545 Open source projects that are alternatives of or similar to cd

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

List of every possible vulnerabilities in computer security.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

🆕 The Multi-Tool Web Vulnerability Scanner.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Audit tool to find common vulnerabilities in PHP source code

A web application for generating custom XSS payloads

Sifter aims to be a fully loaded Op Centre for Pentesters

Web Application Security Scanner Framework

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Git All the Payloads! A collection of web attack payloads.

Cross-site scripting labs for web application security enthusiasts

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

🖤 网络安全与渗透测试工具导航

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.

A container repository for my public web hacks!

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Microsoft Azure Exploitation Framework

A jQuery augmented PHP library for creating secure HTML forms, and validating them easily

👨‍🏫 Mike's Web Security Course

Hacking tools

Hooks in to interesting functions and helps reverse the web app faster.

Automating XSS using Bash

PowerShell payload generator

A tool to check a bunch of URLs that contain reflecting params.

Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

Collection of quality safety articles. Awesome articles.

A list of useful payloads for Web Application Security and Pentest/CTF

Proof of Concept code for CVE-2015-0345 (APSB15-07)

The Serverless Blind XSS App

Most advanced XSS scanner.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

bug bounty hunters starter notes

Extraction of iMessage Data via XSS

利用XSS入侵内网(Use XSS automation Invade intranet)

Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS

pentest framework

Java web and command line applications demonstrating various security topics

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Turn PuTTY into an SSH login bruteforcing tool.

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

nodejs + express security and performance boilerplate.

JSshell - JavaScript reverse/remote shell

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.