Contexter - A secondary context path traversal / server-side parameter pollution testing tool written in Python 3

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities

Execute shellcode from a remote-hosted bin file using Winhttp.

A cheat sheet that contains advanced queries for SQL Injection of all types.

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.

A technique of hiding malicious shellcode via Shannon encoding.

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.

A one liner Bash command which finds CORS in every possible endpoint.

A simple Bash one liner with aim to automate CRLF vulnerability scanning.