1198 Open source projects that are alternatives of or similar to Domainker

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🎯 Server Side Template Injection Payloads

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Credentials Checking Framework

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

A python tool to check subdomain takeover vulnerability

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

🔺 Red Team Hardware Toolkit 🔺

Hacking tools

for mass exploiting

无状态子域名爆破工具

A Powerful Subdomain Takeover Tool

Subdomain Takeover tool written in Go

Pentesting/Bugbounty Dockerfiles.

A MongoDB importer and API for Project Sonars DNS datasets

A Python3 based single-file subdomain enumerator

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Image Payload Creating/Injecting tools

Java web common vulnerabilities and security code which is base on springboot and spring security

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Dynamic Code Injection Tool for Objective-C

Automated NoSQL database enumeration and web application exploitation tool.

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Your Google Recon is Now Automated

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Top disclosed reports from HackerOne

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

RAS(RAndom Subdomain) Fuzzer

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

OneForAll是一款功能强大的子域收集工具

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

hack tools

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Getting started with java code auditing 代码审计入门的小项目

Remote command execution vulnerability scanner for Log4j.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

🎯 SQL Injection Payload List

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Little Bug Bounty & Hacking Tools⚔️

exploit code for F5-Big-IP (CVE-2020-5902)

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Para pencari bug / celah kemanan bisa bergabung.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🎯 Command Injection Payload List

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

NodeJS Red-Team Cheat Sheet