Skip to content

Files

Latest commit

ibz-portswiggeribz-portswigger
Format existing BCheck example scripts.
Nov 28, 2023
e0ce46d · Nov 28, 2023

History

History

examples

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
Oct 16, 2023
blind-ssrf.bcheck
blind-ssrf.bcheck
May 18, 2023
exposed-backup-file.bcheck
exposed-backup-file.bcheck
Nov 28, 2023
exposed-git-directory.bcheck
exposed-git-directory.bcheck
Nov 28, 2023
leaked-aws-token.bcheck
leaked-aws-token.bcheck
Sep 25, 2023
log4shell.bcheck
log4shell.bcheck
Nov 28, 2023
server-side-prototype-pollution.bcheck
server-side-prototype-pollution.bcheck
Nov 28, 2023
suspicious-input-transformation.bcheck
suspicious-input-transformation.bcheck
Nov 28, 2023

README.md

BCheck examples

Blind SSRF with out-of-band detection

Uses collaborator dynamically to detect server side request forgery.

Exposed backup file

Identifies if backup files are exposed.

Exposed git directory

Identifies if a git directory is present under the web root.

Leaked AWS Tokens

Observes responses passively and uses regular expressions to identify if AWS tokens are being leaked.

Log4Shell

Uses collaborator dynamically to detect vulnerability to CVE-2021-44228 via exploitation.

Server Side Prototype Pollution

Uses a mixture of response matching and dynamic requests to detect the presence of server side prototype pollution.

Suspicious Input Transformation

Uses a hueristic to detect transformed inputs which are an indicator of possible server-side code injection.