Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Stars: ✭ 1,026 (-63.08%)

Mutual labels: burpsuite, bugbounty

Reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Stars: ✭ 974 (-64.95%)

Mutual labels: bugbounty, fuzzing

Burpsuite Collections

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Stars: ✭ 1,081 (-61.1%)

Mutual labels: burpsuite, fuzzing

Hackvault

A container repository for my public web hacks!

Stars: ✭ 1,364 (-50.92%)

Mutual labels: payloads, fuzzing

Crlf Injection Scanner

Command line tool for testing CRLF injection on a list of domains.

Stars: ✭ 91 (-96.73%)

Mutual labels: bugbounty, fuzzing

Nosqlmap

Automated NoSQL database enumeration and web application exploitation tool.

Stars: ✭ 1,928 (-30.62%)

Mutual labels: sql-injection, bugbounty

Rescope

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Stars: ✭ 156 (-94.39%)

Mutual labels: burpsuite, bugbounty

Minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Stars: ✭ 162 (-94.17%)

Mutual labels: burpsuite, bugbounty

Tiny Xss Payloads

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Stars: ✭ 975 (-64.92%)

Mutual labels: payloads, bugbounty

Paramspider

Mining parameters from dark corners of Web Archives

Stars: ✭ 781 (-71.9%)

Mutual labels: bugbounty, fuzzing

Pentesting Bible

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Stars: ✭ 8,981 (+223.17%)

Mutual labels: sql-injection, bugbounty

Allaboutbugbounty

All about bug bounty (bypasses, payloads, and etc)

Stars: ✭ 758 (-72.72%)

Mutual labels: payloads, bugbounty

Cazador unr

Hacking tools

Stars: ✭ 95 (-96.58%)

Mutual labels: bugbounty, fuzzing

Rfi Lfi Payload List

🎯 RFI/LFI Payload List

Stars: ✭ 202 (-92.73%)

Mutual labels: payloads, bugbounty

Command Injection Payload List

🎯 Command Injection Payload List

Stars: ✭ 658 (-76.32%)

Mutual labels: injection, bugbounty

Dirsearch

Web path scanner

Stars: ✭ 7,246 (+160.74%)

Mutual labels: fuzzing, bugbounty

View All Similar Projects ➔

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads (https://github.com/wagiro/BurpBounty), fuzz lists and pentesting methodologies. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder.

Author: [email protected] - https://sn1persecurity.com

OWASP TESTING CHECKLIST:

Spiders, Robots and Crawlers IG-001
Search Engine Discovery/Reconnaissance IG-002
Identify application entry points IG-003
Testing for Web Application Fingerprint IG-004
Application Discovery IG-005
Analysis of Error Codes IG-006
SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) - SSL Weakness CM‐001
DB Listener Testing - DB Listener weak CM‐002
Infrastructure Configuration Management Testing - Infrastructure Configuration management weakness CM‐003
Application Configuration Management Testing - Application Configuration management weakness CM‐004
Testing for File Extensions Handling - File extensions handling CM‐005
Old, backup and unreferenced files - Old, backup and unreferenced files CM‐006
Infrastructure and Application Admin Interfaces - Access to Admin interfaces CM‐007
Testing for HTTP Methods and XST - HTTP Methods enabled, XST permitted, HTTP Verb CM‐008
Credentials transport over an encrypted channel - Credentials transport over an encrypted channel AT-001
Testing for user enumeration - User enumeration AT-002
Testing for Guessable (Dictionary) User Account - Guessable user account AT-003
Brute Force Testing - Credentials Brute forcing AT-004
Testing for bypassing authentication schema - Bypassing authentication schema AT-005
Testing for vulnerable remember password and pwd reset - Vulnerable remember password, weak pwd reset AT-006
Testing for Logout and Browser Cache Management - - Logout function not properly implemented, browser cache weakness AT-007
Testing for CAPTCHA - Weak Captcha implementation AT-008
Testing Multiple Factors Authentication - Weak Multiple Factors Authentication AT-009
Testing for Race Conditions - Race Conditions vulnerability AT-010
Testing for Session Management Schema - Bypassing Session Management Schema, Weak Session Token SM-001
Testing for Cookies attributes - Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity SM-002
Testing for Session Fixation - Session Fixation SM-003
Testing for Exposed Session Variables - Exposed sensitive session variables SM-004
Testing for CSRF - CSRF SM-005
Testing for Path Traversal - Path Traversal AZ-001
Testing for bypassing authorization schema - Bypassing authorization schema AZ-002
Testing for Privilege Escalation - Privilege Escalation AZ-003
Testing for Business Logic - Bypassable business logic BL-001
Testing for Reflected Cross Site Scripting - Reflected XSS DV-001
Testing for Stored Cross Site Scripting - Stored XSS DV-002
Testing for DOM based Cross Site Scripting - DOM XSS DV-003
Testing for Cross Site Flashing - Cross Site Flashing DV-004
SQL Injection - SQL Injection DV-005
LDAP Injection - LDAP Injection DV-006
ORM Injection - ORM Injection DV-007
XML Injection - XML Injection DV-008
SSI Injection - SSI Injection DV-009
XPath Injection - XPath Injection DV-010
IMAP/SMTP Injection - IMAP/SMTP Injection DV-011
Code Injection - Code Injection DV-012
OS Commanding - OS Commanding DV-013
Buffer overflow - Buffer overflow DV-014
Incubated vulnerability - Incubated vulnerability DV-015
Testing for HTTP Splitting/Smuggling - HTTP Splitting, Smuggling DV-016
Testing for SQL Wildcard Attacks - SQL Wildcard vulnerability DS-001
Locking Customer Accounts - Locking Customer Accounts DS-002
Testing for DoS Buffer Overflows - Buffer Overflows DS-003
User Specified Object Allocation - User Specified Object Allocation DS-004
User Input as a Loop Counter - User Input as a Loop Counter DS-005
Writing User Provided Data to Disk - Writing User Provided Data to Disk DS-006
Failure to Release Resources - Failure to Release Resources DS-007
Storing too Much Data in Session - Storing too Much Data in Session DS-008
WS Information Gathering - N.A. WS-001
Testing WSDL - WSDL Weakness WS-002
XML Structural Testing - Weak XML Structure WS-003
XML content-level Testing - XML content-level WS-004
HTTP GET parameters/REST Testing - WS HTTP GET parameters/REST WS-005
Naughty SOAP attachments - WS Naughty SOAP attachments WS-006
Replay Testing - WS Replay Testing WS-007
AJAX Vulnerabilities - N.A. AJ-001
AJAX Testing - AJAX weakness AJ-002

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

1N3 / Intruderpayloads

Programming Languages

Labels

Projects that are alternatives of or similar to Intruderpayloads

IntruderPayloads

OWASP TESTING CHECKLIST: