hackerone-reports
Exif-Maniac
hackerone-reports | Exif-Maniac | |
---|---|---|
2 | 1 | |
3,195 | 1 | |
- | - | |
6.3 | 1.1 | |
12 days ago | about 1 year ago | |
Python | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hackerone-reports
- GitHub - reddelexc/hackerone-reports: Top disclosed reports from HackerOne
-
XXE (XML External Entity) Attack & Prevention
There was an interesting case on Hackerone where the XMP metadata of a JPG file was getting parsed unsafely. There are many other interesting XXE bugs there as well if you want to take a look.
Exif-Maniac
-
Poiana - Reverse shell over TOR network using hidden services
thanks! i developed also a little C2C Exif framework, to embed payloads in images as exif data, if you want check out: https://github.com/CalfCrusher/Exif-Maniac cheers!
What are some alternatives?
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
hackthebox - Notes Taken for HTB Machines & InfoSec Community.
exifimageresize - Resize Images, Keep Exif Data
SpringShell - Spring4Shell - Spring Core RCE - CVE-2022-22965
Ghost - Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.
CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
jira-mobile-ssrf-exploit - Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
dora - Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found