Swissky
2c10b28976
Merge pull request #561 from gdraperi/patch-2
...
Update YAML.md
2022-10-05 14:55:34 +02:00
gdraperi
666a90ffee
Update YAML.md
...
Updating the actual risks for Python
2022-10-05 13:47:24 +02:00
Swissky
a766679356
Merge pull request #559 from gdraperi/patch-1
...
Update README.md
2022-10-05 10:20:58 +02:00
Swissky
643374e1d7
Add reference
2022-10-05 10:20:05 +02:00
gdraperi
2d03a74555
Update README.md
...
Adding payloads for Citrix and Cisco
2022-10-05 10:06:21 +02:00
Swissky
44d761eb2c
Merge pull request #558 from CyberVarun/master
...
Added portswigger labs and reference in Command injection
2022-10-05 09:58:40 +02:00
Varun Jagtap
3022c25995
Added portswigger labs and reference
2022-10-05 12:50:10 +05:30
Swissky
c420ed6bf7
Merge pull request #553 from ndsvw/Linkfix
...
Fixed invalid hyperlink
2022-10-04 11:08:59 +02:00
Swissky
a1c783d8d2
Merge pull request #555 from mschader/patch-8
...
CVE Exploit: Add trickest CVE repo
2022-10-04 09:42:05 +02:00
Swissky
a5c91d8ed3
Merge pull request #556 from mschader/patch-9
...
Zip Slip: Add slipit to tools
2022-10-04 09:40:51 +02:00
Swissky
77b0599653
Merge pull request #554 from qligier/master
...
XXE: Improve the documentation
2022-10-03 18:44:54 +02:00
Markus
950114b9e6
Zip Slip: Add slipit to tools
2022-10-03 18:19:28 +02:00
Markus
f8d04cef3b
CVE Exploit: Add trickest CVE repo
2022-10-03 17:51:39 +02:00
Quentin Ligier
6bbdc85aa2
XXE: Improve the documentation
...
- Add two references: "OWASP XXE prevention cheat sheet" and "XXE: How to become a Jedi"
- Describe the Parameters Laugh attack
- Expand the WAF bypass method with UTF-7
- Update the summary
2022-10-03 17:14:22 +02:00
Alexander Lübeck
576322d475
Fixed invalid hyperlink
2022-10-02 15:58:16 +02:00
Swissky
bbe4bbce05
Merge pull request #552 from swisskyrepo/hacktober-methodo-rework
...
Methodology and enumeration rework
2022-10-02 13:14:35 +02:00
Swissky
99a1304af9
Methodology and enumeration rework
2022-10-02 13:13:16 +02:00
Swissky
3f1689b9bc
Merge pull request #551 from swisskyrepo/hacktober-blind-ssti
...
Blind SSTI Jinja
2022-10-02 12:27:07 +02:00
Swissky
4ed3e3b6b9
Blind SSTI Jinja
2022-10-02 12:24:39 +02:00
Swissky
444d8ad169
Merge pull request #549 from InTruder-Sec/master
...
Added PortSwigger Labs to the repo
2022-10-02 12:16:08 +02:00
Swissky
6b9f6de7dd
Merge pull request #548 from mschader/patch-7
...
Java RMI: Add remote-method-guesser to tools
2022-10-02 12:14:51 +02:00
Deep Dhakate
a670a26eea
Update
2022-10-02 06:13:01 +00:00
Markus
bd6a1b759a
Java RMI: Add remote-method-guesser to tools
...
This also includes slight adjustments to the README.md to adhere to the current contribution example layout
2022-10-01 22:04:49 +02:00
Deep Dhakate
9f0c70d46f
update
2022-10-01 19:56:49 +00:00
Swissky
9d1421a6c3
Merge pull request #547 from mschader/patch-6
...
Api Key Leaks: Add Trivy to tools section
2022-10-01 19:01:47 +02:00
Markus
b7d275d5b0
Api Key Leaks: Add Trivy to tools section
2022-10-01 17:20:51 +02:00
Swissky
72a8556dc9
NodeJS Serialization
2022-09-23 11:21:29 +02:00
Swissky
7a528ccb3f
Merge pull request #545 from noraj/patch-1
...
Blind NoSQL scripts
2022-09-23 00:38:05 +02:00
Alexandre ZANNI
7e2fa15462
Blind NoSQL scripts
...
- add missing menu item
- use better string interpolation for python script
- add ruby script
2022-09-23 00:36:41 +02:00
Swissky
2d30e22121
DPAPI - Data Protection API
2022-09-23 00:35:34 +02:00
Swissky
6b76c452a7
Merge pull request #544 from Processus-Thief/master
...
update hekatomb to install with pip
2022-09-22 16:12:23 +02:00
Processus Thief
8d564ff78b
update hekatomb to install with pip
...
hekatomb is now available on pypi to simplify its installation
2022-09-22 16:10:20 +02:00
Swissky
097756da1c
Merge pull request #543 from noraj/patch-1
...
add 3 template engines + add lang in menu
2022-09-21 11:42:32 +02:00
Alexandre ZANNI
3e68276fb7
add 3 template engines + add lang in menu
2022-09-21 11:28:57 +02:00
Swissky
c3421582bc
Merge pull request #542 from Processus-Thief/master
...
Adding Hekatomb.py to DPAPI credentials stealing
2022-09-20 22:31:07 +02:00
Processus Thief
885f8bdb8f
Adding Hekatomb.py to DPAPI credentials stealing
...
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations.
Then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials.
More infos here : https://github.com/Processus-Thief/HEKATOMB
2022-09-20 16:56:07 +02:00
Swissky
267713c0fb
YAML Deserialization
2022-09-16 16:37:40 +02:00
Swissky
e677f07197
Merge pull request #539 from dhmosfunk/master
...
add a new tool for manually http request smuggling exploitation
2022-09-16 08:53:00 +02:00
Dhmos Funk
b4e7add674
add simple http smuggler generator for easiest manually exploitation
2022-09-16 02:30:57 +03:00
Dhmos Funk
d5aed653e8
Update README.md
2022-09-14 18:05:31 +03:00
Swissky
b8afbc8f92
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2022-09-13 22:04:58 +02:00
Swissky
c7dd67986c
Oracle SQL
2022-09-13 22:04:21 +02:00
Swissky
d32c48bad8
Merge pull request #538 from clem9669/master
...
XSS: Adding brutelogic polyglot
2022-09-13 15:03:34 +02:00
clem9669
88134256c8
Adding brutelogic polyglot
...
Adding brutelogic polyglot from blog post.
2022-09-13 11:58:10 +00:00
Swissky
0ca060c049
Merge pull request #537 from dhmosfunk/master
...
Update the Postgresql time based payloads for database,table,columns extract
2022-09-10 16:44:20 +02:00
Dhmos Funk
aa89a909d1
Update PostgreSQL Injection.md
2022-09-10 15:56:31 +03:00
Swissky
38fa931b84
Merge pull request #525 from mrThe/patch-1
...
Add boolean-error-based vector for the sqlite
2022-09-07 14:02:54 +02:00
Swissky
7663594118
Update SQLite Injection.md
2022-09-07 14:02:38 +02:00
Swissky
e11a37e6a2
Merge pull request #515 from vladko312/patch-1
...
Added a new SSTI tool
2022-09-07 14:01:09 +02:00
Swissky
d24e3f2d61
Merge pull request #497 from kz-cyber/xss/angular-xss-2
...
[update] Angular XSS payload
2022-09-07 00:34:29 +02:00