Imran Hossain's repositories
SQL-login-bypass
Brute forcing login pages with SQL Injection queries with cURL
-Plugin-WPML-Version-4.6.1-RXSS
WordPress Plugin WPML Version < 4.6.1 RXSS vulnerability
advanced-sql-injection-for-awae
basic + advance sql injection technique
aspxWebshell
asp.net webshell
CCTV-telegram-to-users
Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in real-time for logistics or safety, redefining how we navigate our surroundings.
CVE-2023-2825
GitLab CVE-2023-2825 PoC. This PoC leverages a path traversal vulnerability to retrieve the /etc/passwd file from a system running GitLab 16.0.0.
CVE-2023-28432
CVE-2023-28434 nuclei templates
CVE-2023-34992
CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit
cve-2023-3519-citrix-scanner
Citrix Scanner for CVE-2023-3519
CVE-2024-2389
enkins CVE-2024-23897 RCE
CVE-2024-23897
jenkins CVE-2024-23897 RCE
CVE-2024-29849
Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)
encodeMeThat
Payload encoder using sqlmap tampers.
Fast-Google-Dorks-Scan
The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.
GoogleRecaptchaBypass
Solve Google reCAPTCHA in less than 5 seconds! 🚀
missing-cve-nuclei-templates
Daily updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.
nowafpls
Burp Plugin to Bypass WAFs through the insertion of Junk Data
PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
Priv8-Nuclei-Templates
My Priv8 Nuclei Templates
PyPhisher
Easy to use phishing tool with 77 website templates. Author is not responsible for any misuse.
shell-extension-upload_bypass
File upload restrictions bypass, by using different bug bounty techniques!
SSRF-Testing
SSRF (Server Side Request Forgery) testing resources and payloads
svn-extractor
simple script to extract all web resources by means of .SVN folder exposed over network.
swagger-ui-xss
Swagger UI >=3.14.1 < 3.38.0 XSS payload
swagger-xssTOssrf
Swagger ui XSS to SSRF payload
Unicode-Punycode
Create Punycode text because Cpanel blocking you to create with Unicode Character. You can use this python script.
vulnerability-Checklist-logical
logical, bussiness error, broken authentication bugs
x8
Hidden parameters discovery suite with RUST
xorshell
Encoder PHP webshell to bypass WAF using XOR operations.