From 01fd3e04889ccd5a3fc2821f421dfa19e545f618 Mon Sep 17 00:00:00 2001 From: hahwul Date: Sat, 27 Nov 2021 16:49:54 +0900 Subject: [PATCH] distribute readme --- README.md | 4 ++++ data.json | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 70 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0e59150..faa6ba6 100644 --- a/README.md +++ b/README.md @@ -221,12 +221,15 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Utility/NOTIFY | [Emissary](https://github.com/BountyStrike/Emissary) | Send notifications on different channels such as Slack, Telegram, Discord etc. | ![](https://img.shields.io/github/stars/BountyStrike/Emissary) | ![](https://img.shields.io/github/languages/top/BountyStrike/Emissary) | | Utility/NOTIFY | [ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack) | Hacky Slack - a bash script that sends beautiful messages to Slack | ![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack) | ![](https://img.shields.io/github/languages/top/openbridge/ob_hacky_slack) | | Utility/NOTIFY | [slackcat](https://github.com/bcicen/slackcat) | CLI utility to post files and command output to slack | ![](https://img.shields.io/github/stars/bcicen/slackcat) | ![](https://img.shields.io/github/languages/top/bcicen/slackcat) | +| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. | ![](https://img.shields.io/github/stars/lc/230-OOB) | ![](https://img.shields.io/github/languages/top/lc/230-OOB) | | Utility/PAYLOAD | [Blacklist3r](https://github.com/NotSoSecure/Blacklist3r) | project-blacklist3r | ![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r) | ![](https://img.shields.io/github/languages/top/NotSoSecure/Blacklist3r) | | Utility/PAYLOAD | [Findsploit](https://github.com/1N3/Findsploit) | Find exploits in local and online databases instantly | ![](https://img.shields.io/github/stars/1N3/Findsploit) | ![](https://img.shields.io/github/languages/top/1N3/Findsploit) | | Utility/PAYLOAD | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ![](https://img.shields.io/github/stars/tarunkant/Gopherus) | ![](https://img.shields.io/github/languages/top/tarunkant/Gopherus) | | Utility/PAYLOAD | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) | | Utility/PAYLOAD | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) | ![](https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) | | Utility/PAYLOAD | [PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) | 📡 PoC auto collect from GitHub. Be careful malware. | ![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub) | ![](https://img.shields.io/github/languages/top/nomi-sec/PoC-in-GitHub) | +| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | ![](https://img.shields.io/github/stars/enjoiz/XXEinjector) | ![](https://img.shields.io/github/languages/top/enjoiz/XXEinjector) | +| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | ![](https://img.shields.io/github/stars/whitel1st/docem) | ![](https://img.shields.io/github/languages/top/whitel1st/docem) | | Utility/PAYLOAD | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) | | Utility/PAYLOAD | [jsfuck](https://github.com/aemkei/jsfuck) | Write any JavaScript with 6 Characters | ![](https://img.shields.io/github/stars/aemkei/jsfuck) | ![](https://img.shields.io/github/languages/top/aemkei/jsfuck) | | Utility/PAYLOAD | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes | ![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) | ![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) | @@ -234,6 +237,7 @@ A collection of cool tools used by Web hackers. Happy hacking , Happy bug-huntin | Utility/PAYLOAD | [security-research-pocs](https://github.com/google/security-research-pocs) | Proof-of-concept codes created as part of security research done by Google Security Team. | ![](https://img.shields.io/github/stars/google/security-research-pocs) | ![](https://img.shields.io/github/languages/top/google/security-research-pocs) | | Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 | ![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) | ![](https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) | | Utility/PAYLOAD | [xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data) | This repository contains all the XSS cheatsheet data to allow contributions from the community. | ![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) | ![](https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) | +| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads | ![](https://img.shields.io/github/stars/staaldraad/xxeserv) | ![](https://img.shields.io/github/languages/top/staaldraad/xxeserv) | | Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) | | Utility/PAYLOAD | [ysoserial.net](https://github.com/pwntester/ysoserial.net) | Deserialization payload generator for a variety of .NET formatters | ![](https://img.shields.io/github/stars/pwntester/ysoserial.net) | ![](https://img.shields.io/github/languages/top/pwntester/ysoserial.net) | | Utility/PENTEST | [axiom](https://github.com/pry0cc/axiom) | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! | ![](https://img.shields.io/github/stars/pry0cc/axiom) | ![](https://img.shields.io/github/languages/top/pry0cc/axiom) | diff --git a/data.json b/data.json index 5b8f801..d8f511f 100644 --- a/data.json +++ b/data.json @@ -1,4 +1,20 @@ { + "230-OOB": { + "Data": "| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. | ![](https://img.shields.io/github/stars/lc/230-OOB) | ![](https://img.shields.io/github/languages/top/lc/230-OOB) |", + "Description": "An Out-of-Band XXE server for retrieving file contents over FTP.", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, + "Method": "PAYLOAD", + "Type": "Utility", + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, "3klCon": { "Data": "| Discovery/ALL | [3klCon](https://github.com/eslam3kl/3klCon) | Automation Recon tool which works with Large \u0026 Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. | ![](https://img.shields.io/github/stars/eslam3kl/3klCon) | ![](https://img.shields.io/github/languages/top/eslam3kl/3klCon) |", "Description": "Automation Recon tool which works with Large \u0026 Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.", @@ -1023,6 +1039,22 @@ "Windows": "gem update XSpear" } }, + "XXEinjector": { + "Type": "Utility", + "Data": "| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | ![](https://img.shields.io/github/stars/enjoiz/XXEinjector) | ![](https://img.shields.io/github/languages/top/enjoiz/XXEinjector) |", + "Method": "PAYLOAD", + "Description": "Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, "a2sv": { "Data": "| Scanner/SSL | [a2sv](https://github.com/hahwul/a2sv) | Auto Scanning to SSL Vulnerability | ![](https://img.shields.io/github/stars/hahwul/a2sv) | ![](https://img.shields.io/github/languages/top/hahwul/a2sv) |", "Description": "Auto Scanning to SSL Vulnerability ", @@ -1503,6 +1535,22 @@ "Windows": "" } }, + "docem": { + "Data": "| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | ![](https://img.shields.io/github/stars/whitel1st/docem) | ![](https://img.shields.io/github/languages/top/whitel1st/docem) |", + "Description": "Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, + "Method": "PAYLOAD", + "Type": "Utility", + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, "domdig": { "Data": "| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications | ![](https://img.shields.io/github/stars/fcavallarin/domdig) | ![](https://img.shields.io/github/languages/top/fcavallarin/domdig) |", "Description": "DOM XSS scanner for Single Page Applications ", @@ -2768,15 +2816,15 @@ } }, "ppmap": { - "Type": "Scanner", "Data": "| Scanner/FUZZ | [ppmap](https://github.com/kleiton0x00/ppmap) | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | ![](https://img.shields.io/github/stars/kleiton0x00/ppmap) | ![](https://img.shields.io/github/languages/top/kleiton0x00/ppmap) |", - "Method": "FUZZ", "Description": "A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.", "Install": { "Linux": "", "MacOS": "", "Windows": "" }, + "Method": "FUZZ", + "Type": "Scanner", "Update": { "Linux": "", "MacOS": "", @@ -3551,6 +3599,22 @@ "Windows": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install" } }, + "xxeserv": { + "Data": "| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads | ![](https://img.shields.io/github/stars/staaldraad/xxeserv) | ![](https://img.shields.io/github/languages/top/staaldraad/xxeserv) |", + "Description": "A mini webserver with FTP support for XXE payloads", + "Install": { + "Linux": "", + "MacOS": "", + "Windows": "" + }, + "Method": "PAYLOAD", + "Type": "Utility", + "Update": { + "Linux": "", + "MacOS": "", + "Windows": "" + } + }, "ysoserial": { "Data": "| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) |", "Description": "A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. ",