Browsing tag
Why XSStrike? Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that’s just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are guaranteed to work. Here are […]
Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included. HTTP whatweb WPScan (only if whatweb returns a WordPress result) EyeWitness […]
What is SSRF vulnerability? Server Side Request Forgery (SSRF) is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external network. Installation git clone https://github.com/ariya/phantomjs.git cd phantomjs chmod +x build.py ./build.py Usage […]