Pinned Loading

1. Invicti-Security/brainstorm Invicti-Security/brainstorm Public

   A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery

   Python 182 16

2. Invicti-Security/web-inf-path-trav Invicti-Security/web-inf-path-trav Public

   Tool for helping in the exploitation of path traversal vulnerabilities in Java web applications

   Python 25 5

3. quick primer on how to exploit path ... quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)

   1

   so, you can read WEB-INF/web.xml. how can you escalate this issue?

   2

   3

   [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. 

   4

   5

   use a specialized wordlist such as the following (from 	Sergey Bobrov/BlackFan):

4. orange-confusion-attacks orange-confusion-attacks Public

   Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

   PHP 20 7

5. o1-vs-claude o1-vs-claude Public

   OpenAI o1-preview vs Claude 3.5 Sonnet comparison

   5 1

6. client-side-prototype-pollution-expo... client-side-prototype-pollution-expoitation.md

   1

   I was trying to exploit a client-side prototype pollution and nothing was working.

   2

   3

   I figured out that if you try to use a script gadget by visiting a URL like this dirrectly:

   4

   5

   ```