523 Open source projects that are alternatives of or similar to Awsome Security Write Ups And Pocs

🎯 Command Injection Payload List

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

XSS in pastebin.com and reddit.com via unsanitized markdown output

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Penetration tests guide based on OWASP including test cases, resources and examples.

Misc. Public Reports of Penetration Testing and Security Audits.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Tutorials and Things to Do while Hunting Vulnerability.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Rockyou for web fuzzing

Awesome Vulnerable Applications

A tool to fastly get all javascript sources/files

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

ADAPT is a tool that performs automated Penetration Testing for WebApps.

Gem vulnerability checker using rubysec/ruby-advisory-db

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Tool for catching and logging different types of requests.

API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Change monitoring app that checks the content of web pages in different periods.

🎯 RFI/LFI Payload List

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Automated All-in-One OS Command Injection Exploitation Tool.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

An OSINT tool to find contacts in order to report security vulnerabilities.

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.

Community curated list of public bug bounty and responsible disclosure programs.

List of real-world threats against endpoint protection software

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

A passive subdomain finder

Default signature for Jaeles Scanner

Simple shell script for automated domain recognition with some tools

Original Automated CVE Checking Tool

A Binary Ninja plugin for vulnerability research.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

Python library and CLI for the Bug Bounty Recon API

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Poor (rich?) man's bug bounty pipeline

Java漏洞学习笔记 Deserialization Vulnerability

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

A simple SSRF-testing sheriff written in Go

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

A collection of JavaScript engine CVEs with PoCs

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

A tool to automate the boring process of APK recon

Advanced vulnerability scanning with Nmap NSE

🔺 Red Team Hardware Toolkit 🔺

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.