2848 Open source projects that are alternatives of or similar to Cazador_unr

BugBounty Tool

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

JAVA 漏洞靶场 (Vulnerability Environment For Java)

No description or website provided.

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Complete and detailed explanation of HTTP connection lifecycle

CDN & WAF集群管理系统。

Powerfull Wi-Fi trap!

🦄🔒 Awesome list of secrets in environment variables 🖥️

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Getting started with java code auditing 代码审计入门的小项目

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.

A fast DOM based XSS vulnerability scanner with simplicity.

Next generation web scanner

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A Python Tool For google Hacking

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

Maryam: Open-source Intelligence(OSINT) Framework

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p

Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台，无需编写代码的安全自动化，使用 SOAR 可以让团队工作更加高效

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

🎯 SQL Injection Payload List

A list of resources for those interested in getting started in bug bounties

Making Favicon.ico based Recon Great again !

In-depth Attack Surface Mapping and Asset Discovery

Automated Red Team Infrastructure deployement using Docker

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Advanced dork Search & Mass Exploit Scanner

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Mining parameters from dark corners of Web Archives

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Notes about attacking Jenkins servers

💣 Impulse Denial-of-service ToolKit

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

Este proyecto esá destinado a ayudar a los sysadmin

Automatically brute force all services running on a target.

Automated Penetration Testing Framework

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Just a DNS utility.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

A simple, lightweight socks5 server for Unix (Linux/BSD/macOS)

websocket-connection-smuggler

Java web common vulnerabilities and security code which is base on springboot and spring security

xWAF 3.0 - Free Web Application Firewall, Open-Source.