BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+415.7%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+55.23%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-69.77%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+2143.02%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-15.12%)
JavacodeauditGetting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (+68.02%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (-44.19%)
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
Stars: ✭ 26 (-84.88%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+7019.77%)
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+3515.12%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-51.16%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+40.12%)
SQL-XSSA few SQL and XSS attack tools
Stars: ✭ 29 (-83.14%)
GowaptGo Web Application Penetration Test
Stars: ✭ 300 (+74.42%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-81.98%)
cloudrasp-log4j2一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
Stars: ✭ 105 (-38.95%)
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (+32.56%)
PwnX.py🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-82.56%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (+55.23%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+228.49%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+392.44%)
Bluemondaybluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Stars: ✭ 2,135 (+1141.28%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-30.81%)
FortiscanA high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.
Stars: ✭ 120 (-30.23%)
VulnixVulnerability (CVE) scanner for Nix/NixOS.
Stars: ✭ 161 (-6.4%)
SafilerSafari local file reader
Stars: ✭ 118 (-31.4%)
XvwaXVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.
Stars: ✭ 1,540 (+795.35%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-34.3%)
MyriamA vulnerable iOS App with Security Challenges for the Security Researcher inside you.
Stars: ✭ 146 (-15.12%)
Python Xss FilterBased on native Python module HTMLParser purifier of HTML, To Clear all javascript in html
Stars: ✭ 115 (-33.14%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (-33.14%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+1044.77%)
Exploit Framework🔥 An Exploit framework for Web Vulnerabilities written in Python
Stars: ✭ 144 (-16.28%)
ShurikenCross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (-33.72%)
ArissploitArissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-33.72%)
GvmdGreenbone Vulnerability Manager
Stars: ✭ 140 (-18.6%)
DockleContainer Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
Stars: ✭ 1,713 (+895.93%)
VulrecVulnerability Recurrence:漏洞复现记录
Stars: ✭ 109 (-36.63%)
WascanWAScan - Web Application Scanner
Stars: ✭ 1,895 (+1001.74%)
LinuxflawThis repo records all the vulnerabilities of linux software I have reproduced in my local workspace
Stars: ✭ 140 (-18.6%)
Cve 2019 7609exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts
Stars: ✭ 108 (-37.21%)
AnsvifA Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (-37.79%)
WpreconWPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (-21.51%)
Parsevip解析VIP资源,解析出酷狗、QQ音乐、腾讯视频、人人视频的真实地址
Stars: ✭ 105 (-38.95%)
DdoorDDoor - cross platform backdoor using dns txt records
Stars: ✭ 168 (-2.33%)
Zeebsploitweb scanner - exploitation - information gathering
Stars: ✭ 159 (-7.56%)
Gitlab rceRCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (-39.53%)
Nonce DisrespectNonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
Stars: ✭ 103 (-40.12%)
HuntrVulnerability Database | huntr.dev
Stars: ✭ 136 (-20.93%)
VailynA phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-40.12%)
Burp Retire JsBurp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Stars: ✭ 157 (-8.72%)