GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dsopas → Rfd Checker

dsopas / Rfd Checker

Licence: gpl-3.0
RFD Checker - security CLI tool to test Reflected File Download issues

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

securitypentestinfosecbugbounty

Projects that are alternatives of or similar to Rfd Checker

tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+153.57%)
Mutual labels:  infosec, bugbounty, pentest
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+3380.36%)
Mutual labels:  pentest, infosec, bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (+191.07%)
Mutual labels:  pentest, infosec, bugbounty
31 Days Of Api Security Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Stars: ✭ 1,038 (+1753.57%)
Mutual labels:  pentest, infosec, bugbounty
flydns
Related subdomains finder
Stars: ✭ 29 (-48.21%)
Mutual labels:  infosec, bugbounty, pentest
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-57.14%)
Mutual labels:  infosec, bugbounty, pentest
rejig
Turn your VPS into an attack box
Stars: ✭ 33 (-41.07%)
Mutual labels:  infosec, bugbounty, pentest
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-23.21%)
Mutual labels:  infosec, bugbounty, pentest
Assessment Mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (+985.71%)
Mutual labels:  infosec, bugbounty
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+12189.29%)
Mutual labels:  infosec, pentest
Domained
Multi Tool Subdomain Enumeration
Stars: ✭ 688 (+1128.57%)
Mutual labels:  infosec, bugbounty
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (+953.57%)
Mutual labels:  infosec, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+941.07%)
Mutual labels:  pentest, bugbounty
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+12839.29%)
Mutual labels:  infosec, bugbounty
Ios
Most usable tools for iOS penetration testing
Stars: ✭ 563 (+905.36%)
Mutual labels:  pentest, infosec
Chashell
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Stars: ✭ 742 (+1225%)
Mutual labels:  pentest, infosec
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+1283.93%)
Mutual labels:  pentest, infosec
Redcloud
Automated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (+883.93%)
Mutual labels:  pentest, bugbounty
Awesome Security Gists
A collection of various GitHub gists for hackers, pentesters and security researchers
Stars: ✭ 701 (+1151.79%)
Mutual labels:  pentest, infosec
Jaeles
The Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+1816.07%)
Mutual labels:  infosec, bugbounty
View All Similar Projects ➔

RFD Checker

GPL3 Go Report Card

Command line security tool to check whether a given URL is vulnerable to RFD - Reflected File Download. This tool was developed by David Sopas @dsopas and Paulo Silva @pauloasilva_com with the main purpose of validating and automating the search for the RFD web attack vector.

Usage

$ rfd-checker -h
RFD Checker (by @dsopas and @pauloasilva_com)

Usage: rfd-checker -target=URL
Options:
  -header value
        Request header e.g. "Cookie: SESSID=a16fb"
  -target string
        Target URL
  -h --help
        Prints this help

Examples

$ go run rfd-checker.go -target="https://0xhack.com/webminar_rfd/json.php?callback=jQuery" -header="User-Agent: RFD-Checker" -header="Cookie: PHPSESSID=123"
Target URL: https://0xhack.com/webminar_rfd/json.php?callback=jQuery
Permissive query parameters: callback
Permissive URL: https://0xhack.com/webminar_rfd/json.php.bat?callback=jQuery

If you want to test a batch of URLs, exported from Burp, for example, you can place them, one per line, on a text file and run

$ cat inputs.txt | xargs -I url go run ./rfd-checker.go -target=url

Or

$ cat inputs.txt | xargs -I url ./rfd-checker -target=url

RFD checker diagram

Build

$ go build rfd-checker.go

Resources

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].