978 Open source projects that are alternatives of or similar to Findom Xss

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Yet Another PHP Shell - The most complete PHP reverse shell

Powerfull XSS Scanning and Parameter analysis tool&gem

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Phishing Tool & Information Collector

A tool to fastly get all javascript sources/files

Pentest: Subdomains enumeration tool for penetration testers.

Toolset for detecting reflected xss in websites

Pentest/BugBounty progress control with scanning modules

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Passwords Recovery Tool

Automated All-in-One OS Command Injection Exploitation Tool.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

XSS in pastebin.com and reddit.com via unsanitized markdown output

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Misc. Public Reports of Penetration Testing and Security Audits.

Next generation web scanner

A Tool for Domain Flyovers

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Selenium powered Python script to automate searching for vulnerable web apps.

A wrapper for Nmap to quickly run network scans

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

The ultimate WinRM shell for hacking/pentesting

Intelligence and Reconnaissance Package/Bundle installer.

🔐 Docker Container for Penetration Testing & Security

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

A tool to test security of json web token

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Vagrant VirtualBox environment for conducting an internal network penetration test

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Rockyou for web fuzzing

Turn your VPS into an attack box

Related subdomains finder

Hetty is an HTTP toolkit for security research.

A Cloudflare resolver that works

Awesome cloud enumerator

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

No description or website provided.

List of every possible vulnerabilities in computer security.

Framework for rapid development and reusable of security tools

Pentest/BugBounty progress control with scanning modules

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

🦄🔒 Awesome list of secrets in environment variables 🖥️

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

An automated approach to performing recon for bug bounty hunting and penetration testing.

A python tool to check subdomain takeover vulnerability

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight