Client-Side Prototype Pollution Tools

Prototype Pollution and useful Script Gadgets

Client Side Prototype Pollution Scanner

RCE 0-day for GhostScript 9.50 - Payload generator

Dell Driver EoP (CVE-2021-21551)

client-side prototype pullution vulnerability scanner

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

Prototype pollution scanner using headless chrome

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

A Blazing fast Security Auditing tool for Kubernetes

Automated Tool That Generate The Perfect Powershell Payload

A vulnerability scanner for container images and filesystems

AV/EDR evasion via direct system calls.

Find netblocks owned by a company

Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites

A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications

Tool for scan vulnerabilities in Moodle platforms

CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

PowerShell module providing utility commands to manipulate a APK file on Windows

Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber

Tutorials and Things to Do while Hunting Vulnerability.

Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to …

Ressources for bug bounty hunting

simple script to extract all web resources by means of .SVN folder exposed over network.

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the…

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF…

Wordlists for Fuzzing