off-by-slash

URL generator and tester

Automatically detects alias traversal vulnerabilities in NGINX configurations by generating and testing malicious URLs.

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

GitHub

253 stars

7 watching

36 forks

Language: Python

last commit: about 3 years ago

Linked from 1 awesome list

burpsuitenginxpath-traversal

Backlinks from these awesome lists:

vavkamil/awesome-bugbounty-tools

Related projects:

Repository	Description	Stars
xnl-h4ck3r/gap-burp-extension	An extension for Burp Suite that identifies potential security vulnerabilities in web applications by analyzing endpoints, parameters, and generating custom target wordlists.	1,253
initroot/burpsqltruncsanner	Automatically scans endpoints for potential SQL Truncation vulnerabilities by fuzzing request parameters	61
gauravnarwani97/trishul	Automated vulnerability detection tool for web applications	234
attackercan/burp-xss-sql-plugin	Automated tool for detecting cross-site scripting (XSS) and SQL injection vulnerabilities in web applications.	44
momenbasel/liffier	Automatically appends dot-dot-slash to URLs to test for path traversal vulnerabilities.	8
vulnerscom/burp-vulners-scanner	A tool that searches for vulnerabilities in web applications using an external API	834
p3gleg/pwnback	Generates a sitemap of a website using Wayback Machine	225
wagiro/burpbounty	A tool that allows users to enhance and customize the vulnerability scanning capabilities of Burp Suite using a graphical interface.	1,680
codewatchorg/burp-indicatorsofvulnerability	A Burp extension that scans application traffic for signs of vulnerabilities and potential attack targets	41
1n3/intruderpayloads	A collection of tools and methodologies for web application testing and vulnerability assessment.	3,686
bugcrowd/hunt	An extension for Burp Suite that provides a structured approach to identifying and testing common vulnerability parameters.	2,183
yg-ht/burp-lookoverthere	A Burp Suite extension to enhance scanning by injecting HTTP redirects into responses from specific APIs.	0
portswigger/backslash-powered-scanner	An extension for Burp Suite that scans for unknown classes of injection vulnerabilities using a novel approach	637
h3xstream/burp-retire-js	A tool that integrates with Burp and ZAP to identify vulnerable JavaScript libraries	200
nccgroup/argumentinjectionhammer	An extension that identifies argument injection vulnerabilities in web applications using payloads and detection techniques	118