Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-65.77%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (+37.84%)
centCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (+183.78%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-23.42%)
nclnuclei framework scripts
Stars: ✭ 25 (-77.48%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+52.25%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+408.11%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-87.39%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (-37.84%)
PriestExtract server and IP address information from Browser SSRF
Stars: ✭ 13 (-88.29%)
ObserverWard 0x727Cross platform community web fingerprint identification tool
Stars: ✭ 529 (+376.58%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+45.95%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+330.63%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+356.76%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+190.99%)
Jwt PwnSecurity Testing Scripts for JWT
Stars: ✭ 170 (+53.15%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+9100%)
Waf A MoleA guided mutation-based fuzzer for ML-based Web Application Firewalls
Stars: ✭ 51 (-54.05%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-79.28%)
Log KillerClear all your logs in [linux/windows] servers 🛡️
Stars: ✭ 252 (+127.03%)
Prestashop Cve 2018 19126PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
Stars: ✭ 37 (-66.67%)
Pentesting toolkit🏴☠️ Tools for pentesting, CTFs & wargames. 🏴☠️
Stars: ✭ 1,268 (+1042.34%)
DomxssscannerDOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
Stars: ✭ 181 (+63.06%)
ViewstateASP.NET View State Decoder
Stars: ✭ 77 (-30.63%)
Project TauroA Router WiFi key recovery/cracking tool with a twist.
Stars: ✭ 52 (-53.15%)
Bunkerized Nginx🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+2027.03%)
Articles Translator📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Stars: ✭ 606 (+445.95%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+10932.43%)
Corscanner Fast CORS misconfiguration vulnerabilities scanner🍻
Stars: ✭ 601 (+441.44%)
Openftp4A list of all FTP servers in IPv4 that allow anonymous logins.
Stars: ✭ 634 (+471.17%)
Scant3rScanT3r - Web Security Scanner
Stars: ✭ 248 (+123.42%)
Githacker🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind
Stars: ✭ 524 (+372.07%)
TwaA tiny web auditor with strong opinions.
Stars: ✭ 549 (+394.59%)
Cs253.stanford.eduCS 253 Web Security course at Stanford University
Stars: ✭ 155 (+39.64%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-54.95%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+284.68%)
CVE-2020-36179CVE-2020-36179~82 Jackson-databind SSRF&RCE
Stars: ✭ 77 (-30.63%)
Veneno Stars: ✭ 230 (+107.21%)
Breach.twA service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (+29.73%)
LookylooLookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Stars: ✭ 381 (+243.24%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+223.42%)
JiffJavaScript library for building web-based applications that employ secure multi-party computation (MPC).
Stars: ✭ 131 (+18.02%)
Ssrf vulnerable labThis Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Stars: ✭ 361 (+225.23%)
Javaidjava source code static code analysis and danger function identify prog
Stars: ✭ 327 (+194.59%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+79.28%)
C4Open IP cameras in IPv4
Stars: ✭ 123 (+10.81%)
CtftoolsPersonal CTF Toolkit
Stars: ✭ 312 (+181.08%)
ExploHuman and machine readable web vulnerability testing format
Stars: ✭ 114 (+2.7%)
Find-HardcodedYou can find hardcoded Api-Key,Secret,Token Etc..
Stars: ✭ 63 (-43.24%)
Awesome OcapAwesome Object Capabilities and Capability Security
Stars: ✭ 196 (+76.58%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (+2.7%)
Raven-StormRaven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Stars: ✭ 235 (+111.71%)