671 Open source projects that are alternatives of or similar to Eagle

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

BugBounty Tool

Credentials Checking Framework

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Modified Nuclei Templates Version to FUZZ Host Header

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Source code for Hacker101.com - a free online web and mobile security class.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Top disclosed reports from HackerOne

Hacking tools

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Para pencari bug / celah kemanan bisa bergabung.

🔪Browser logic vulnerabilities ☠️

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

XSS in pastebin.com and reddit.com via unsanitized markdown output

No description or website provided.

A fast DOM based XSS vulnerability scanner with simplicity.

A list of resources for those interested in getting started in bug bounties

Simple Script to install recommended Bug Bounty Hunting Tools In Your Linux Disto

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A tool to check a bunch of URLs that contain reflecting params.

Cross-site scripting labs for web application security enthusiasts

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Extraction of iMessage Data via XSS

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Automating XSS using Bash

Powerfull XSS Scanning and Parameter analysis tool&gem

A big list of Android Hackerone disclosed reports and other resources.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Toolset for detecting reflected xss in websites

Extract server and IP address information from Browser SSRF

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Nuclei Templates to reproduce Cracking the lens's Research

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

XSS Payload without Anything.

A Kafka Connect Source for FTP servers - Monitors files on an FTP server and feeds changes into Kafka

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Advisories and Proofs of Concept by BlackArrow

Public Disclosures

🚀 Floyer is simple and fast deployment tool using git/svn and (S)FTP - especially useful for shared hosting.

本脚本旨在生成各类畸形URL链接，进行探测使用的payload，尝试绕过服务端ssrf限制。

utility to sanitize hast nodes

vsftpd Docker Image

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Simultaneously execute various subdomain enumeration tools and aggregate results.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

make http(s) request to prevent SSRF

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

A Deliberately Insecure Web Application

sub domain wild card filtering tool

Powerful dork searcher and vulnerability scanner for windows platform

Domain availbility checker

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.