Gentle-bae

Gentle-bae / UploadRanger

Public

Professional file upload vulnerability testing tool with 263+ bypass techniques, proxy capture, dynamic scanning(专业的文件上传漏洞检测工具,支持263+绕过技术、代理抓包、动态扫描)

27
2
69% credibility
Found Feb 27, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

UploadRanger is a user-friendly desktop application for detecting file upload security flaws in websites through automated scanning, traffic interception, request replay, fuzzing, and test payload creation.

How It Works

1
🔍 Discover the security checker

You hear about a friendly app that helps spot weak spots in website file uploads, like a digital security guard for your site.

2
📥 Get and open the app

Download the program and double-click to launch its modern window with dark theme tabs for easy exploring.

3
🌐 Enter your website address

Type the web page URL where files get uploaded, add any login details if needed, and pick scan speed.

4
🚀 Hit scan and watch magic

Click start to let it automatically test hundreds of sneaky tricks, seeing live results pop up with colors showing successes.

5
🔄 Catch traffic or replay tests

Switch tabs to spy on web traffic with a built-in proxy, tweak requests in repeater, or blast payloads in intruder.

6
⚗️ Create test files

Generate harmless shells or clever bypass files from the payload tools to experiment safely.

Get your safety report

Review the full list of issues found, with tips to fix them, so your site stays secure and you feel confident.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 27 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is UploadRanger?

UploadRanger is a Python GUI tool for testing file upload vulnerabilities, automating scans across endpoints with 263+ bypass techniques like double extensions, null bytes, and polyglots. It captures traffic via a built-in HTTP/HTTPS proxy, lets you replay requests in a repeater, and fuzz payloads with an intruder supporting sniper, battering ram, pitchfork, and cluster bomb modes. Developers get a Burp Suite-like workflow for dynamic scanning, webshell generation, and professional file upload testing without juggling multiple tools.

Why is it gaining traction?

It packs proxy interception, repeater, intruder, and payload generators into one cross-platform app using PySide6 for a dark-themed UI and mitmproxy for reliable capture—far simpler than scripting httpx calls or firing up full Burp. The 263+ bypass payloads cover real-world tricks like WAF evasion and magic bytes, with easy payload editing and export, making it a quick win for targeted upload hunts. Solid docs and a test range app help onboard fast, standing out from bare CLI scanners.

Who should use this?

Security researchers and pen testers auditing web apps for upload flaws, especially bug bounty hunters chaining proxy captures to intruder fuzzing on live targets. Red teamers needing on-the-fly webshell/polyglot generation during engagements, or devs hardening professional file folder uploads in apps handling resumes, certificates, or documents.

Verdict

Grab it for upload testing if you want Burp features without the license—solid for quick scans despite 14 stars signaling early maturity. Credibility score of 0.7% flags caution on long-term stability, but detailed README, tests, and MIT license make it worth forking for custom bypass sets.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.