A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
-
Updated
Jan 28, 2024 - Python
#
xxe-injection
Here are 17 public repositories matching this topic...
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
-
Updated
Jul 29, 2020 - Python
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
python command-line scanner injection remote xss cybersecurity rce sql-injection vulnerability vulnerability-detection vulnerability-scanners ssrf lfi sqlinjection command-injection xxe-injection cross-site-scripting remote-code-execution sql-injection-remote-code-execution-cross-site
-
Updated
Dec 30, 2025 - Python
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
security web hack exploit file-upload owasp penetration-testing penetration bugbounty xxe xxe-injection penetration-testing-tools bug-bounty-hunters file-upload-vulnerability bug-bounty-tools xxe-attack
-
Updated
Dec 29, 2023 - Python
XXE vulnerability creator
-
Updated
Nov 21, 2021 - Python
Exploit Code, notes, and resources to accompany PortSwiggers' WebAcademy Labs.
authentication python3 webapp exploits fileupload business-logic xss-exploitation clickjacking pentest-scripts burpsuite command-injection csrf-attacks xxe-injection information-disclosure portswigger ssrf-tool portswigger-labs webapppentesting webapphacking
-
Updated
Feb 3, 2026 - Python
Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.
-
Updated
Nov 11, 2022 - Python
WAFManis is a Protocol-Level WAF Evasion Fuzzing Tool that automates the discovery of evasion vulnerabilities in Web Application Firewalls (WAFs) by fuzzing HTTP requests to identify potential bypass techniques.
sql nosql xml os waf xss sql-injection xss-vulnerability bypass xss-attacks sqlinjection xxe xxe-injection path-traversal xmlinputformat os-command-injection nosqlinjection bypasswaf nosqlpayload
-
Updated
Oct 5, 2024 - Python
A collection of security tools for pentersion testing
xss xss-vulnerability xss-exploitation xss-detection xss-attacks sqlinjection xxe xxe-injection xxe-payloads xxe-attack
-
Updated
Apr 23, 2023 - Python
Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection)
-
Updated
Jun 21, 2024 - Python
python security hacking penetration-testing pentesting security-tools xxe xxe-injection xxe-payloads penetration-testing-tools xxe-attack
-
Updated
Nov 29, 2024 - Python
A web crawler and vulnerability scanner tool developed by Rohit Ajariwal
ldap sql-injection csrf webcrawler clickjacking vulnerability-scanners ssrf xxe csrf-attacks xxe-injection xxe-payloads lfi-exploitation sql-injection-exploitation lfi-vulnerability commandinjection ssrf-payload ssrf-scanner crosssitescripting lfi-scanner ssrf-exploit
-
Updated
Apr 25, 2025 - Python
Automates HTML injection, HTTP Parameter Pollution, and XXE attacks.
-
Updated
Sep 1, 2024 - Python
xxe smb/ftp server 适用于xxe的smb/ftp服务 docker一键启动 安全快捷
-
Updated
Dec 6, 2025 - Python
An automated tool for discovering vulnerabilities in GraphQL applications through fuzzing techniques, including OS Command Injection and XSS, with a focus on OWASP Top Ten vulnerabilities.
graphql dos nosql xss xss-vulnerability graphql-application vulnerable graphql-api ssrf sqlinjection xxe-injection ssrf-payload ssrf-tool acyber
-
Updated
Oct 5, 2024 - Python
Pentester-Vurnability-Website
-
Updated
Oct 4, 2024 - Python
Improve this page
Add a description, image, and links to the xxe-injection topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the xxe-injection topic, visit your repo's landing page and select "manage topics."