A tool to find good RCE From my series: A powerful Burp extension to make bounties rain
Well i got exactly what you need this burpsuite extension powered by a powerful AI engine, find good RCE and report it, all you need is to install it and browse sites like normal unsuspecting users (how cool is that).
Download and install
Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
log4jscanner log4j burp插件 特点如下: 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性,将host带入dnslog中 插件主要识别五种形式: 1.get请求,a=1&b=2&c=3 2.post请求,a=1&b=2&c=
yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log
CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre
omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa
Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is strong enough to prevent unauthorized users from memorizing it.
CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar README project base on https://github.com/Y4er/CVE-2020-2555 and weblo
Gitlab RCE - Remote Code Execution RCE for old gitlab version = 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f
log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址
BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF
unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works
Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss
DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst
BurpSuite Extension: Log4j RCE Scanner
Log4j2 RCE Scanner 作者:key@元亨实验室 声明:由于传播、利用本项目所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,项目作者不为此承担任何责任。 小广告:实验室纳新招人,岗位方向有安全研究(攻防、漏洞)、威胁情报(APT分析)、内部安全(SDL、安全研发)
xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/
364 Dec 30, 2022
29 Nov 9, 2022
1 Jun 30, 2022
1 Jan 31, 2022
7 Nov 9, 2022
13 Jul 13, 2022
0 Feb 7, 2022
77 Dec 6, 2022
153 Nov 9, 2022
5 Dec 10, 2021
118 Nov 7, 2022
16 Aug 30, 2022
86 Dec 31, 2022
162 Nov 25, 2022
7 Dec 7, 2022
14 Nov 11, 2022
1 Dec 16, 2021
87 Dec 29, 2021
588 Jan 9, 2023