1826 Open source projects that are alternatives of or similar to Command Injection Payload List

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

🎯 RFI/LFI Payload List

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

SQL Injection Payload List

🎯 SQL Injection Payload List

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Misc. Public Reports of Penetration Testing and Security Audits.

🎯 Server Side Template Injection Payloads

Penetration tests guide based on OWASP including test cases, resources and examples.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

SerenityOS is a love letter to '90s user interfaces with a custom Unix-like core. It flatters with sincerity by stealing beautiful ideas from various other systems.

UNIX 6th Edition Kernel Source Code

It is a note about security on nodejs

Cross Origin Resource Sharing MisConfiguration Scanner

hiboot is a high performance web and cli application framework with dependency injection support

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Tupai is a multi-tasking operating system I wrote for my degree that focuses on safety and design, targeting a variety of platforms.

Some of my public exploits

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

My notes after reading 'Modern Operating Systems' book by Andrew Tanenbaum and Herbert Bos.

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Full Nuclei automation script with logic explanation.

Yet another hobby x86 UNIX-like operating system written in C and C++. Features a dynamically linked userspace, an in-house c standard library, and more! And yes, it runs DOOM.

Main kernel tree

XSS in pastebin.com and reddit.com via unsanitized markdown output

📗 How to write cross-platform Node.js code

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Frosted: Free POSIX OS for tiny embedded devices

An open-source Unix operating system

BugBounty Tool

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

convert any python function to unix-style command

Unikraft is an automated system for building specialized POSIX-compliant OSes known as unikernels. (Core repository)

Awesome Writeups and POCs

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

UNIX-like operating system written in C and C++

AiliceOS: Build an x86_64 and UEFI OS using Rust

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Coherent OS

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Tutorials and Things to Do while Hunting Vulnerability.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

find all "blackhole" directories with a huge amount of filesystem entries in a flat structure

Advanced Web Browser Fingerprinting

Sistema de Controle de Ordens de Serviço

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

SixArm.com » Unix » shell scripts for command line programs in sh, bash, etc.

PHP Security Check List [ EN ] 🌋 ☣️

A few SQL and XSS attack tools

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Go Web Application Penetration Test

🎯 XML External Entity (XXE) Injection Payload List

Subdomain takeover vulnerability checker

Web application vulnerability scanner

hack tools

AquilaOS: UNIX-like Operating System

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.