CloudbunnyCloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Stars: ✭ 273 (-48.39%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+104.35%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-26.47%)
Hack🔰渗透测试资源库🔰黑客工具🔰维基解密文件🔰木马免杀🔰信息安全🔰技能树🔰数据库泄露🔰
Stars: ✭ 460 (-13.04%)
WhatwafDetect and bypass web application firewalls and protection systems
Stars: ✭ 1,881 (+255.58%)
BypassSuperBypass 403 or 401 or 404
Stars: ✭ 81 (-84.69%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+504.54%)
Myscanmyscan 被动扫描
Stars: ✭ 373 (-29.49%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-49.53%)
Awesome Nginx Security🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Stars: ✭ 417 (-21.17%)
BurpcryptoBurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (-33.84%)
Burp-Suite|| Activate Burp Suite Pro with Loader and Key-Generator ||
Stars: ✭ 94 (-82.23%)
NaxsiNAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
Stars: ✭ 3,927 (+642.34%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+629.3%)
nginx-lua-wafNginx-Lua-WAF是一款基于Nginx的使用Lua语言开发的灵活高效的Web应用层防火墙
Stars: ✭ 58 (-89.04%)
Bebasidbebasid dapat membantu membuka halaman situs web yang diblokir oleh pemerintah Indonesia dengan memanfaatkan hosts file.
Stars: ✭ 372 (-29.68%)
Gtfobins.github.ioGTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Stars: ✭ 6,030 (+1039.89%)
EdgeAdminCDN & WAF集群管理系统。
Stars: ✭ 199 (-62.38%)
Xash3d FwgsXash3D FWGS engine. Rebooted fork since big Xash3D 0.99(1.0 is not yet) update.
Stars: ✭ 337 (-36.29%)
broomA disk cleaning utility for developers.
Stars: ✭ 38 (-92.82%)
CFX-BYPASSBypass it, you won't be Banned when playing cheats 2022
Stars: ✭ 18 (-96.6%)
AutorizeAutomatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (-23.25%)
Padrino FrameworkPadrino is a full-stack ruby framework built upon Sinatra.
Stars: ✭ 3,310 (+525.71%)
bypassAV免杀 defender 360 cobalstrike shellcode
Stars: ✭ 54 (-89.79%)
IdentywafBlind WAF identification tool
Stars: ✭ 291 (-44.99%)
Aes KillerBurp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
Stars: ✭ 446 (-15.69%)
Fomalhaut🚀 A Simple API Gateway for Building Security and Flexible Microservices.
Stars: ✭ 272 (-48.58%)
Burpsuite Secret finderBurp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
Stars: ✭ 483 (-8.7%)
MouseInjectDetectionSimple method of checking whether or not mouse movement or buttons (<windows 10) are injected
Stars: ✭ 29 (-94.52%)
Kalirouterintercepting kali router
Stars: ✭ 374 (-29.3%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-19.28%)
burp data collectorA Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting
Stars: ✭ 58 (-89.04%)
K8toolsK8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+688.85%)
AwsA collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (-6.81%)
gtfoSearch for Unix binaries that can be exploited to bypass system security restrictions.
Stars: ✭ 88 (-83.36%)
Awesome Waf🔥 Everything about web-application firewalls (WAF).
Stars: ✭ 4,047 (+665.03%)
auth analyzerBurp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-85.44%)
Hatclouddiscontinued
Stars: ✭ 418 (-20.98%)
Htrace.shMy simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+555.01%)
litewafLightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-93.95%)
CaACaA - BurpSuite Collector and Analyzer
Stars: ✭ 292 (-44.8%)
Mega-index-herokuMega nz heroku index, Serves mega.nz to http via heroku web. It Alters downloading speed and stability
Stars: ✭ 165 (-68.81%)
HaeHaE - BurpSuite Highlighter and Extractor
Stars: ✭ 397 (-24.95%)
paywallr🔓 Web extension for reading articles locked behind paywalls of over 50 german newspapers, e.g. Frankfurter Allgemeine Zeitung, Leipziger Volkszeitung & Hamburger Abendblatt
Stars: ✭ 63 (-88.09%)
JugglerA system that may trick hackers. 一个也许能骗到黑客的系统。
Stars: ✭ 321 (-39.32%)
k8s-lempLEMP stack in a Kubernetes cluster
Stars: ✭ 74 (-86.01%)
BurpdeveltrainingMaterial for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
Stars: ✭ 302 (-42.91%)
Trustmealready🔓 Disable SSL verification and pinning on Android, system-wide
Stars: ✭ 506 (-4.35%)
Iprotate burp extensionExtension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Stars: ✭ 484 (-8.51%)