PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-63.53%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+169.41%)
DomainkerBugBounty Tool
Stars: ✭ 40 (-52.94%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-41.18%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+1749.41%)
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-55.29%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1045.88%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+14307.06%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+1047.06%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+1102.35%)
BugHunterIDPara pencari bug / celah kemanan bisa bergabung.
Stars: ✭ 72 (-15.29%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+564.71%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+830.59%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-1.18%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-55.29%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+264.71%)
BugzeeSimple Script to install recommended Bug Bounty Hunting Tools In Your Linux Disto
Stars: ✭ 42 (-50.59%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (+35.29%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+40%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+896.47%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+2978.82%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-38.82%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-31.76%)
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+836.47%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (+32.94%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+585.88%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+245.88%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (+23.53%)
PriestExtract server and IP address information from Browser SSRF
Stars: ✭ 13 (-84.71%)
Bounty Targets DataThis repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Stars: ✭ 1,783 (+1997.65%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+289.41%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+943.53%)
Blind-SSRFNuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (+30.59%)
Bugs-feedBug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+5.88%)
kafka-connect-ftpA Kafka Connect Source for FTP servers - Monitors files on an FTP server and feeds changes into Kafka
Stars: ✭ 46 (-45.88%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+1323.53%)
advisoriesAdvisories and Proofs of Concept by BlackArrow
Stars: ✭ 17 (-80%)
floyer🚀 Floyer is simple and fast deployment tool using git/svn and (S)FTP - especially useful for shared hosting.
Stars: ✭ 57 (-32.94%)
SSRF payload本脚本旨在生成各类畸形URL链接,进行探测使用的payload,尝试绕过服务端ssrf限制。
Stars: ✭ 28 (-67.06%)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-69.41%)
SubWalkerSimultaneously execute various subdomain enumeration tools and aggregate results.
Stars: ✭ 26 (-69.41%)
webapp-wordlistsThis repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
Stars: ✭ 306 (+260%)
aneweranewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew
Stars: ✭ 46 (-45.88%)
ssrf-agentmake http(s) request to prevent SSRF
Stars: ✭ 16 (-81.18%)
ldapconsoleThe ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Stars: ✭ 25 (-70.59%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-62.35%)
gwdomainssub domain wild card filtering tool
Stars: ✭ 38 (-55.29%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (+12.94%)
recceDomain availbility checker
Stars: ✭ 30 (-64.71%)
OffensiveCloudDistributionLeverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Stars: ✭ 86 (+1.18%)