htshells
big-list-of-naughty-strings
Our great sponsors
htshells | big-list-of-naughty-strings | |
---|---|---|
2 | 41 | |
975 | 45,838 | |
- | - | |
0.0 | 0.0 | |
about 2 years ago | 6 days ago | |
Shell | Python | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
htshells
-
Independently secure, together not so much - a story of 2 WP plugins
If you've got the ability to write .htaccess files, you pretty much already have RCE and do not need additional upload vulnerabilities. See https://github.com/wireghoul/htshells for some fun examples.
-
Null
Found some GitHub issues [1] with something similar: an enterprise firewall blocking a repo because it contained the string "arglebargleglopglyf" [2] in some tests.
The text was flagged as malicious because of its presence in the repo github.com/wireghoul/htshells [3]. However, the whole point of the word in the htshells repo is that it's an invalid command that breaks Apache, so it could have been almost any random string.
[1] https://github.com/search?q=arglebargleglopglyf&type=issues
[2] https://mume.org/help/arglebargle
[3] https://github.com/wireghoul/htshells/blob/master/dos/apache...
big-list-of-naughty-strings
- What's that touchscreen in my room?
-
Horrib
Related: https://github.com/minimaxir/big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
- The Big List of Naughty Strings
-
Super sorry to the guy with the username reset on GitHub
Sounds like we need to use the Big List Of Naughty Strings to weed out troublesome usernames...
https://github.com/minimaxir/big-list-of-naughty-strings
- API Security Testing
-
Discussion Thread
oh boy oh boy https://github.com/minimaxir/big-list-of-naughty-strings
-
100+ Must Know Github Repositories For Any Programmer
2. Big List of Naughty Strings
- A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
- Damned dirty input
What are some alternatives?
FlameCord - The ultimate antibot BungeeCord and Waterfall fork for a Secure and Fast Minecraft or Spigot Network. FlameCord protects your server from bot attacks and exploits with its antibot features. FlameCord also fixes bugs, improves performance and adds new functionalities. Download FlameCord now.🔥
SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Libc
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
fancy-index - A responsive Apache index page.
ms-teams-rce
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
eslint-plugin-no-unsanitized - Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
ImgBackdoor - Hide your payload into .jpg file
javascript-questions - A long list of (advanced) JavaScript questions, and their explanations :sparkles:
hack - Kubernetes security and vulnerability tools and utilities.
content - The content behind MDN Web Docs