716 Open source projects that are alternatives of or similar to Bxss

Extract subdomains from SSL certificates in HTTPS sites.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

Http request smuggling vulnerability scanner

Intentionally vulnerable Android application.

Para pencari bug / celah kemanan bisa bergabung.

Credentials Checking Framework

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Notes Taken for HTB Machines & InfoSec Community.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Hourly updated database of exploit and exploitation reports

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

Some files for bruteforcing certain things.

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Kubernetes Scanner

Extraction of iMessage Data via XSS

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

Reinforced Mitigation Security Filter

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Unleash the power of cloud

Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

A Blazing fast Security Auditing tool for Kubernetes

A collection of all the data i could extract from 1 billion leaked credentials from internet.

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Validate all your Customer IAM Policies against AWS Access Analyzer - Policy Validation

Mass querying whois records

Infosec resource center for offensive and defensive security operations.

Python API wrapper for haveibeenpwned.com (API v3)

A support library for Ronin. Like activesupport, but for hacking!

A Lambda-powered Security Orchestration framework for AWS GuardDuty

OSINT Project

一款适用于红蓝对抗中的仿真钓鱼系统

My personal bug bounty toolkit.

List of my talks and workshops: security engineering, applied cryptography, secure software development

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

🌒 Shell command obfuscation to avoid detection systems

Some good resources for getting started with application security

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Dorothy is a tool to test security monitoring and detection for Okta environments

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…

🔐 Security advisories as a simple composer exclusion list, updated daily

No description or website provided.

The initial conversation slides and menu of scenarios

🔓 A dynamic dictionary merger for successful dictionary based attacks.

Inclusive Angular API for DOMPurify

Nozzlr is a bruteforce framework, trully modular and script-friendly

An automated target reconnaissance pipeline.

Flutter Reverse Engineering Framework

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

Web Application Secure Coding Handbook resource.

Selenium powered Python script to automate searching for vulnerable web apps.

unix wildcard attacks

LLMNR/NBNS/mDNS Spoofing Detection Toolkit

One stop place for exploiting Jira instances in your proximity

Search for Unix binaries that can be exploited to bypass system security restrictions.

Nuclei templates for K8S security scanning

Tool to bypass 40X response codes.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF