mirror of
https://github.com/xalgord/awesome-bugbounty-tools.git
synced 2024-12-12 05:42:29 +00:00
Update README.md
This commit is contained in:
parent
edf5ec8d71
commit
7c19cdd2a4
1 changed files with 55 additions and 4 deletions
59
README.md
59
README.md
|
@ -17,7 +17,7 @@
|
|||
- [Exploitation](#Exploitation)
|
||||
- [CMS](#)
|
||||
- [Command Injection](#)
|
||||
- [CORS Misconfiguration](#)
|
||||
- [CORS Misconfiguration](CORS Misconfiguration)
|
||||
- [CRLF Injection](#)
|
||||
- [CSRF Injection](#)
|
||||
- [Directory Traversal](#)
|
||||
|
@ -35,6 +35,7 @@
|
|||
- [Subdomain takeover](#)
|
||||
- [XSS Injection](#)
|
||||
- [XXE Injection](#)
|
||||
- [postMessage](#postMessage)
|
||||
|
||||
|
||||
---
|
||||
|
@ -43,13 +44,63 @@
|
|||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
### JSON Web Token
|
||||
### CORS Misconfiguration
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [bar](#bar)
|
||||
- [Corsy](https://github.com/s0md3v/Corsy) - CORS Misconfiguration Scanner
|
||||
- [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner
|
||||
- [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations
|
||||
|
||||
|
||||
|
||||
|
||||
### JSON Web Token
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [jwt_tool](https://github.com/ticarpi/jwt_tool) - A toolkit for testing, tweaking and cracking JSON Web Tokens
|
||||
- [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) - JWT brute force cracker written in C
|
||||
- [jwt-heartbreaker](https://github.com/wallarm/jwt-heartbreaker) - The Burp extension to check JWT (JSON Web Tokens) for using keys from known from public sources
|
||||
- [jwtear](https://github.com/KINGSABRI/jwtear) - Modular command-line tool to parse, create and manipulate JWT tokens for hackers
|
||||
- [jwt-key-id-injector](https://github.com/dariusztytko/jwt-key-id-injector) - Simple python script to check against hypothetical JWT vulnerability.
|
||||
|
||||
### Server Side Request Forgery
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [SSRFmap](https://github.com/swisskyrepo/SSRFmap) - Automatic SSRF fuzzer and exploitation tool
|
||||
- [Gopherus](https://github.com/tarunkant/Gopherus) - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
|
||||
- [ground-control](https://github.com/jobertabma/ground-control) - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
|
||||
- [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) - GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
|
||||
- [SSRFire](https://github.com/micha3lb3n/SSRFire) - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
|
||||
- [httprebind](https://github.com/daeken/httprebind) - Automatic tool for DNS rebinding-based SSRF attacks
|
||||
- [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) - A simple SSRF-testing sheriff written in Go
|
||||
- [B-XSSRF](https://github.com/SpiderMate/B-XSSRF) - Toolkit to detect and keep track on Blind XSS, XXE & SSRF
|
||||
- [extended-ssrf-search](https://github.com/Damian89/extended-ssrf-search) - Smart ssrf scanner using different methods like parameter brute forcing in post and get...
|
||||
- [gaussrf](https://github.com/KathanP19/gaussrf) - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
|
||||
- [ssrfDetector](https://github.com/JacobReynolds/ssrfDetector) - Server-side request forgery detector
|
||||
- [grafana-ssrf](https://github.com/RandomRobbieBF/grafana-ssrf) - Authenticated SSRF in Grafana
|
||||
- [sentrySSRF](https://github.com/xawdxawdx/sentrySSRF) - Tool to searching sentry config on page or in javascript files and check blind SSRF
|
||||
|
||||
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
- []() -
|
||||
|
||||
|
||||
### postMessage
|
||||
|
||||
Lorem ipsum dolor sit amet
|
||||
|
||||
- [postMessage-tracker](https://github.com/fransr/postMessage-tracker) - A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
|
||||
- [PostMessage_Fuzz_Tool](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool) - #BugBounty #BugBounty Tools #WebDeveloper Tool
|
||||
|
||||
## Contribute
|
||||
|
||||
Contributions welcome! Read the [contribution guidelines](contributing.md) first.
|
||||
|
|
Loading…
Reference in a new issue