Upload_bypass,File upload restrictions bypass, by using different bug bounty techniques!
POC video:
pip3 install -r requirements.txt
Usage: upload_bypass.py [options]
Options: -h, –help
show this help message and exit
-u URL, –url=URL
Supply the login page, for example: -u http://192.168.98.200/login.php'
-s , –success
Success message when upload an image, example: -s 'Image uploaded successfully.'
-e , –extension
Provide server backend extension, for example: --extension php (Supported extensions: php,asp,jsp,perl,coldfusion)
-a , –allowed
Provide allowed extensions to be uploaded, for example: jpeg,png
-H , –header
(Optional) - for example: '"X-Forwarded-For":"10.10.10.10"' - Use double quotes around the data and wrapp it all with single quotes. Use comma to separate multi headers.
-l , –location
(Optional) - Supply a remote path where the webshell suppose to be. For exmaple: /uploads/
-S, –ssl
(Optional) - No checks for TLS or SSL
-p, –proxy
(Optional) - Channel the requests through proxy
-c, –continue
(Optional) - If set, the brute force will continue even if one or more methods found!
-v, –verbose
(Optional) - Printing the http response in terminal
-U , –username
(Optional) - Username for authentication. For exmaple: --username admin
-P , –password
(Optional) - - Password for authentication. For exmaple: --password 12345
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…