8,965 tools
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A tool for identifying and analyzing Java serialized objects in network traffic
A tool for identifying and analyzing Java serialized objects in network traffic
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A Burp Suite extension that formats GraphQL requests for easier reading
A Burp Suite extension that formats GraphQL requests for easier reading
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.
Command line tool for testing CRLF injection on a list of domains.
Command line tool for testing CRLF injection on a list of domains.
CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.
CorsMe is a specialized scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications and provides remediation recommendations.
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A multi-threaded scanner for identifying CORS flaws and misconfigurations
A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.
A security scanner that identifies Cross-Origin Resource Sharing (CORS) misconfigurations in web applications to detect potential vulnerabilities.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.