Notes from Portswigger
-
Updated
Oct 23, 2023
Notes from Portswigger
Quick DNS Zone Transfer
Utility to scan wordpress installations using their on-by-default REST endpoints
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
SOUND4 Impact/Pulse/First/Eco <=2.x - Information Disclosure
solutions of hack-yourself-first
WordPress WPS Hide Login <1.9.1 - Information Disclosure
A PoC exploit for CVE-2021-43798 - Grafana Directory Traversal
Exploit Code, notes, and resources to accompany PortSwiggers' WebAcademy Labs.
Check Point Security Gateway (LFI)
Writeups for portswigger labs.
CVE-2020-14179 Scanner
A PoC exploit for CVE-2017-7921 - Hikvision Camera Series Improper Authentication Vulnerability.
AfterLogic Products Vulnerabilities
Sniper. Passive Secrets Hunting.🚬
A set of YARA rules for the AIL framework to detect leak or information disclosure
Metasploit-like pentest framework derived from TIDoS (https://github.com/0xInfection/TIDoS-Framework)
Joomla! < 4.2.8 - Unauthenticated information disclosure
Here you can get full exploit for SAP NetWeaver AS JAVA
Utility to download and extract document metadata from an organization. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Add a description, image, and links to the information-disclosure topic page so that developers can more easily learn about it.
To associate your repository with the information-disclosure topic, visit your repo's landing page and select "manage topics."