Krzysztof Kotowicz

Elite
@koto

xsschef. Chrome extension Exploitation Framework

572

mosquito. XSS exploitation tool - access victims through HTTP proxy

162

blog-kotowicz-net-examples. Code Examples for blog.kotowicz.net

135

phar-util. PharUtil - Security-oriented utilities for Phar archives

129

socket_io_client. Python tool for testing vulnerabilities in WebSockets / Socket.IO servers

69

gitpillage. Pillage a git repo found in an accessible web root

60

squid-imposter. Phishing attack w/HTML5 offline cache framework based on Squid proxy

30

owasp-malicious-javascript. Materials for OWASP presentation on malicious JavaScript

16

svn-tools. Various command-line utilities for Subversion users

11

sslstrip. A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

11

httpfileserver. Simple PHP REST file server implementation. You put and retrieve files using any HTTP client e.g. wget

9

cors-proxy-browser. CORS based proxy (with Flash backend, remote control, MalaRIA integration and more goodies)

7

ajax-upload. Use AJAX Upload to upload multiple files without refreshing the page and style upload button as you wish.

5

iplex_adblock. Adblock HTTP proxy server for iplex.pl movies

3

Demo-ClientsideWebAttacks. Demonstration of some client-side web application vulnerabilities (DOM XSS, Clickjacking) and wrong usage of local storage.

3

exceed-mitm. Exceed OnDemand MITM proof-of-concept

3

htshells. Self contained htaccess shells and attacks

3

websockify. Add WebSockets support to any application/server (formerly wsproxy)

3

DeathToDSStore. .DS_Store is an abomination and must be stopped.

2

react. A declarative, efficient, and flexible JavaScript library for building user interfaces.

2

visipisi.

2

WebFundamentals. Best practices for modern web development

2

beef. The Browser Exploitation Framework Project

2

reconnecting-websocket. A small decorator for the JavaScript WebSocket API that automatically reconnects

2

projects. JavaScript

2

SQLol. A configurable SQL injection test-bed

2

MotionCAPTCHA. MotionCAPTCHA jQuery Plugin - Stop Spam, Draw Shapes

2

node-shells. JavaScript

2

html5demos. Collection of hacks and demos showing capability of HTML5 apps

2

burp-extensions. Various small Burp extensions

2

phpbb3. phpBB 3 Development: phpBB is a popular open-source bulletin board written in PHP. This repository also contains the history of version 2.

1

mitmproxy. An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

1

react-redux-realworld-example-app. Exemplary real world application built with React + Redux

1

libs. Coleção de classes PHP com propósitos diversos

1

MalaRIA-Proxy. Proof of concept code (which means poor code quality) for a proxy abusing unrestricted cross domain policies.

1

webpack. A bundler for javascript and friends. Packs many modules into a few bundled assets. Code Splitting allows for loading parts of the application on demand. Through "loaders", modules can be CommonJs, AMD, ES6 modules, CSS, Images, JSON, Coffeescript, LESS, ... and your custom stuff.

1

node_chat. simple chat demo for node

1

AjaxFileUpload. A jQuery plugin that simulates asynchronous file uploads.

1

Socket.IO-node. Sockets for the rest of us (in Node.js)

1

ICanHaz.js. A clean solution for templating with Mustache.js and jQuery or Zepto

1

end-to-end-1. End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP.

1

owtf. The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp

1

stupid-websocket-tcp-proxy. A very stupid websocket tcp proxy (using websockets with unmodified TCP servers)

1

pyinotify. Monitoring filesystems events with inotify on Linux.

1

DOMPurify. DOMPurify

1

webappsec. Web Application Security Working Group repo

1

ahDoctrineEasyEmbeddedRelationsPlugin. ahDoctrineEasyEmbeddedRelationsPlugin

1
47
Apply