BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+93.67%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+2573.8%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+1860.92%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-96.94%)
solutions-bwappIn progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (-65.5%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-91.7%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-93.01%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+742.36%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-27.73%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+506.77%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+27.29%)
ProtectProactively protect your Node.js web services
Stars: ✭ 394 (-13.97%)
BlazyBlazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Stars: ✭ 637 (+39.08%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-15.07%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+112.88%)
Express Securitynodejs + express security and performance boilerplate.
Stars: ✭ 37 (-91.92%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+123.14%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (-74.89%)
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87 (-81%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-75.33%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-68.12%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-35.81%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (-77.07%)
DomainkerBugBounty Tool
Stars: ✭ 40 (-91.27%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-81.44%)
JavacodeauditGetting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (-36.9%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+320.96%)
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: ✭ 61 (-86.68%)
security-wrapper对springSecurity进行二次开发,提供OAuth2授权(支持跨域名,多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定,解绑)、加密通信等一系列安全场景的解决方案
Stars: ✭ 21 (-95.41%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (-61.79%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+72.71%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+112.66%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+68.34%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-32.31%)
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-50.22%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-74.02%)
Flag-CaptureSolutions and write-ups from security-based competitions also known as Capture The Flag competition
Stars: ✭ 84 (-81.66%)
DamnwebscannerAnother web vulnerabilities scanner, this extension works on Chrome and Opera
Stars: ✭ 254 (-44.54%)
JavasecurityJava web and command line applications demonstrating various security topics
Stars: ✭ 182 (-60.26%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (-62.45%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+329.91%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-93.23%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+4.37%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+471.4%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-81.66%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-41.7%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+542.36%)
BugbountyguideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (-26.2%)
AwesomexssAwesome XSS stuff
Stars: ✭ 3,664 (+700%)
CovertutilsA framework for Backdoor development!
Stars: ✭ 424 (-7.42%)
DnsgenGenerates combination of domain names from the provided input.
Stars: ✭ 389 (-15.07%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-28.38%)
JsshellAn interactive multi-user web JS shell
Stars: ✭ 330 (-27.95%)
PhpjasperA PHP report generator
Stars: ✭ 327 (-28.6%)