Xss_Vulnerability_Challenges – This Repository Is A Docker Containing Some "XSS Vulnerability" Challenges And Bypass Examples

This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic XSS validation bypass Double encode bypass of WAF to exploit XSS Exploiting XSS by bypassing escape characters Quick Start Using Docker Using docker hub (Quickest): ToRead More

EDRSandblast – Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland (–usermode) and Kernel-land (–kernelmode) techniques were used to dump LSASS memory underRead More

Ipsourcebypass – This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers

This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with –json outputfile.json. Auto-detecting most successfull bypasses. Usage $ ./ipsourcebypass.py -h[~] IP source bypass using HTTP headers, v1.1usage: ipsourcebypass.py [-h] [-v] -i IP [-t THREADS] [-x PROXY] [-k] [-L] [-j JSONFILE] urlThis Python scriptRead More

Dontgo403 – Tool To Bypass 40X Response Codes

dontgo403 is a tool to bypass 40X errors. Installation git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build Customization If you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it. Options custom header to the requests (can be specifiedRead More

Espoofer – An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails. Figure 1. A case of our spoofing attacksRead More

Shellcode-Encryptor – A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus

A simple shell code encryptor/decryptor/executor to bypass anti virus. Note: I have completely redone the work flow for creating the bypass, I have found injecting the binary into memory using PowerShell as the most effective method. Purpose To generate a .Net binary containing base64 encoded, AES encrypted shellcode that will execute on a Windows target,Read More

Forbidden – Bypass 4Xx HTTP Response Status Codes

Bypass 4xx HTTP response status codes. Based on PycURL. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To filter out false positives, check each content length manually withRead More

4-ZERO-3 – 403/401 Bypass Methods + Bash Automation

>_ Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is same for multiple [200 Ok]/bypasses means false positive. Reason can be “301/302” or “../” [Payload] DON’T PANIC. ScriptRead More

pFuzz – Helps Us To Bypass Web Application Firewall By Using Different Methods At The Same Time

pFuzz is an advanced red teaming fuzzing tool which we developed for our research. It helps us to bypass web application firewall by using different methods at the same time. pFuzz web uygulama araştırmaları için geliştirdiğimiz, gelişmiş bir fuzzing aracıdır. Farklı güvenlik uygulamaları üzerinde çeşitli saldırı yöntemlerinin denenmesi konusunda süreci hızlandırmak için geliştirilmiştir. Description pFuzzRead More