10.6. Exploitation/Detection

10.6.1. Database Injection

• SQLMap

• bbqsql

• MSDAT Microsoft SQL Database Attacking Tool

10.6.2. Unstructured database injection

• NoSQLAttack

• NoSQLMap

• Nosql Exploitation Framework

• MongoDB audit

10.6.3. Database exploits

• mysql unsha1

• ODAT Oracle Database Attacking Tool

10.6.4. XSS

• BeEF

• XSS Reciver

• DSXS

• XSStrike

• xsssniper

• tracy

• xsleaks A collection of browser-based side channel attack vectors

10.6.5. SSRF

• SSRFmap

• SSRF Proxy

• Gopherus

• SSRF Testing

10.6.6. Template Injection

• tplmap

10.6.7. HTTP Request Smuggling

• smuggler An HTTP Request Smuggling / Desync testing tool written in Python

• h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

10.6.8. Command Injection

• commix

10.6.9. PHP

• Chankro Herramienta para evadir disable_functions y open_basedir

10.6.10. LFI

• LFISuite

• FDsploit

10.6.11. struts

• struts scan

10.6.12. CMS

• Joomla Vulnerability Scanner

• Drupal enumeration & exploitation tool

• Wordpress Vulnerability framework

• TPscan one-click ThinkPHP vulnerability detection

• dedecmscan dream weaving full version vulnerability scan

10.6.13. Java Frameworks

• ShiroScan Shiro<=1.2.4 Deserialization Detection Tool

• fastjson rce tool fastjson command execution tool

10.6.14. DNS related vulnerabilities

• dnsAutoRebinding

• AngelSword

• Subdomain TakeOver

• mpDNS

• JudasDNS Nameserver DNS poisoning

• singularity A DNS rebinding attack framework by NGC Group

10.6.15. DNS Data Extraction

• dnsteal

• DNSExfiltrator

• dns exfiltration by krmaxwell

• dns exfiltration by coryschwartz

• requestbin for dns

10.6.16. DNS Tunneling

• dnstunnel de

• iodine

10.6.17. DNS Shell

• chashell

• dnscat2

10.6.18. XXE

• XXEinjector

• XXER

• DTD Finder List DTDs and generate XXE payloads using those local DTDs

10.6.19. Deserialization

10.6.19.1. Java Deserialization

• ysoserial

• JRE8u20 RCE Gadget

• Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form

• marshalsec Java Unmarshaller Security - Turning your data into code execution

• gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications

• fastjsonScan fastjson vulnerability burp plugin

10.6.19.2. .NET Deserialization

• viewgen ASP.NET ViewState Generator

10.6.20. JNDI

• Rogue JNDI A malicious LDAP server for JNDI injection attacks

• JNDI Injection Exploit

• JNDIExploit

10.6.21. Port Hack

• nmap vulners

• nmap nse scripts

• Vulnerability Scanning with Nmap

10.6.22. JWT

• jwtcrack

10.6.23. Wireless

• infernal twin

10.6.24. Man-in-the-middle attacks

• mitmproxy

• MITMf

• ssh mitm

• injectify

• Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

• toxy Hackable HTTP proxy for resiliency testing and simulated network conditions

• bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks

10.6.25. DHCP

• DHCPwn

10.6.26. DDoS

• Saddam

10.6.27. Regular expressions

• Regexploit Find regular expressions which are vulnerable to ReDoS

10.6.28. Shellcode

• go shellcode A repository of Windows Shellcode runners and supporting utilities

10.6.29. Ultraviolet

• secscan authcheck

10.6.30. Utilizing the Platform

• DNSLog is a tool for monitoring DNS resolution records and HTTP access records

• LuWu Red Team Infrastructure Automation Deployment Tool

10.6.31. Exploit Libraries

• Penetration Testing POC

• thc ipv6 IPv6 attack toolkit

10.6.32. Exploit Frameworks

• pocsuite3

10.6.33. Windows

• PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients