-all-xss-payloads

-all-xss-payloa...

xss-security-scanner

XSS Security Scanner A professional web-based XSS vulnerabili...

Exploit for CVE-2025-1302

CVE-2025-1302 JSONPath-Plus RCE PoC PoC Script Name: po...

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework CVE-2025-26633 to execute malicious code on infected machines...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

EN Is a Proof of Concept PoC script to check for vulnerabil...

SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers

SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners,...

CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors. About Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and...

HCL Technologies HCL Digital Experience 跨站脚本漏洞

HCL Technologies HCL Digital Experience is a suite of digital experience platforms, content delivery solutions from HCL Technologies, USA. HCL Technologies HCL Digital Experience suffers from a security vulnerability that originates from an attacker being able to construct customized cross-site...

APSoft-Web-Scanner-v2 - Powerful Dork Searcher And Vulnerability Scanner For Windows Platform

APSoftWebscanner Version 2 new version of APSoft Webscanner Version 1 Software pictures What can i do with this ? with this software, you will be able to search your dorks in supported search engines and scan grabbed urls to find their vulnerabilities. in addition , you will be able to generate...

aMALgamous

This repository is an offensive tool for creating custom malware payloads. It is a Python-based tool that allows users to generate various types of malware payloads, including Meterpreter, Shell, and Python payloads, as well as payloads for specific platforms such as Windows and macOS. The tool i...

DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The...

WinPayloads: Generate Undetectable Windows Payloads!

PenTestIT RSS Feed An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. What is...

Python Remote Administration Tool: Stitch

Python Remote Administration Tool This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of...

Sticky Keys Persistence Module

This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...

XSSYA v2.0 - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA Cross Site Scripting Scanner & Vulnerability Confirmation written in python scripting language confirm the XSS Vulnerability in two method first work by execute the payload encoded to bypass Web Application Firewall which is the first method request and responseif it respond 200 it turn...

Raspberrypi Wireless Attack Toolkit

Raspberrypi Wireless Attack Toolkit is a push-button wireless hacking and Man-in-the-Middle attack toolkit This project is designed to run on Embedded ARM platforms specifically v6 and RaspberryPi . It provides users with automated wireless attack tools that air paired with man-in-the-middle tool...