Exploitation

41 tools · Exploit discovered vulnerabilities with specialized tools

SQL Injection

Automated SQL injection detection and exploitation

SQLMap

Automatic SQL injection and database takeover

Ghauri

Advanced SQL injection detection tool

NoSQLMap

Automated NoSQL database exploitation tool

nosqli

NoSQL injection CLI tool for MongoDB

Cross-Site Scripting (XSS)

XSS detection, fuzzing, and exploitation

Dalfox

Parameter analysis and XSS scanner

XSStrike

Advanced XSS detection suite

kxss

Find reflected input parameters for XSS

XSS Hunter

Detect and manage blind XSS vulnerabilities

ezXSS

Easy blind cross-site scripting testing

domdig

DOM XSS scanner for Single Page Applications

Command Injection

OS command injection exploits

Commix

Automated OS command injection exploiter

SSRF Exploitation

Server-Side Request Forgery exploitation

SSRFmap

Automatic SSRF fuzzer and exploitation tool

Gopherus

Generate Gopher payloads for SSRF

SSRFire

Automated SSRF finder with XSS and redirect checks

Singularity

DNS rebinding attack framework

CORS Misconfiguration

Detect and exploit CORS misconfigurations

Corsy

CORS misconfiguration scanner

CORStest

Simple CORS misconfiguration scanner

CorsMe

Cross Origin Resource Sharing scanner

CRLF Injection

Detect CRLF injection vulnerabilities

CRLFuzz

Fast CRLF vulnerability scanner in Go

CRLFsuite

Fast CRLF injection scanner

CSRF

Cross-Site Request Forgery testing

XSRFProbe

Prime CSRF audit and exploitation toolkit

Directory Traversal

Path traversal and LFI/RFI exploitation

dotdotpwn

The directory traversal fuzzer

FDsploit

File inclusion & directory traversal tool

liffy

Local file inclusion exploitation tool

LFISuite

Automatic LFI exploiter and scanner

GraphQL Injection

GraphQL security testing and exploitation

InQL

Burp extension for GraphQL security testing

GraphQLmap

GraphQL endpoint pentesting engine

Clairvoyance

Obtain GraphQL schema despite disabled introspection

Insecure Deserialization

Generate and exploit deserialization payloads

ysoserial

Java deserialization exploit payload generator

PHPGGC

PHP unserialize() payload generator

ysoserial.net

.NET deserialization payload generator

Open Redirect

Detect open redirect vulnerabilities

Oralyzer

Open redirection analyzer

OpenRedireX

Fuzzer for open redirect issues

Race Condition

Exploit race conditions in web applications

Turbo Intruder

Burp extension for high-speed request sending

racepwn

Race condition exploitation framework

requests-racer

Python library for exploiting race conditions

Request Smuggling

HTTP request smuggling detection and exploitation

Smuggler

HTTP request smuggling and desync testing

h2cSmuggler

HTTP/2 cleartext request smuggling

XXE Injection

XML External Entity attack tools

XXEinjector

Automatic XXE exploitation via OOB methods

dtd-finder

Find DTDs and generate XXE payloads

docem

Embed XXE/XSS payloads in Office documents

Back to All Categories