893 Open source projects that are alternatives of or similar to Intruderpayloads

🎯 SQL Injection Payload List

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

🎯 Server Side Template Injection Payloads

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Extract endpoints marked as disallow in robots files to generate wordlists.

Sample files for fuzzing ImageMagick

Rockyou for web fuzzing

No description or website provided.

Infosec Wordlists

🎯 XML External Entity (XXE) Injection Payload List

RAS(RAndom Subdomain) Fuzzer

JavaFuzz 4 Android

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

BugBounty Tool

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

📚 An ultimate collection wordlists of the best-known CMS

HTTP fuzzer engine security oriented

Image Payload Creating/Injecting tools

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

Mining parameters from dark corners of Web Archives

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

A container repository for my public web hacks!

Automated NoSQL database enumeration and web application exploitation tool.

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

expansion of afl-unicorn using c++

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

XSS Payload without Anything.

Command line tool for testing CRLF injection on a list of domains.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Deliberately vulnerable scripts for Web Security training

Vulnerable website scraper

NodeJS Red-Team Cheat Sheet

Easy fuzzing with go-fuzz

🐰 Tool set for fuzz and stress testing your functions!

Hacking tools

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

🎯 Command Injection Payload List

Top disclosed reports from HackerOne

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

All about bug bounty (bypasses, payloads, and etc)

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A list of interesting payloads, tips and tricks for bug bounty hunters.

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

🎯 RFI/LFI Payload List

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Constraint solver based on coverage-guided fuzzing

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

🎯 Open Redirect Payload List