off-by-slash Logo

off-by-slash

0
Free
Network Security
Appsec
Apparmor
Nginx
Penetration Testing
Security Research
Visit Website

Burp extension to detect alias traversal via NGINX misconfiguration at scale. This extension is designed to help security researchers and penetration testers identify potential vulnerabilities in NGINX configurations. It works by analyzing the HTTP requests and responses to identify potential alias traversal vulnerabilities. This extension is a powerful tool for anyone who needs to test the security of their NGINX configurations.

FEATURES

ALTERNATIVES

Filebuster Logo
Filebuster

A fast and flexible web fuzzer for identifying vulnerabilities in web applications

Free
Network Security
Feroxbuster Logo
Feroxbuster

A fast and simple recursive content discovery tool

Free
Network Security
Mercury Logo
Mercury

Network metadata capture and analysis tool

Free
Network Security
DNS Tunnelling Logo
DNS Tunnelling

A technique to encode data within DNS queries for covert communication channels.

Free
Network Security
wireshark Logo
wireshark

A free, open-source network protocol analyzer for capturing and displaying packet-level data.

Free
Network Security
Subfinder Logo
Subfinder

Fast passive subdomain enumeration tool

Free
Network Security
IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks) Logo
IVRE (Instrument de veille sur les réseaux extérieurs) or DRUNK (Dynamic Recon of UNKnown networks)

A network recon framework including tools for passive and active recon

Free
Network Security
JARM Logo
JARM

JARM is a TLS server fingerprinting tool used for identifying server configurations and malicious infrastructure.

Free
Network Security

PINNED

Mandos Brief Newsletter Logo

Mandos Brief Newsletter

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Resources
PTJunior Logo

PTJunior

An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

Offensive Security
CTIChef.com Detection Feeds Logo

CTIChef.com Detection Feeds

A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

Threat Management
ImmuniWeb® Discovery Logo

ImmuniWeb® Discovery

ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Attack Surface Management
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security