path-traversal

There are 1 repository under path-traversal topic.

• nemesida-waf / waf-bypass

  Check your WAF before an attacker does

  wafpython3bypasspythonrcexsswaf-bypass-toolapi-security-testinglfinosql-injectionpath-traversalrfisqli-injectiongraphql-injectionsstiwaf-testing
  Language:Python 1444

• chrispetrou / FDsploit

  File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

  exploitationenumerationowaspsecurity-toolslfirfidirectory-traversalpath-traversalweb-securitysecurityoscpfuzzingfile-includelfi-shellslfi-vulnerabilityinclusiondirectory-traversal-vulnerabilitypenetration-testingpentestinghacking
  Language:Python 273

• bayotop / off-by-slash

  Burp extension to detect alias traversal via NGINX misconfiguration at scale.

  burpsuitenginxpath-traversal
  Language:Python 264
• Vailyn

  VainlyStrain / Vailyn

  A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

  websecurityinformation-leakexploitationvulnerability-scannersdirectory-traversalpath-traversalpentest-toolwebsecvulnerability-assessmentpenetration-testingfilter-evasionvulnerability-detectionpentestinglfilfi-shellslfi-exploitationsecuritylocal-file-inclusionrcetakeover
  Language:Python 200

• AikidoSec / firewall-node

  Zen protects your Node app against attacks with one line of code. Get peace of mind— at runtime.

  attack-defensefirewallnodejsnosql-injectionraspsecuritypath-traversalsql-injectionshell-injection
  Language:TypeScript 116

• usdAG / slipit

  Utility for creating ZipSlip archives

  zipslipzip-slipziptarpath-traversalarchivetarballzip-archivesymlinkssymbolic-links
  Language:Python 79

• snsttr / diwa

  A Deliberately Insecure Web Application

  hackingsecuritysecurity-threatswebappsecinfosecowasp-top-10educationtraininglearnpracticeweb-securityxsssql-injectioncsrfsession-hijackingsession-fixationpath-traversalsensitive-data-exposurebrute-force-attackslocal-file-inclusion
  Language:PHP 69

• AikidoSec / firewall-java

  Zen protects your Java app against attacks with one line of code. Get peace of mind— at runtime.

  firewallpath-traversalraspsecurityshell-injectionsql-injection
  Language:Java 67
• ML-based-WAF

  vladan-stojnic / ML-based-WAF

  Simple machine learning based web application firewall (WAF) created in python

  sqlixsspath-traversalsql-injectioncross-site-scriptingcmdicommand-injectionparameter-tamperinghttpmlmachine-learningsvmtf-idfdecision-treeswafweb-application-firewallpythonsklearnscapydash
  Language:Jupyter Notebook 60

• BitTheByte / BitTraversal

  Burpsuite Plugin to detect Directory Traversal vulnerabilities

  burpsuiteburp-extensionsjavaburp-pluginburpsuite-extenderbugbountytraversalpath-traversalweb
  Language:Java 28

• dogancanbakir / metamaska

  μετάμάσκα - malevolent payload classifier

  command-injectioncybersecurityhacktoberfestmlpath-traversalpythonsql-injectionvulnerabilityxss
  Language:Jupyter Notebook 24

• treddis / dotdotfarm

  Fast Path Traversal exploitation tool

  appsecfuzzerlfipath-traversalpentestingpythonsecurityweb
  Language:Python 21

• opabravo / dfuf

  Dump files via Directory Traversal, LFI, Arbitrary File Read in a breeze with the help of ffuf

  ctf-toolsdirectory-traversaldumperfile-inclusionpentestctfoscppenetration-testingpentesting-toolsexfiltrationlfilocal-file-inclusionpath-traversal
  Language:Python 18

• sp34rh34d / WebRunner

  Web scraping | Website cloner | Path Traversal Scanner

  email-enumerationemail-extractorscrapingurl-extractorurl-parserctfpentestingregexppythonpython3crewlerclone-websiteclonerdirectory-traversallfilocal-file-inclusionpath-traversal
  Language:Python 16

• polarspetroll / EscapeAPI

  An API for escaping different kind of queries

  apidirectory-traversalos-command-injectionpath-traversalsecurityxss
  Language:Ruby 14

• jvlsg / HeadPage

  A (purpousely) vulnerable, social-media-like, django web application

  damn-vulnerable-web-applicationdamn-vulnerableowasp-top-10sql-injectionxssrceopen-redirectpath-traversal
  Language:Python 12

• Mr-xn / CVE-2024-36991

  Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows

  cvecve-2024cve-2024-36991path-traversalsplunk
  9

• ColdFusionX / CVE-2021-34429

  POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure

  cve-2021-34429web-xmlpath-traversaldockerexploiteclipsejetty
  Language:Java 6
• path_trav

  gatomod / path_trav

  🤨🔎 A simple path traversal checker made with Rust. Useful for APIs that serve dynamic files.

  fspathpath-traversalrustsecurity
  Language:Rust 6

• slicingmelon / gobypass403

  A powerful WAF (HTTP 403/401) and URL parser bypass tool developed in Go, designed to preserve exact URL paths and structures during testing.

  403-bypasscligolangpath-traversalpenetration-testingwaf-bypasswebsecurityaccess-control-bypassacl-bypass
  Language:Go 6

• verylazytech / CVE-2024-45241

  centeralsquarecrywolfcve-2024-45241exploitpath-traversalpoc
  6

• E1A / LFI2Keys

  LFI2Keys automates the process of extracting user accounts from /etc/passwd and attempts to locate private SSH keys through LFI

  lfilfi-exploitationlootingpath-traversalpath-traversal-exploitation
  Language:Python 5

• Kasim200429 / GoBypass403

  GoBypass403 is a tool designed to help security professionals test and bypass 403 Forbidden errors on web applications. It streamlines the penetration testing process, making it easier to identify vulnerabilities and enhance web security. 🛠️💻

  access-bypassaccess-controlbugbountyethical-hacking-toolshttp-headershttp-securitypath-traversalpenetration-testingsecuritysecurity-scannerweb-pentestingweb-securityweb-vulnerability
  Language:Go 5

• ThatNotEasy / Shell-Scanner

  Perform With Shell Scanner Using Path Traversal & Strings

  webshell-scanpath-traversalphp-malware-scanner
  Language:Python 5

• clevernyyyy / zip-slip-poc

  Quick and Dirty POC for Zip Slip

  path-traversalvulnerabilityzip-slip
  Language:JavaScript 4

• gunzf0x / CVE-2024-36991

  Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read.

  cve-2024-36991ethical-hackingpath-traversalpentestingsplunk
  Language:Python 4
• CVE-2020-29134

  Ls4ss / CVE-2020-29134

  Exploit CVE-2020-29134 - TOTVS Fluig Platform - Path Traversal

  cvecwe-22exploitfluighackingpath-traversalpayloadpentestpentest-tooltotvs
  Language:Shell 4

• sec-it / exploit-CVE-2019-14530

  OpenEMR < 5.0.2 - (Authenticated) Path Traversal - Local File Disclosure

  cve-2019-14530exploitlocal-file-disclosureopenemropenemr-exploitopenemr-vulnerabilitypath-traversalpoc
  Language:Ruby 4

• twseptian / cve-2021-41773

  CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited

  cve-2021-41773apachepath-traversalvulnerabilityshodanshodan-cli
  4

• FOGSEC / Mobile-Security-Framework-MobSF

  Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

  analysismalwaremobilesecurityframeworkandroidioswindowsautomationautomatedauto-exploitauto-exploiterdynamic-analysismobile-apixxepathpath-traversalred-teamredteam
  Language:Python 3

• mrmtwoj / WAFManis

  WAFManis is a Protocol-Level WAF Evasion Fuzzing Tool that automates the discovery of evasion vulnerabilities in Web Application Firewalls (WAFs) by fuzzing HTTP requests to identify potential bypass techniques.

  bypassnosqlnosqlinjectionosos-command-injectionpath-traversalsqlsqlinjectionwafxmlxmlinputformatxssxss-attacksxss-vulnerabilityxxexxe-injectionbypasswafnosqlpayloadsql-injection
  Language:Python 3

• luismiguelcasadodiaz / 42Barcelona_CiberDiscovery

  cibersecuritydecodingdirectory-listinghashingpath-traversalsql-injection
  2

• TheRedP4nther / LFI-aiohttp-CVE-2024-23334-PoC

  Bash script to automate Local File Inclusion (LFI) attacks on aiohttp server version 3.9.1.

  aiohttpaiohttp-serverbashcveexploitlfilocal-file-inclusionpath-traversalshell
  Language:Shell 2

• Francesco-Sovrano / llms_for_vulnerability_detection_are_lost_in_the_end

  Replication package of the paper 'Large Language Models for In-File Vulnerability Localization are "Lost in the End"' (https://doi.org/10.1145/3715758)

  ai-securitybug-localizationcode-in-the-haystackcwecyber-securitydeep-learninggptin-file-vulnerability-localizationlarge-language-modelsllamallm-researchllm-securitymixtralpath-traversalsoftware-analysissoftware-securitysql-injectionstatistical-analysisvulnerability-detectionxss
  Language:Jupyter Notebook 1

• pwnosec / ApachSAL

  Path Traversal automation vulnerability scanner tool.

  path-traversalpath-traversal-automationpath-traversal-exploitationvulnerability-detectionvulnerability-exploitation
  Language:Python 1

• XploitPoy-777 / RoboSploit

  A powerful, multi-threaded scanner designed for bug bounty hunters and penetration testers to detect exposed or sensitive paths hidden via robots.txt. Supports HTTP/2, advanced 401/403 bypass techniques, multiple HTTP methods, and outputs in JSON/CSV formats.

  access-controlbug-bounty-toolscybersecuritytoolsethicalhackingpath-traversalpenetration-testing-toolsred-team-toolsrobots-txt-file-scannerrobots-txt-monitoringrobots-txt-scannersecurity-auditing-toolsecurity-automationsecurity-researchvulnerability-scanning-toolsrobosploitrobots-tester-pro
  Language:Python 1