UK

Paul Taylor

Expert
@bao7uo

๐•“๐•’๐• ๐ŸŸ๐•ฆ๐• 

RAU_crypto. Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)

181

dp_crypto. Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)

178

target-redirector. Target Redirector is a Burp Suite Extension written in Kotlin, which redirects all Burp requests destined for a chosen target to a different target of your choice. The hostname/IP, port and protocol (HTTP/HTTPS) can all be configured to an alternative destination.

26

bmc_bladelogic. BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063

20

HexyRunner. Takes raw hex shellcode (e.g. msfvenom hex format) from a cmd line arg, text file, or URL download and runs it.

20

waf-cookie-fetcher. WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.

16

dell-emc_recoverpoint. Exploits for Dell EMC RecoverPoint enterprise data protection platform

13

MixedUp. Mixed Mode Assembly PoC with sample payloads in DLLMain

12

burp-extender-api-kotlin. Burp Extender API - Unofficial Kotlin version

11

smooth-drop-shadow. Copies images, adding a smooth drop shadow, with enlargement to accommodate. Requires GIMP.

8

nf_conntrack-for-scanners. Alters the nf_conntrack settings profile to make it suitable for scanners such as nmap, nessus, etc

7

PortRanger. Converts an unordered (e.g. grepped) network ports to a condensed range/list that is suitable for nmap and other tools.

6

redacterm. Edit terminal output ready for screenshots - highlight key areas and redact sensitive info.

6

BurpelFish. BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages.

5

mx-direct-mail-sender. Sends a direct email, with no relay required, by looking up the MX record and delivering the message to one of the resulting mail servers.

3

reGeorg. The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

2

picelf. Embed shellcode directly into a minimally sized ELF file

1

Keylogger. A simple keylogger for Windows, Linux and Mac

1
18
Apply