Now, what we might think of as a great exploit tool, will it look like ten years from now? Probably something like what we now see with the old D injection tool.

A few days ago, I suddenly thought about this question: If you were asked to recommend a bug exploit artifact strongly related to a bug type, what would you recommend?

Below, I will share the answer in my heart, recommend a few I think the use of vulnerability artifact, welcome you to supplement together.

 


 

1. SQL injection vulnerability

Recommended project: SQLmap, project address:sqlmap.org/

Recommended reasons: Temple tools, injected into the artifact, the effect of who knows who uses.

2, XSS recommended project: beefproject address: beefproject.com/ recommended framework for browser attacks.





3. Files contain vulnerabilities

Recommended project: LFISuiteGithub.com/D35m0nd142/…

Why you should consider it: A fully automated tool that scans for and exploits local file inclusion vulnerabilities using a variety of different attack methods.



4, CSRF recommended projects: CSRFTester, address of the project: wiki.owasp.org/index.php/F… Recommended reason: A CSRF vulnerability test tool, set capture package and Poc structure and one.



XXE(External Entity Injection Vulnerability) Recommended project: XXEinjector, project address: github.com/enjoiz/XXEi… Recommended reasons: Tools that automatically exploit XXE vulnerabilities using direct and different out-of-band methods.



6. Xpath injection

Recommended project: XCatgithub.com/orf/xcat

Why you should recommend it: A command-line tool that exploits and detects blind XPath annotation vulnerabilities.



Struts2 comprehensive vulnerability Exploit tool, including information collection, command execution, file upload, connect pony, file management and other functions.



8, Jboss recommended project: JexBoss, project address: github.com/joaomatosf/… Recommended reasons: Scan and detect multiple security vulnerabilities in Jboss.





9. Router vulnerabilities

Recommended items: RouterSploit Project Address:Github.com/threat9/rou…

Recommended reasons: A vulnerability exploitation tool specifically for embedded devices, including 27 brands of hundreds of vulnerability exploitation modules, involving hundreds of routers, cameras and other devices.