threlfall's starred repositories
o365-attack-toolkit
A toolkit to attack Office365
magic-wormhole
get things from one computer to another, safely
dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
the-art-of-subdomain-enumeration
This repository contains all the supplement material for the book "The art of sub-domain enumeration"
CollabOzark
CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.
Jenkins-Pillage
A tool for automatically gathering sensitive information from exposed Jenkins servers
blackboxprotobuf
Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.
SAP_GW_RCE_exploit
SAP Gateway RCE exploits
WeblogicScan
Weblogic一键漏洞检测工具,V1.5,更新时间:20200730
CVE-2019-2618
Weblogic Unrestricted File Upload
ActiveScanPlusPlus
ActiveScan++ Burp Suite Plugin
SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
CRLF-Injection-Payloads
Payloads for CRLF Injection
GCPBucketBrute
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.