Pinned Repositories
canary
CLI tool written in Go to generate Canary Tokens from https://canarytokens.org
Chegg
A simple exploit on Chegg that was found and submitted on April 29, 2015
CVESearch
Query various sources for CVE proof-of-concepts
Hounds
Chromium based web crawler that identifies in-scope urls
interactsh-collaborator
Burpsuite plugin for Interact.sh
LogicalFuzzingEngine
A Burpsuite extension written in Python to perform basic validation fuzzing
pyhprof
Parse HPROF files from the Spring Boot Heapdump Actuator
spring-gateway-demo
Sample Spring application to Demonstrate the Gateway Actuator
VhostFinder
Identify virtual hosts by similarity comparison
werkzeug-debug-console-bypass
Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector.
wdahlenburg's Repositories
wdahlenburg/interactsh-collaborator
Burpsuite plugin for Interact.sh
wdahlenburg/VhostFinder
Identify virtual hosts by similarity comparison
wdahlenburg/CVESearch
Query various sources for CVE proof-of-concepts
wdahlenburg/werkzeug-debug-console-bypass
Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector.
wdahlenburg/spring-gateway-demo
Sample Spring application to Demonstrate the Gateway Actuator
wdahlenburg/pyhprof
Parse HPROF files from the Spring Boot Heapdump Actuator
wdahlenburg/Hounds
Chromium based web crawler that identifies in-scope urls
wdahlenburg/canary
CLI tool written in Go to generate Canary Tokens from https://canarytokens.org
wdahlenburg/LogicalFuzzingEngine
A Burpsuite extension written in Python to perform basic validation fuzzing
wdahlenburg/aws-native-rce
Collection of payloads to work with AWS services
wdahlenburg/HttpComparison
Compare raw HTTP responses to identify signficant differences
wdahlenburg/nfsshell
Userspace NFS client shell
wdahlenburg/Sourcerer
Ruby based utility to apply rules to url datasources and insert filtered results into a Sidekiq compatible Redis queue
wdahlenburg/rogue-jndi
A malicious LDAP server for JNDI injection attacks
wdahlenburg/cloudfox
Automating situational awareness for cloud penetration tests.
wdahlenburg/cloudfoxable
Create your own vulnerable by design AWS penetration testing playground
wdahlenburg/CVE-2022-38725
Proof of Concept for CVE-2022-38725 against syslog-ng
wdahlenburg/dirsearch
Web path scanner
wdahlenburg/fhc
Fast HTTP Checker.
wdahlenburg/hackingthe.cloud
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
wdahlenburg/metasploit-framework
Metasploit Framework
wdahlenburg/MSF-Plugins
Repo of MSF plugins to assist with MSF tasks
wdahlenburg/nuclei
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
wdahlenburg/nuclei-templates
Community curated list of templates for the nuclei engine to find a security vulnerability in application.
wdahlenburg/packer-plugin-lightsail
HashiCorp Packer plugin for AWS Lightsail
wdahlenburg/PMapper
A tool for quickly evaluating IAM permissions in AWS.
wdahlenburg/proxify
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
wdahlenburg/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
wdahlenburg/StdinToHttp
wdahlenburg/turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.