893 Open source projects that are alternatives of or similar to Intruderpayloads

Constraint solver based on coverage-guided fuzzing

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Property based testing framework for JavaScript (like QuickCheck) written in TypeScript

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

🎯 Open Redirect Payload List

A tool to automate the boring process of APK recon

coverage guided fuzz testing for python

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

Tool for catching and logging different types of requests.

Spectre attack against SGX enclave

Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ]

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Default signature for Jaeles Scanner

Decode All Bases - Base Scheme Decoder

A unified console to perform the "kill chain" stages of attacks.

A high performance offensive security tool for reconnaissance and vulnerability scanning

Fuzz your Rust code with Google-developed Honggfuzz !

bobby-tables.com, the site for preventing SQL injections

Have fun injecting SQL into a Ruby on Rails application!

Tutorials and Things to Do while Hunting Vulnerability.

Seeding fuzzers with symbolic execution

Change monitoring app that checks the content of web pages in different periods.

A powerful capture and injection tool for the Android platform

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

linux elf injector for x86 x86_64 arm arm64

Rapid is a Go library for property-based testing that supports state machine ("stateful" or "model-based") testing and fully automatic test case minimization ("shrinking")

Automate security tests using Burp Suite.

A certifiable defense against adversarial examples by training neural networks to be provably robust

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

An attack tool designed to remotely disable CCTV camera streams (like in spy movies)

Lightweight dependency injection container for JavaScript/TypeScript

Simple obfuscation tool

Python library and CLI for the Bug Bounty Recon API

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Poor (rich?) man's bug bounty pipeline

Domain-Specific Fuzzing with Waypoints

coverage guided fuzz testing for java

An open source fuzzing framework for fun.

Fuzzinator Random Testing Framework

A list of useful payloads for Web Application Security and Pentest/CTF

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

ANTLR v4 grammar-based test generator

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

🔺 Red Team Hardware Toolkit 🔺

🏆 Collection of bugs uncovered by fuzzing Rust code

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

CLI to integrate continuous fuzzing with Fuzzit

🔓 Padding oracle attack against PKCS7 🔓

A tool to fastly get all javascript sources/files

WAScan - Web Application Scanner

CVE-2017-9506 - SSRF

Re-write of Injection for Xcode in (mostly) Swift

Source code for Hacker101.com - a free online web and mobile security class.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.