creating/Injecting Tools
Set of tools for creating/injecting payload into images.SETUPThe following Perl modules are required:- GD- Image::ExifTool- String::CRC32On Debian-based systems install these packages:sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-p...
mpDNS – Multi-Purpose DNS Server
Simple, configurable "clone & run" DNS Server with multiple useful featuresShould work on Python 2 and 3names.db -> holds all custom records (see examples)Simple wildcards like *.example.comCatch unicode dns requestsCustom actions aka macro: {{...
Recent Comments