• Stars
    star
    297
  • Rank 140,075 (Top 3 %)
  • Language
    Python
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.
┌┬┐┬ ┬┌─┐┌─┐┌┬┐┌─┐┬ ┬┌─┐┌─┐┌─┐┬─┐
 │ ├─┤├┤ ├┤  │ ├┤ │ │┌─┘┌─┘├┤ ├┬┘
 ┴ ┴ ┴└─┘└   ┴ └  └─┘└─┘└─┘└─┘┴└─

Introduction:

TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.

Usage:

python theftfuzzer.py -d 'http://example.com/api/data'

Help:

python theftfuzzer.py -h

~$ python theftfuzzer.py -h                               
usage: theftfuzzer.py [-h] -d DOMAIN [-c COOKIE]

Cross Origin Resource Sharing Fuzzer by Corben Leo

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        URL / Target to fuzz
  -c COOKIE, --cookie COOKIE
                        File containing cookie to send in fuzzing requests

Buy Me A Coffee

More Repositories

1

gau

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Go
3,231
star
2

subjs

Fetches javascript file from a list of URLS or subdomains.
Go
668
star
3

secretz

secretz, minimizing the large attack surface of Travis CI
Go
317
star
4

230-OOB

An Out-of-Band XXE server for retrieving file contents over FTP.
Python
166
star
5

hacks

Repo of useful scripts
Go
100
star
6

cspparse

A tool to evaluate Content Security Policies.
Go
70
star
7

jenkinz

jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance.
Go
60
star
8

otxurls

Fetch known urls from AlienVault's Open Threat Exchange for given hosts
Go
58
star
9

brute53

A tool to bruteforce nameservers when working with subdomain delegations to AWS.
Go
58
star
10

DOD-Recon

Recon for Department of Defense HackerOne program
HTML
45
star
11

research

miscellaneous security research stuff
Java
36
star
12

reckdns

A kinda reckless dns resolver. Still under development.
Go
16
star
13

rickrolllogs

tool to rick roll access.logs
Python
14
star
14

sslc2

Simple C&C example in assembly that retrieves commands from the Organizational Unit (OU) field in an SSL certificate
Assembly
9
star
15

rlyCTF

rlyCTF (relay CTF) challenge to emulate real-world SSRF attacks.
HTML
8
star
16

bugbountylink

URL Shortener using Flask & MySQL
HTML
7
star
17

lc.github.io

Information Security blog by Corben Leo @hacker_
HTML
7
star
18

newsletter-code

Repository for any code I send out in newsletters.
Go
6
star
19

ctf-dev

Various CTF's I've created over time
HTML
1
star
20

solidity-by-example

My code for following along with the https://solidity-by-example.org/ course
Solidity
1
star