Advanced-SQL-Injection-Cheatsheet. A cheat sheet that contains advanced queries for SQL Injection of all types.
3.2kppmap. A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
520Proxy-DLL-Loads. A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
409XSScope. XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.
314RedditC2. Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.
274Shelltropy. A technique of hiding malicious shellcode via Shannon encoding.
269RemoteShellcodeExec. Execute shellcode from a remote-hosted bin file using Winhttp.
236CORS-one-liner. A one liner Bash command which finds CORS in every possible endpoint.
152RtlHijack. Alternative Read and Write primitives using Rtl* functions the unintended way.
79HTTP-Smuggling-Calculator. Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.
73CRLF-one-liner. A simple Bash one liner with aim to automate CRLF vulnerability scanning.
69Todesstern. A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities
67contexter. Contexter - A secondary context path traversal / server-side parameter pollution testing tool written in Python 3
27kleiton0x00.github.io. SCSS
11cpoise. A security testing tool designed to detect and analyze Cache Poisoned Denial of Service (CPDoS) and Cache Deception vulnerabilities in web applications and CDNs.
7kleiton0x00.
2