XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Wicked sick v2.0 script is intended to automate your reconnaissance process in an organized fashion.

Crascan is a simple LFI, RFI, RCE, and Joomla Components vulnerability scanner.

Pen Hunter is a comprehensive vulnerability scanning tool designed for penetration testers, security researchers and bug bounties. it automates the process of collecting subdomains and URLs and tests them for various vulnerabilities including XSS, SQL Injection, Local File Inclusion, Open Redirect, Server-Side Request Forgery, CSRF, and RCE.

A simple Script which tests for LFI (Local File Inclusion) via Curl

A small and fast bash script to automate LFI vulnerability.

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download

POC - WordPress File Upload plugin, in the wfu_file_downloader.php file before version <= 4.24.11

Vulnerabilities Finder made in Bash (SQLI, LFD, LFI, COSI, Shellshock, Struts)

gf patterns for security research

confdedential lfi scanner with screenshot capture tool.

Bash script to automate Local File Inclusion (LFI) attacks on aiohttp server version 3.9.1.

This script is used for taking advantage of a Local File Inclusion in the Wordpress mail masta plugin version 1.0, it's made in bash

This script is used for taking advantage of a Local File Inclusion in the Wordpress site editor plugin version 1.1.1, it's made in bash

Patch demo for CVE-2018-12613

ProtoolWeb CTF Web Based Tool