1805 Open source projects that are alternatives of or similar to Hackvault

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

A high performance offensive security tool for reconnaissance and vulnerability scanning

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

📚 An ultimate collection wordlists of the best-known CMS

Reverse Shell as a Service

Web Pentesting Fuzz 字典,一个就够了。

A fast DOM based XSS vulnerability scanner with simplicity.

swiss army knife for hackers

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Network based protocol fuzzer

Powerful dork searcher and vulnerability scanner for windows platform

Do some quick reconnaissance on a domain-based web-application

Yet Another PHP Shell - The most complete PHP reverse shell

A few SQL and XSS attack tools

Infosec Wordlists

An interactive multi-user web JS shell

🦄🔒 Awesome list of secrets in environment variables 🖥️

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Making Favicon.ico based Recon Great again !

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

All about bug bounty (bypasses, payloads, and etc)

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Semi-automatic OSINT framework and package manager

The Last Web Recon Tool You'll Need

A Deliberately Insecure Web Application

XSS Payload without Anything.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

List of every possible vulnerabilities in computer security.

Summary of online learning materials

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

OSINT

Open Redirect Payloads

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

mXtract - Memory Extractor & Analyzer

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A list of resources for those interested in getting started in bug bounties

Web path scanner

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

pentest framework

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Extraction of iMessage Data via XSS

A regular expression fuzzer.