Log KillerClear all your logs in [linux/windows] servers 🛡️
Scant3rScanT3r - Web Security Scanner
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Awesome OcapAwesome Object Capabilities and Capability Security
DomxssscannerDOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
Jwt PwnSecurity Testing Scripts for JWT
BbreconPython library and CLI for the Bug Bounty Recon API
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Breach.twA service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
JiffJavaScript library for building web-based applications that employ secure multi-party computation (MPC).
C4Open IP cameras in IPv4
ExploHuman and machine readable web vulnerability testing format
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
HackvaultA container repository for my public web hacks!
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Project TauroA Router WiFi key recovery/cracking tool with a twist.
Waf A MoleA guided mutation-based fuzzer for ML-based Web Application Firewalls
Prestashop Cve 2018 19126PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
Openftp4A list of all FTP servers in IPv4 that allow anonymous logins.
Articles Translator📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Corscanner Fast CORS misconfiguration vulnerabilities scanner🍻
FavfreakMaking Favicon.ico based Recon Great again !
TwaA tiny web auditor with strong opinions.
Githacker🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
TaipanWeb application vulnerability scanner
Ssrf vulnerable labThis Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Javaidjava source code static code analysis and danger function identify prog
WDIRGood resources about web security that I have read.
Raven-StormRaven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
shellsumA defense tool - detect web shells in local directories via md5sum
cyber-gymDeliberately vulnerable scripts for Web Security training
diwaA Deliberately Insecure Web Application
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
firecrackerStop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header