path-traversal
There are 53 repositories under path-traversal topic.
nemesida-waf/waf-bypass
Check your WAF before an attacker does
chrispetrou/FDsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
bayotop/off-by-slash
Burp extension to detect alias traversal via NGINX misconfiguration at scale.
VainlyStrain/Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
AikidoSec/firewall-node
Zen protects your Node app against attacks with one line of code. Get peace of mind— at runtime.
usdAG/slipit
Utility for creating ZipSlip archives
snsttr/diwa
A Deliberately Insecure Web Application
AikidoSec/firewall-java
Zen protects your Java app against attacks with one line of code. Get peace of mind— at runtime.
vladan-stojnic/ML-based-WAF
Simple machine learning based web application firewall (WAF) created in python
BitTheByte/BitTraversal
Burpsuite Plugin to detect Directory Traversal vulnerabilities
dogancanbakir/metamaska
μετάμάσκα - malevolent payload classifier
treddis/dotdotfarm
Fast Path Traversal exploitation tool
opabravo/dfuf
Dump files via Directory Traversal, LFI, Arbitrary File Read in a breeze with the help of ffuf
sp34rh34d/WebRunner
Web scraping | Website cloner | Path Traversal Scanner
polarspetroll/EscapeAPI
An API for escaping different kind of queries
jvlsg/HeadPage
A (purpousely) vulnerable, social-media-like, django web application
Mr-xn/CVE-2024-36991
Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows
ColdFusionX/CVE-2021-34429
POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure
gatomod/path_trav
🤨🔎 A simple path traversal checker made with Rust. Useful for APIs that serve dynamic files.
slicingmelon/gobypass403
A powerful WAF (HTTP 403/401) and URL parser bypass tool developed in Go, designed to preserve exact URL paths and structures during testing.
E1A/LFI2Keys
LFI2Keys automates the process of extracting user accounts from /etc/passwd and attempts to locate private SSH keys through LFI
Kasim200429/GoBypass403
GoBypass403 is a tool designed to help security professionals test and bypass 403 Forbidden errors on web applications. It streamlines the penetration testing process, making it easier to identify vulnerabilities and enhance web security. 🛠️💻
ThatNotEasy/Shell-Scanner
Perform With Shell Scanner Using Path Traversal & Strings
clevernyyyy/zip-slip-poc
Quick and Dirty POC for Zip Slip
gunzf0x/CVE-2024-36991
Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read.
Ls4ss/CVE-2020-29134
Exploit CVE-2020-29134 - TOTVS Fluig Platform - Path Traversal
sec-it/exploit-CVE-2019-14530
OpenEMR < 5.0.2 - (Authenticated) Path Traversal - Local File Disclosure
twseptian/cve-2021-41773
CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
FOGSEC/Mobile-Security-Framework-MobSF
Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
mrmtwoj/WAFManis
WAFManis is a Protocol-Level WAF Evasion Fuzzing Tool that automates the discovery of evasion vulnerabilities in Web Application Firewalls (WAFs) by fuzzing HTTP requests to identify potential bypass techniques.
TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC
Bash script to automate Local File Inclusion (LFI) attacks on aiohttp server version 3.9.1.
Francesco-Sovrano/llms_for_vulnerability_detection_are_lost_in_the_end
Replication package of the paper 'Large Language Models for In-File Vulnerability Localization are "Lost in the End"' (https://doi.org/10.1145/3715758)
pwnosec/ApachSAL
Path Traversal automation vulnerability scanner tool.
XploitPoy-777/RoboSploit
A powerful, multi-threaded scanner designed for bug bounty hunters and penetration testers to detect exposed or sensitive paths hidden via robots.txt. Supports HTTP/2, advanced 401/403 bypass techniques, multiple HTTP methods, and outputs in JSON/CSV formats.