Check your WAF before an attacker does

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A Deliberately Insecure Web Application

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Simple machine learning based web application firewall (WAF) created in python

A (purpousely) vulnerable, social-media-like, django web application

Utility for creating ZipSlip archives

Zen by Aikido protects your node app against attacks with one line of code. Get peace of mind— at runtime.

Burpsuite Plugin to detect Directory Traversal vulnerabilities

Perform With Shell Scanner Using Path Traversal & Strings

CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited

μετάμάσκα - malevolent payload classifier

Dump files via Directory Traversal, LFI, Arbitrary File Read in a breeze with the help of ffuf

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure

Quick and Dirty POC for Zip Slip

Check Point Security Gateway (LFI)

Fast Path Traversal exploitation tool

An API for escaping different kind of queries