593 Open source projects that are alternatives of or similar to Hackerone Reports

Hacking tools

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Source code for Hacker101.com - a free online web and mobile security class.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

List of every possible vulnerabilities in computer security.

In progress rough solutions to bWAPP / bee-box

No description or website provided.

A Deliberately Insecure Web Application

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Powerfull XSS Scanning and Parameter analysis tool&gem

Proactively protect your Node.js web services

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

🎯 SQL Injection Payload List

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

nodejs + express security and performance boilerplate.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A tool to check a bunch of URLs that contain reflecting params.

A big list of Android Hackerone disclosed reports and other resources.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Automating XSS using Bash

Audit tool to find common vulnerabilities in PHP source code

👨‍🏫 Mike's Web Security Course

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Toolset for detecting reflected xss in websites

BugBounty Tool

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Getting started with java code auditing 代码审计入门的小项目

Automated NoSQL database enumeration and web application exploitation tool.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

XSS Payload without Anything.

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

A fast DOM based XSS vulnerability scanner with simplicity.

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Cross-site scripting labs for web application security enthusiasts

Solutions and write-ups from security-based competitions also known as Capture The Flag competition

Another web vulnerabilities scanner, this extension works on Chrome and Opera

Java web and command line applications demonstrating various security topics

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

XSS'OR - Hack with JavaScript.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

XSS in pastebin.com and reddit.com via unsanitized markdown output

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Web Application Security Scanner Framework

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

Awesome XSS stuff

A framework for Backdoor development!

Generates combination of domain names from the provided input.

Web-Security-Learning

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

An interactive multi-user web JS shell

A PHP report generator