Viewstalker

A tool for identifying and exploiting vulnerable Viewstate implementations in ASP.NET

usage: ViewStalker [-h|--help] [-l|--hosts <file>] [-a|--address "<value>"]

                   A tool for identifying vulnerable ASP.NET viewstates

Arguments:

  -h  --help     Print help information
  -l  --hosts    Path to file with list of hosts to check, one per line
  -a  --address  Single host to check

TODO:

initial target handling and parsing
recreate blacklist3r functionality for bruting keys
automatic payload generation and exploitation
Support for JSF viewstates

Download

viewstalker.zip

A tool for identifying and exploiting vulnerable Viewstate implementations in ASP.NET

Viewstalker

TODO:

Download

Popular Tag

Related

A searchable clone of russianplanes.net, for transparency and ease of identifying planes.

The Amazon Kinesis Hot Shard Advisor is a CLI tool that simplifies identifying whether you have hot key or hot shard issues on your Kinesis data streams. The tool can also identify whether you are hitting the shard level throughput limit per-second basis.

Call your local service method by string or json.RawMessage, based on net/rpc and net/rpc/jsonrpc

CookieMonster is a command-line tool and API for decoding and modifying vulnerable session cookies from several different frameworks

This scanner will recursively scan paths including archives for spring libraries and classes that are vulnerable to CVE-2022-22965 and CVE-2022-22963.

CVE-2022-21449 Proof of Concept demonstrating its usage with a vulnerable client and a malicious TLS server

CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server

Intentionally vulnerable go (golang) application to test coverage of SAST tools.

contains generic collection interfaces and implementations, and other utilities for working with collections.

GoCache is an opinionated cache package with simple APIs and provides multiple implementations.

Route finder in a multigraph for the city of Porto with A*,ALT and Genetic Algorithm implementations

RFC 3339 timestamp string type and value implementations for terraform-plugin-framework

Several implementations of a prosaic binary search, as part of Kata02

Package topogrid contains implementations of basic power grid algorithms based on the grid topology.

An easy-to-use net tool for exposing local service to public.

The Bhojpur Action is a software build automation tool used on GitHub by the Bhojpur.NET Platform ecosystem.

This is an API to study and apply knowledge about net/http

⚡ Evnet is event-driven net framework with high performance deriving from gnet and evio.

Tool for bug hunters The tool is similar to the qsreplace tool, but with some improvements for those who do not know the qsreplace tool, it takes a list of links with a parameter and injects it with a payload

net.PacketConn over RS232/LoRa