K55 – Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads

(pronounced: “kay fifty-five”) The K55 payload injection tool is used for injecting x86_64 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace(). The shellcode spawned in the target process is 27 bytes and it executes /bin/sh (spawns a bash shell) withinRead More

CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template. Installation _____ _________________ ___________ / __ / ___| ___ ___| ___| ___ | / / `–.| |_/ / |_ |Read More

DropEngine – Malleable Payloads!

By @s0lst1c3 DisclaimerDropEngine (the “Software”) and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied, and hereby disclaims all implied warranties, including any warranty of merchantability and warranty of fitness for a particular purpose. Any actions or activities related to the use of the Software are the sole responsibilityRead More

Git All The Payloads! A Collection Of Web Attack Payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usagerun ./get.sh to download external payloads and unzip any payload files that are compressed.Payload Credits fuzzdb – https://github.com/fuzzdb-project/fuzzdb SecLists – https://github.com/danielmiessler/SecLists xsuperbug – https://github.com/xsuperbug/payloads NickSanzotta – https://github.com/NickSanzotta/BurpIntruder 7ioSecurity – https://github.com/7ioSecurity/XSS-Payloads shadsidd – https://github.com/shadsidd shikari1337 – https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/ xmendez – https://github.com/xmendez/wfuzz minimaxir –Read More

Server Side Template Injection Payloads

Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template injection attacks can occur when user input is concatenated directly into aRead More

PayloadsAllTheThings – A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the _template_vuln folder to create a new chapter: README.md – vulnerability description and how to exploit it Intruder – a set of files to giveRead More

Thoron Framework – Tool To Generate Simple Payloads To Provide Linux TCP Attack

About Thoron Framework Thoron Framework is a Linux post-exploitation framework that exploitLinux tcp vulnerability to get shell-like connection. Thoron Framework is used to generate simple payloads to provide Linux tcp attack. Getting started Thoron installation cd thoron chmod +x install.sh ./install.sh Thoron uninstallation cd thoron chmod +x uninstall.sh ./uninstall.sh Thoron Framework execution To execute ThoronRead More

Pwndrop – Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.If you’ve ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!Read More

crauEmu – An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks

crauEmu is an uEmu extension for developing and analyzing payloads for code-reuse attacks. Slides from ZeroNights 2019 Demo 1 – X32-64, Edge, rop-gadgets from pwnjs Demo 2 – ARM64, checkm8 callback-chain * Mascot designed by @kottsarapkin RopEditor Installation Put the file crauEmu.py in same location as uEmu.py. Use File / Script file… or ALT+F7 in IDARead More