Jsonpjsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Stars: ✭ 131 (-56.77%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+506.27%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+256.77%)
GadgetprobeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (+25.74%)
Log Requests To SqliteBURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Stars: ✭ 44 (-85.48%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (-42.9%)
SwurgParse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-68.98%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (-52.48%)
BadIntentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 316 (+4.29%)
SQLbitJust another script for automatize boolean-based blind SQL injections. (Demo)
Stars: ✭ 30 (-90.1%)
DorknetSelenium powered Python script to automate searching for vulnerable web apps.
Stars: ✭ 256 (-15.51%)
WiFi-ProjectPre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-92.74%)
offensive-docker-vpsCreate a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.
Stars: ✭ 66 (-78.22%)
Dumpall一款信息泄漏利用工具,适用于.git/.svn源代码泄漏和.DS_Store泄漏
Stars: ✭ 250 (-17.49%)
Raven-StormRaven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Stars: ✭ 235 (-22.44%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+1056.11%)
AppAuth-OAuth2-Books-DemoA companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk
Stars: ✭ 22 (-92.74%)
docker-osmedeusDocker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 78 (-74.26%)
CVE-2020-0688-ScannerQuick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.
Stars: ✭ 38 (-87.46%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (-64.69%)
Cheatsheet GodPenetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+1062.05%)
Red-Team-EssentialsThis repo will contain some basic pentest/RT commands.
Stars: ✭ 22 (-92.74%)
avainA Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (-81.52%)
CTF-WriteupsRepository of my CTF writeups
Stars: ✭ 25 (-91.75%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-32.34%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-95.38%)
PowerProxyPowerShell SOCKS proxy with reverse proxy capabilities
Stars: ✭ 29 (-90.43%)
UptuxLinux privilege escalation checks (systemd, dbus, socket fun, etc)
Stars: ✭ 260 (-14.19%)
ElliotA pentesting tool inspired by mr robot and derived by zphisher
Stars: ✭ 23 (-92.41%)
Rshijacktcp connection hijacker, rust rewrite of shijack
Stars: ✭ 288 (-4.95%)
auth analyzerBurp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-74.59%)
Lyncsmashlocate and attack Lync/Skype for Business
Stars: ✭ 258 (-14.85%)
EvilUSBQuick utility to craft executables for pentesting and managing reverse shells
Stars: ✭ 33 (-89.11%)
HOUDINIHundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
Stars: ✭ 791 (+161.06%)
ReSignA burp extender that recalculate signature value automatically after you modified request parameter value.
Stars: ✭ 52 (-82.84%)
Xunfeng巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+933.33%)
QuickScanPort scanning and domain utility.
Stars: ✭ 26 (-91.42%)
Deep-InsideCommand line tool that allows you to explore IoT devices by using Shodan API.
Stars: ✭ 22 (-92.74%)
CcatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Stars: ✭ 300 (-0.99%)
quick-recon.pyDo some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-95.71%)
ShonyDanzaA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: ✭ 86 (-71.62%)
FacebookBugFacebook Write-ups, PoC, and exploitation codes:
Stars: ✭ 28 (-90.76%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+955.45%)
serverHashtopolis - A Hashcat wrapper for distributed hashcracking
Stars: ✭ 954 (+214.85%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-71.95%)
SecurityExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: ✭ 301 (-0.66%)
juice-shop-ctfCapture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox
Stars: ✭ 287 (-5.28%)
PentmenuA bash script for recon and DOS attacks
Stars: ✭ 288 (-4.95%)
PhishapiComprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (-10.23%)
HopLaHopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
Stars: ✭ 446 (+47.19%)
gsm-assessment-toolkitGSM Assessment Toolkit - A security evaluation framework for GSM networks
Stars: ✭ 60 (-80.2%)
BrutusBotnet targeting Windows machines written entirely in Python & open source security project.
Stars: ✭ 37 (-87.79%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-88.45%)
CripsIP Tools To quickly get information about IP Address's, Web Pages and DNS records.
Stars: ✭ 272 (-10.23%)