383 Open source projects that are alternatives of or similar to Blind-SSRF

Modified Nuclei Templates Version to FUZZ Host Header

Full Nuclei automation script with logic explanation.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Running nuclei Continuously

Some contributions in the nuclei-templates repository

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

nuclei framework scripts

Python library and CLI for the Bug Bounty Recon API

A list of resources for those interested in getting started in bug bounties

Making Favicon.ico based Recon Great again !

Good resources about web security that I have read.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Extract server and IP address information from Browser SSRF

Cross platform community web fingerprint identification tool

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A curated list of various bug bounty tools

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

HTTP Cache Poisoning Demo

Security Testing Scripts for JWT

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A guided mutation-based fuzzer for ML-based Web Application Firewalls

all manner of wordlists

Clear all your logs in [linux/windows] servers 🛡️

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

ASP.NET View State Decoder

A collection of some of my scripts

A Router WiFi key recovery/cracking tool with a twist.

🛡️ Make your web services secure by default !

📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.

Source code for Hacker101.com - a free online web and mobile security class.

Fast CORS misconfiguration vulnerabilities scanner🍻

A list of all FTP servers in IPv4 that allow anonymous logins.

ScanT3r - Web Security Scanner

🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind

A tiny web auditor with strong opinions.

CS 253 Web Security course at Stanford University

Credentials Checking Framework

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

CVE-2020-36179~82 Jackson-databind SSRF&RCE

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Web application vulnerability scanner

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

java source code static code analysis and danger function identify prog

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Open IP cameras in IPv4

A list of web application security

Personal CTF Toolkit

Human and machine readable web vulnerability testing format

🎯 PHP / ASP - Shell Backdoor List 🎯

You can find hardcoded Api-Key,Secret,Token Etc..

Awesome Object Capabilities and Capability Security

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.