gf4
/
WebHackersWeapons
mirror of https://git.hackliberty.org/Awesome-Mirrors/WebHackersWeapons
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

distribute readme

pull/40/head
hahwul 2021-11-27 16:49:54 +09:00
parent d27b349267
commit 01fd3e0488
2 changed files with 70 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -221,12 +221,15 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Utility/NOTIFY | [Emissary](https://github.com/BountyStrike/Emissary) | Send notifications on different channels such as Slack, Telegram, Discord etc. | ![](https://img.shields.io/github/stars/BountyStrike/Emissary) | ![](https://img.shields.io/github/languages/top/BountyStrike/Emissary) |
| Utility/NOTIFY | [ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack) | Hacky Slack - a bash script that sends beautiful messages to Slack | ![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack) | ![](https://img.shields.io/github/languages/top/openbridge/ob_hacky_slack) |
| Utility/NOTIFY | [slackcat](https://github.com/bcicen/slackcat) | CLI utility to post files and command output to slack | ![](https://img.shields.io/github/stars/bcicen/slackcat) | ![](https://img.shields.io/github/languages/top/bcicen/slackcat) |
| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. | ![](https://img.shields.io/github/stars/lc/230-OOB) | ![](https://img.shields.io/github/languages/top/lc/230-OOB) |
| Utility/PAYLOAD | [Blacklist3r](https://github.com/NotSoSecure/Blacklist3r) | project-blacklist3r | ![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r) | ![](https://img.shields.io/github/languages/top/NotSoSecure/Blacklist3r) |
| Utility/PAYLOAD | [Findsploit](https://github.com/1N3/Findsploit) | Find exploits in local and online databases instantly | ![](https://img.shields.io/github/stars/1N3/Findsploit) | ![](https://img.shields.io/github/languages/top/1N3/Findsploit) |
| Utility/PAYLOAD | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ![](https://img.shields.io/github/stars/tarunkant/Gopherus) | ![](https://img.shields.io/github/languages/top/tarunkant/Gopherus) |
| Utility/PAYLOAD | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) |
| Utility/PAYLOAD | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) | ![](https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) |
| Utility/PAYLOAD | [PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) | 📡 PoC auto collect from GitHub. Be careful malware. | ![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub) | ![](https://img.shields.io/github/languages/top/nomi-sec/PoC-in-GitHub) |
| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | ![](https://img.shields.io/github/stars/enjoiz/XXEinjector) | ![](https://img.shields.io/github/languages/top/enjoiz/XXEinjector) |
| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | ![](https://img.shields.io/github/stars/whitel1st/docem) | ![](https://img.shields.io/github/languages/top/whitel1st/docem) |
| Utility/PAYLOAD | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) |
| Utility/PAYLOAD | [jsfuck](https://github.com/aemkei/jsfuck) | Write any JavaScript with 6 Characters | ![](https://img.shields.io/github/stars/aemkei/jsfuck) | ![](https://img.shields.io/github/languages/top/aemkei/jsfuck) |
| Utility/PAYLOAD | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes | ![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) | ![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) |
@ -234,6 +237,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin
| Utility/PAYLOAD | [security-research-pocs](https://github.com/google/security-research-pocs) | Proof-of-concept codes created as part of security research done by Google Security Team. | ![](https://img.shields.io/github/stars/google/security-research-pocs) | ![](https://img.shields.io/github/languages/top/google/security-research-pocs) |
| Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 | ![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) | ![](https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) |
| Utility/PAYLOAD | [xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data) | This repository contains all the XSS cheatsheet data to allow contributions from the community. | ![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) | ![](https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) |
| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads | ![](https://img.shields.io/github/stars/staaldraad/xxeserv) | ![](https://img.shields.io/github/languages/top/staaldraad/xxeserv) |
| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) |
| Utility/PAYLOAD | [ysoserial.net](https://github.com/pwntester/ysoserial.net) | Deserialization payload generator for a variety of .NET formatters | ![](https://img.shields.io/github/stars/pwntester/ysoserial.net) | ![](https://img.shields.io/github/languages/top/pwntester/ysoserial.net) |
| Utility/PENTEST | [axiom](https://github.com/pry0cc/axiom) | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! | ![](https://img.shields.io/github/stars/pry0cc/axiom) | ![](https://img.shields.io/github/languages/top/pry0cc/axiom) |

68
data.json
View File

@ -1,4 +1,20 @@
{
"230-OOB": {
"Data": "| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. | ![](https://img.shields.io/github/stars/lc/230-OOB) | ![](https://img.shields.io/github/languages/top/lc/230-OOB) |",
"Description": "An Out-of-Band XXE server for retrieving file contents over FTP.",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "PAYLOAD",
"Type": "Utility",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"3klCon": {
"Data": "| Discovery/ALL | [3klCon](https://github.com/eslam3kl/3klCon) | Automation Recon tool which works with Large \u0026 Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. | ![](https://img.shields.io/github/stars/eslam3kl/3klCon) | ![](https://img.shields.io/github/languages/top/eslam3kl/3klCon) |",
"Description": "Automation Recon tool which works with Large \u0026 Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.",
@ -1023,6 +1039,22 @@
"Windows": "gem update XSpear"
}
},
"XXEinjector": {
"Type": "Utility",
"Data": "| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | ![](https://img.shields.io/github/stars/enjoiz/XXEinjector) | ![](https://img.shields.io/github/languages/top/enjoiz/XXEinjector) |",
"Method": "PAYLOAD",
"Description": "Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"a2sv": {
"Data": "| Scanner/SSL | [a2sv](https://github.com/hahwul/a2sv) | Auto Scanning to SSL Vulnerability | ![](https://img.shields.io/github/stars/hahwul/a2sv) | ![](https://img.shields.io/github/languages/top/hahwul/a2sv) |",
"Description": "Auto Scanning to SSL Vulnerability ",
@ -1503,6 +1535,22 @@
"Windows": ""
}
},
"docem": {
"Data": "| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | ![](https://img.shields.io/github/stars/whitel1st/docem) | ![](https://img.shields.io/github/languages/top/whitel1st/docem) |",
"Description": "Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "PAYLOAD",
"Type": "Utility",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"domdig": {
"Data": "| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications | ![](https://img.shields.io/github/stars/fcavallarin/domdig) | ![](https://img.shields.io/github/languages/top/fcavallarin/domdig) |",
"Description": "DOM XSS scanner for Single Page Applications ",
@ -2768,15 +2816,15 @@
}
},
"ppmap": {
"Type": "Scanner",
"Data": "| Scanner/FUZZ | [ppmap](https://github.com/kleiton0x00/ppmap) | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | ![](https://img.shields.io/github/stars/kleiton0x00/ppmap) | ![](https://img.shields.io/github/languages/top/kleiton0x00/ppmap) |",
"Method": "FUZZ",
"Description": "A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "FUZZ",
"Type": "Scanner",
"Update": {
"Linux": "",
"MacOS": "",
@ -3551,6 +3599,22 @@
"Windows": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install"
}
},
"xxeserv": {
"Data": "| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads | ![](https://img.shields.io/github/stars/staaldraad/xxeserv) | ![](https://img.shields.io/github/languages/top/staaldraad/xxeserv) |",
"Description": "A mini webserver with FTP support for XXE payloads",
"Install": {
"Linux": "",
"MacOS": "",
"Windows": ""
},
"Method": "PAYLOAD",
"Type": "Utility",
"Update": {
"Linux": "",
"MacOS": "",
"Windows": ""
}
},
"ysoserial": {
"Data": "| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) |",
"Description": "A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. ",