This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

Last update: Aug 18, 2022

Overview

zip-symlink-payload-creator

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

usage: zip-symlink.py [-h] -f FILE [-g GET]

ZIP symlink payload generator

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Creates the ZIP payloads based on a wordlist
  -g GET, --get GET     Introduce the link filename to get the file to which it corresponds
  
Examples:

python3 zip-symlink.py -f wordlist

[+] Payloads have been created
--------------------------------------------------

python3 zip-symlink.py -f wordlist -g link6

The file is: /etc/mysql/my.cnf

Owner

stark0de

Infosec addict, aspirant red teamer and not so super-l33t

GitHub Repository

Sudo Baron Samedit Exploit

CVE-2021-3156 (Sudo Baron Samedit) This repository is CVE-2021-3156 exploit targeting Linux x64. For writeup, please visit https://datafarm-cybersecur

559 Jan 03, 2023

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

10 Oct 15, 2022

Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

loggef Facebook automation tool, Facebook account hacking and cloning advanced tool + dictionary attack added Warning Use this tool for educational pu

149 Aug 10, 2022

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effec

2 Mar 23, 2022

Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

5.8k Jan 07, 2023

Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口

Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹，也可针对IP/IP段或资产列表进行快速的指纹识别。

764 Jan 05, 2023

An intranet tool for easily intranet pentesting

IntarKnife v1.0 a tool can be used in intarnet for easily pentesting moudle hash spray U can use this tool to spray hash on a webshell IntraKnife.exe

4 Nov 24, 2021

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou

2.5k Jan 07, 2023

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

52 Dec 16, 2022

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

MacPer A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms. Not all of the exploits directly sp

20 Nov 30, 2022

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to

3 Sep 03, 2022

Gitlab RCE - Remote Code Execution

Gitlab RCE - Remote Code Execution RCE for old gitlab version = 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f

153 Nov 09, 2022

An OSINT tool that searches for devices directly connected to the internet (IoT) with a user specified query. It returns results for Webcams, Traffic lights, Refridgerators, Smart TVs etc.

An OSINT tool that searches for devices directly connected to the internet (IoT) with a user specified query. It returns results for Webcams, Traffic

48 Nov 20, 2022

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

Related tags

Overview

zip-symlink-payload-creator

Owner

stark0de

Sudo Baron Samedit Exploit

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Glass是一款针对资产列表的快速指纹识别工具，通过调用Fofa/ZoomEye/Shodan/360等api接口

An intranet tool for easily intranet pentesting

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

Gitlab RCE - Remote Code Execution

An OSINT tool that searches for devices directly connected to the internet (IoT) with a user specified query. It returns results for Webcams, Traffic lights, Refridgerators, Smart TVs etc.

一款Web在线自动免杀工具

信息收集自动化工具

Using python 3 and Flask an MVC system where the AES 128 CBC and Trivium algorithms

Sample exploits for Zephyr CVE-2021-3625

A python module for retrieving and parsing WHOIS data

WhPhisher: a Phishing tool With Python

A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228