GitHub - knc331/mywebappscripts: A collection of all the lists, scripts and techniques I use while doing web application penetration tests.

knc331 / mywebappscripts Public

forked from arvinddoraiswamy/mywebappscripts

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A collection of all the lists, scripts and techniques I use while doing web application penetration tests.

MIT license

0 stars 82 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
BurpExtensions		BurpExtensions
ForceSSL		ForceSSL
FuzzLists		FuzzLists
LICENSE		LICENSE
ReadMe		ReadMe
scripts_brief_summary		scripts_brief_summary

Repository files navigation

This ReadMe is just a list of the Burp extensions and other scripts I have here. For details look at the file extensions_brief_summary or download the code itself :)

1. Search and fuzz all valid directories on a website
2. Detect CSRF tokens in requests
3. Detecting invalid Referers in case a Referer is used for protecting against CSRF
4. Download all JS files on a site
5. Record all cookies and their attributes
6. Record third party referers
7. Identify candidates for URL redirection, LFI and RFI
8. Detect version information leakage in headers or response bodies
9. Remove session cookie and reissue request to check Direct requests
10. Test PUT and DELETE on every single directory that you browse
11. Scan all SSL hosts in Proxy history

Other scripts/tools/fuzz lists/misc :)

1. Request every single HTTPS request over HTTP
2. Custom fuzzing lists for specific situations
3. Code for all extensions has been modularized. List of functions in modules is present in modules/modules_functions_readme