1735 Open source projects that are alternatives of or similar to Damn Vulnerable Graphql Application

A collection of manifests that will create pods with elevated privileges.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Penetration Testing Platform

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

JSON RSA to HMAC and None Algorithm Vulnerability POC

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Android application fuzzing framework with fuzzers and crash monitor.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Some of my public exploits

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Audit tool to find common vulnerabilities in PHP source code

Advanced vulnerability scanning with Nmap NSE

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Advanced Web Browser Fingerprinting

Common Web Managers Fuzz Wordlists

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Penetration test Achieve Knowledge Unite Rapid Interface

Vulnerability assessment and penetration testing automation and reporting platform for teams.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

Automatic SSRF fuzzer and exploitation tool

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Penetration tests guide based on OWASP including test cases, resources and examples.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Android Kernel Exploitation

Sifter aims to be a fully loaded Op Centre for Pentesters

The New Hacking Framework

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

AniList API V2 GraphQL Documentation

DEITY Falcon - Progressive Web App library for any type of website. Fully Open Source, Platform Agnostic and headless. OSL3.0. Supports Magento 2 PWA storefront, Wordpress PWA and BigCommerce PWA Storefront. Built with ReactJS, NodeJS and GraphQL. Join our community and become a contributor at https://slack.deity.io

A Graphql query cost analyzer.

mXtract - Memory Extractor & Analyzer

Hide Elastic Search REST API behind GraphQL.

Automatically create a GraphQL server from a SQLite database or a SQL file

Letterpad is an open-source and a high performant publishing engine for blogs built with react & graphql and runs ridiculously fast 🚀

Notes for taking the OSCP in 2097. Read in book form on GitBook

GraphQL 'Star Wars' example using GraphQL for .NET, ASP.NET Core, Entity Framework Core

A laboratory for learning secure web and mobile development in a practical manner.

Auto Scanning to SSL Vulnerability

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

hack tools

hydra

Sample using AWS Amplify and AWS AppSync together for user login and authorization when making GraphQL queries and mutations. Also includes complex objects for uploading and downloading data to and from S3 with a React app.

Source code for React Quickly [Manning, 2017]: Painless Web Apps with React, JSX, Redux, and GraphQL 📕

A distributed nmap / masscan scanning framework complete with an API client for automation workflows

My personal site

Directus Database API — Wraps Custom SQL Databases with a REST/GraphQL API