Skip to content

Latest commit

 

History

History
 
 

examples

BCheck examples

Blind SSRF with out-of-band detection

Uses collaborator dynamically to detect server side request forgery.

Exposed backup file

Identifies if backup files are exposed.

Exposed git directory

Identifies if a git directory is present under the web root.

Leaked AWS Tokens

Observes responses passively and uses regular expressions to identify if AWS tokens are being leaked.

Log4Shell

Uses collaborator dynamically to detect vulnerability to CVE-2021-44228 via exploitation.

Server Side Prototype Pollution

Uses a mixture of response matching and dynamic requests to detect the presence of server side prototype pollution.

Suspicious Input Transformation

Uses a hueristic to detect transformed inputs which are an indicator of possible server-side code injection.