Kali Linux

Upload_Bypass_Carnage : File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques!

Upload_bypass,File upload restrictions bypass, by using different bug bounty techniques!

POC video:

Installation:

pip3 install -r requirements.txt

Usage: upload_bypass.py [options]

Options: -h, –help

  show this help message and exit

-u URL, –url=URL

  Supply the login page, for example: -u http://192.168.98.200/login.php'

-s , –success

 Success message when upload an image, example: -s 'Image uploaded successfully.'

-e , –extension

 Provide server backend extension, for example: --extension php (Supported extensions: php,asp,jsp,perl,coldfusion)

-a , –allowed

 Provide allowed extensions to be uploaded, for example: jpeg,png

-H , –header

 (Optional) - for example: '"X-Forwarded-For":"10.10.10.10"' - Use double quotes around the data and wrapp it all with single quotes. Use comma to separate multi headers.

-l , –location

 (Optional) - Supply a remote path where the webshell suppose to be. For exmaple: /uploads/

-S, –ssl

 (Optional) - No checks for TLS or SSL

-p, –proxy

 (Optional) - Channel the requests through proxy

-c, –continue

 (Optional) - If set, the brute force will continue even if one or more methods found!

-v, –verbose

 (Optional) - Printing the http response in terminal

-U , –username

 (Optional) - Username for authentication. For exmaple: --username admin

-P , –password

 (Optional) - - Password for authentication. For exmaple: --password 12345

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago