PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-86.46%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-74.67%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-78.17%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+586.46%)
DomainkerBugBounty Tool
Stars: ✭ 40 (-82.53%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-62.88%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+44.54%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-73.8%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-72.93%)
bhedakA replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
Stars: ✭ 77 (-66.38%)
Bugbounty CheatsheetA list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+1491.27%)
Learn365This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (+129.26%)
BugbountyguideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (+47.6%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+368.56%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+3064.19%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+751.09%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+421.4%)
AutosetupAuto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-38.86%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-28.82%)
cyber-securityCybersecurity stuff for both the blue team and the red team, mostly red though.
Stars: ✭ 34 (-85.15%)
BrutusBotnet targeting Windows machines written entirely in Python & open source security project.
Stars: ✭ 37 (-83.84%)
SecuritymanageframworkSecurity Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (+65.07%)
RoutersploitExploitation Framework for Embedded Devices
Stars: ✭ 9,866 (+4208.3%)
Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (+19.65%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+1470.31%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (+27.51%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+122.27%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (+85.15%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (+165.5%)
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (+17.03%)
Bug Bounty ResponsesA collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-79.91%)
Legal Bug Bounty#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-81.66%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-75.55%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (+200.44%)
Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-58.08%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+475.98%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-35.37%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (+17.03%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-5.68%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1126.2%)
Xunfeng巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+1267.25%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-12.23%)
H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+4463.76%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (+406.55%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-14.41%)
ZileExtract API keys from file or url using by magic of python and regex.
Stars: ✭ 61 (-73.36%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+243.23%)
Sec Admin分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Stars: ✭ 222 (-3.06%)
FSEC-VMBackend logic implementation for Vulnerability Management System
Stars: ✭ 19 (-91.7%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-37.99%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (-9.17%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-85.59%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-81.22%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1401.75%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-20.52%)