diff --git a/.github/workflows/security-zizmor.yml b/.github/workflows/security-zizmor.yml index 12a5703..4ccbb48 100644 --- a/.github/workflows/security-zizmor.yml +++ b/.github/workflows/security-zizmor.yml @@ -21,12 +21,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 # zizmor: ignore[unpinned-uses] with: persist-credentials: false - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6 # zizmor: ignore[unpinned-uses] with: python-version: '3.10.4' diff --git a/.github/workflows/stargazers.yml b/.github/workflows/stargazers.yml index 7c37b20..8ab46aa 100644 --- a/.github/workflows/stargazers.yml +++ b/.github/workflows/stargazers.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 # zizmor: ignore[unpinned-uses] with: fetch-depth: 0 persist-credentials: false diff --git a/README.md b/README.md index bdc187f..780b1b1 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ - [Parameters](#Parameters) - [Fuzzing](#Fuzzing) - [Monitoring](#Monitoring) + - [Waf Evasion](#Waf-Evasion) - [Exploitation](#Exploitation) - [Command Injection](#Command-Injection) @@ -393,13 +394,22 @@ - [metahttp](https://github.com/vp777/metahttp) - A bash script that automates the scanning of a target network for HTTP resources through XXE ### SSTI Injection + - [tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool - [SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface - ### Web-Cache-Poisoning + - [toxicache](https://github.com/xhzeem/toxicache) - Go scanner to find web cache poisoning vulnerabilities in a list of URLs . +### Waf Evasion + +- [nomore403](https://github.com/devploit/nomore403) - Advanced tool for security researchers to bypass 403/40X restrictions . +- [XFFenum](https://github.com/vavkamil/XFFenum) - A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header. +- [Forbidden Buster](https://github.com/Sn1r/Forbidden-Buster) - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. +- [nowafpls](https://github.com/assetnote/nowafpls/) - Burp Plugin to Bypass WAFs through the insertion of Junk Data. + +--- ## Miscellaneous @@ -539,11 +549,6 @@ - [SSTImap](https://github.com/vladko312/SSTImap) - SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. - [Lonkero](https://github.com/bountyyfi/lonkero) - Enterprise-grade web vulnerability scanner with 60+ attack modules, built in Rust for penetration testing and security assessments. -### Forbidden Bypass - -- [XFFenum](https://github.com/vavkamil/XFFenum) - A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header. -- [NoMore403](https://github.com/devploit/nomore403) - Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. -- [Forbidden Buster](https://github.com/Sn1r/Forbidden-Buster) - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. ### Permutation diff --git a/requirements.txt b/requirements.txt index 7984430..bdc7be3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -zizmor==1.19.0 +zizmor==1.22.0