Tools

  • Bounty Report Generator - I put this together to quickly generate vulnerability report emails, but you can generate them for h1, bbcode, and html format as well.
  • CSRFGen - Creates HTML code for making CSRF/XSS proof of concepts. Great for dropping in a request really fast to get a quick XSS PoC file for reports.
  • (Offline 10/23/2018) XXEGen - Creates docx/xlsx files with an XXE payload that hits a listener on my server to notify you if the upload was vulnerable to XXE or not.