geeksforgeeks.org
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-17.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-17 2026 | Tplmap - Tool For Automatic SSTI Exploitation (GeeksforGeeks)SSTI | Tool for automated server-side template injection (SSTI) exploitation. Tplmap checks for and exploits SSTI vulnerabilities across various template engines including PHP, Ruby, Python, Jinja2, and Tornado, enabling OS-shell access. It is a Python-based application available on GitHub with installation and usage instructions provided. |
| 2026-04-10 2026 | OSINT Framework - GeeksforGeeksOSINT | Library for Open Source Intelligence (OSINT) techniques, detailing methods like search engine reconnaissance, social media monitoring, and metadata analysis. It highlights tools such as Have I Been Pwned for breach detection, BeenVerified for background checks, Censys and Shodan for internet-scanning and device discovery, Maltego for link analysis, SpiderFoot for automated reconnaissance, and Recon-ng for reconnaissance operations. This resource aids cybersecurity professionals, investigators, and researchers in gathering and analyzing publicly available information. |
| 2026-04-10 2026 | XML External Entity - GeeksforGeeksXXE | Library that helps prevent XML External Entity (XXE) vulnerabilities by disabling external entity processing or validating input. XXE attacks can lead to information disclosure, SSRF, DoS, and code execution by abusing untrusted XML parsing, as demonstrated in a PortSwigger lab exploiting file retrieval via an external entity reference. Mitigation involves updating XML libraries and employing secure development practices. |
| 2026-03-01 2026 | Server Side Request Forgery (SSRF) in Depth - GeeksforGeeksSSRF | Library for analyzing Server-Side Request Forgery (SSRF) vulnerabilities, detailing how attackers exploit servers as proxies to access internal services, leading to data leaks and potential RCE. It categorizes SSRF into Blind, Limited Response, and Full Response types, and demonstrates exploitation techniques using a hands-on example from PortSwigger's Web Security Academy, including deleting a user via the internal admin interface. Mitigation strategies like input validation, allowlisting, and restricting internal requests are also covered. |
| 2024-07-22 2024 | DOM-based Cross-Site Scripting Attack in Depth - GeeksforGeeksXSS | Guide to DOM-based Cross-Site Scripting detailing how attackers manipulate the Document Object Model on the client-side, bypassing server-side protections. It explains how payloads are executed by legitimate JavaScript after the victim clicks a crafted URL, leading to session hijacking, cookie theft, and sensitive data compromise. The guide recommends using tools like Burp Suite for detection and emphasizes sanitizing JavaScript input, using secure frameworks like AngularJS and React, and avoiding vulnerable source attributes like `location.href`. |