From 7c19cdd2a4a8171b3c25a6e3f6fb3c971001f01c Mon Sep 17 00:00:00 2001 From: Kamil Vavra <47953210+vavkamil@users.noreply.github.com> Date: Mon, 11 Jan 2021 22:42:53 +0100 Subject: [PATCH] Update README.md --- README.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 45b3e0a..5ed5221 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ - [Exploitation](#Exploitation) - [CMS](#) - [Command Injection](#) - - [CORS Misconfiguration](#) + - [CORS Misconfiguration](CORS Misconfiguration) - [CRLF Injection](#) - [CSRF Injection](#) - [Directory Traversal](#) @@ -35,6 +35,7 @@ - [Subdomain takeover](#) - [XSS Injection](#) - [XXE Injection](#) + - [postMessage](#postMessage) --- @@ -43,13 +44,63 @@ Lorem ipsum dolor sit amet - ### JSON Web Token +### CORS Misconfiguration - Lorem ipsum dolor sit amet +Lorem ipsum dolor sit amet - - [bar](#bar) +- [Corsy](https://github.com/s0md3v/Corsy) - CORS Misconfiguration Scanner +- [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner +- [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations + + +### JSON Web Token + +Lorem ipsum dolor sit amet + +- [jwt_tool](https://github.com/ticarpi/jwt_tool) - A toolkit for testing, tweaking and cracking JSON Web Tokens +- [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) - JWT brute force cracker written in C +- [jwt-heartbreaker](https://github.com/wallarm/jwt-heartbreaker) - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources +- [jwtear](https://github.com/KINGSABRI/jwtear) - Modular command-line tool to parse, create and manipulate JWT tokens for hackers +- [jwt-key-id-injector](https://github.com/dariusztytko/jwt-key-id-injector) - Simple python script to check against hypothetical JWT vulnerability. + +### Server Side Request Forgery + +Lorem ipsum dolor sit amet + +- [SSRFmap](https://github.com/swisskyrepo/SSRFmap) - Automatic SSRF fuzzer and exploitation tool +- [Gopherus](https://github.com/tarunkant/Gopherus) - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers +- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities. +- [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep +- [SSRFire](https://github.com/micha3lb3n/SSRFire) - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects +- [httprebind](https://github.com/daeken/httprebind) - Automatic tool for DNS rebinding-based SSRF attacks +- [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) - A simple SSRF-testing sheriff written in Go +- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF +- [extended-ssrf-search](https://github.com/Damian89/extended-ssrf-search) - Smart ssrf scanner using different methods like parameter brute forcing in post and get... +- [gaussrf](https://github.com/KathanP19/gaussrf) - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters. +- [ssrfDetector](https://github.com/JacobReynolds/ssrfDetector) - Server-side request forgery detector +- [grafana-ssrf](https://github.com/RandomRobbieBF/grafana-ssrf) - Authenticated SSRF in Grafana +- [sentrySSRF](https://github.com/xawdxawdx/sentrySSRF) - Tool to searching sentry config on page or in javascript files and check blind SSRF + + +- []() - +- []() - +- []() - +- []() - +- []() - +- []() - +- []() - +- []() - + + +### postMessage + +Lorem ipsum dolor sit amet + +- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon +- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool + ## Contribute Contributions welcome! Read the [contribution guidelines](contributing.md) first.