403 Open source projects that are alternatives of or similar to Godnslog

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Extraction of iMessage Data via XSS

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Audit tool to find common vulnerabilities in PHP source code

Getting started with java code auditing 代码审计入门的小项目

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Powerful dork searcher and vulnerability scanner for windows platform

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Source code for Hacker101.com - a free online web and mobile security class.

Hacking tools

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

XSS in pastebin.com and reddit.com via unsanitized markdown output

Top disclosed reports from HackerOne

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

DoS PoC's for SAP products

A few SQL and XSS attack tools

Go Web Application Penetration Test

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

JAVA 漏洞靶场 (Vulnerability Environment For Java)

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

🔪Browser logic vulnerabilities ☠️

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

Cross-site scripting labs for web application security enthusiasts

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

Vulnerability (CVE) scanner for Nix/NixOS.

Safari local file reader

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

Automating XSS using Bash

A vulnerable iOS App with Security Challenges for the Security Researcher inside you.

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

A tool to check a bunch of URLs that contain reflecting params.

Java漏洞学习笔记 Deserialization Vulnerability

XSS'OR - Hack with JavaScript.

🔥 An Exploit framework for Web Vulnerabilities written in Python

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Greenbone Vulnerability Manager

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Vulnerability Recurrence:漏洞复现记录

WAScan - Web Application Scanner

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A web crawler (for bug hunting) that gathers more than you can imagine.

解析VIP资源，解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址

DDoor - cross platform backdoor using dns txt records

Weblogic coherence.jar RCE

web scanner - exploitation - information gathering

Wordpress Vulnerability Scanner

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Vulnerability Database | huntr.dev

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.