This is your work, valued
Web-Attack-Cheat-Sheet. Web Attack Cheat Sheet
4.4khsecscan. A security scanner for HTTP response headers.
298h2rs. Detects request smuggling via HTTP/2 downgrades.
94pubkey-pin-android. Just another example for Android Public Key Pinning (based on OWASP example)
38h2csmuggler-proxy. This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.
36DesyncCL0. A simple tool to detect vulnerabilities described here https://portswigger.net/research/browser-powered-desync-attacks.
35SmuggleTP. A straightforward tool for exploiting SMTP Smuggling vulnerabilities.
14bc2telegram. Simple script to report Burp Collaborator interactions to Telegram bot chat
9headers. Python script to get all response headers from Alexa top sites file and store in a MySQL database.
5huebrchallenge01. This is my first web challenge called "HueBR Challenge 01".
5hpdd. This script detects header parsing discrepancies across different proxies in a chain by testing various header mutations and comparing responses.
5h2csmuggler. HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
4waymore. Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
3evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
3knary. A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark & Pushover support
2dnsobserver. A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack.
2smuggler. Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
1Web-Cache-Vulnerability-Scanner. Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
1IE11xCORSxSOP. IE11 is not following CORS specification for local files
1riramar.github.io. HTML
1