DomainkerBugBounty Tool
Stars: ✭ 40 (-57.89%)
security-wrapper对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (-77.89%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+433.68%)
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (+140%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-60%)
CVE-2022-21907-http.sysProof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Stars: ✭ 67 (-29.47%)
EdgeAdminCDN & WAF集群管理系统。
Stars: ✭ 199 (+109.47%)
RoguesploitPowerfull Wi-Fi trap!
Stars: ✭ 262 (+175.79%)
Jenkins Rce😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
Stars: ✭ 262 (+175.79%)
Cve 2019 1003000 Jenkins Rce PocJenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+184.21%)
Umbraco-RCEUmbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (-35.79%)
JavacodeauditGetting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (+204.21%)
Nps一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Stars: ✭ 19,537 (+20465.26%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+226.32%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+3587.37%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+248.42%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (+245.26%)
KatanaA Python Tool For google Hacking
Stars: ✭ 355 (+273.68%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+3469.47%)
Afl UtilsUtilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
Stars: ✭ 383 (+303.16%)
MaryamMaryam: Open-source Intelligence(OSINT) Framework
Stars: ✭ 371 (+290.53%)
BrutesploitBruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used in CTF for manipulation,combine,transform and permutation some words or file text :p
Stars: ✭ 424 (+346.32%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (+286.32%)
K8cscanK8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (+629.47%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (+577.89%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+493.68%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 6,284 (+6514.74%)
RedcloudAutomated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (+480%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+727.37%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+732.63%)
AtscanAdvanced dork Search & Mass Exploit Scanner
Stars: ✭ 817 (+760%)
Jok3rJok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+578.95%)
Packer FuzzerPacker Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
Stars: ✭ 753 (+692.63%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+34541.05%)
ParamspiderMining parameters from dark corners of Web Archives
Stars: ✭ 781 (+722.11%)
Dumpsterfire"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+715.79%)
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+737.89%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+707.37%)
Pwn jenkinsNotes about attacking Jenkins servers
Stars: ✭ 841 (+785.26%)
Impulse💣 Impulse Denial-of-service ToolKit
Stars: ✭ 538 (+466.32%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+700%)
WhourTool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-81.05%)
SootyThe SOC Analysts all-in-one CLI tool to automate and speed up workflow.
Stars: ✭ 867 (+812.63%)
Bash ToolkitEste proyecto esá destinado a ayudar a los sysadmin
Stars: ✭ 13 (-86.32%)
BrutexAutomatically brute force all services running on a target.
Stars: ✭ 974 (+925.26%)
NettackerAutomated Penetration Testing Framework
Stars: ✭ 982 (+933.68%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+926.32%)
PowerladonLadon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Stars: ✭ 39 (-58.95%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+975.79%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (+1168.42%)
Hev Socks5 ServerA simple, lightweight socks5 server for Unix (Linux/BSD/macOS)
Stars: ✭ 33 (-65.26%)
Java Sec CodeJava web common vulnerabilities and security code which is base on springboot and spring security
Stars: ✭ 1,033 (+987.37%)
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (-49.47%)