Xxe

XXEinjector

Automate the exploitation of XXE vulnerabilities

oxml_xxe

A tool for embedding XXE/XML exploits into different filetypes

docem

A tool to embed XXE and XSS payloads in various file formats

xxexploiter

A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.

metahttp

A bash script for scanning a target network for HTTP resources through XXE

xxeserv

A mini webserver with FTP support for XXE payloads

B-XSSRF

A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities

Damn Vulnerable Web Services

An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.

Bug Bounty Cheat Sheet

A comprehensive reference guide covering various web application vulnerabilities, testing techniques, and resources for bug bounty hunters and security researchers.

Ground Control

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

Bug Bounty Reference

A categorized collection of bug bounty write-ups that documents real-world vulnerability discoveries and exploitation techniques across various security flaw types.

Damn Small Vulnerable Web

A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.

Wapiti

Web-application vulnerability scanner with extensive coverage of security testing modules.