2005 Open source projects that are alternatives of or similar to Jwtxploiter

Gorsair hacks its way into remote docker containers that expose their APIs

JWT lib in rust

A collection of hacking / penetration testing resources to make you better!

Awesome hacking is an awesome collection of hacking tools.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.

Automatically Launch Google Hacking Queries Against A Target Domain

Useful tools and scripts during Penetration Testing engagements

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

红队综合渗透框架

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

🆕 The Multi-Tool Web Vulnerability Scanner.

Find exploit tool

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

🔨 A modern multiple reverse shell sessions manager wrote in go

Automate Pentest Tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Pentest environment deployer (kali linux + targets) using vagrant and chef.

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

JWT auth service using Spring Boot, Spring Security and MySQL

Webshell Manager

针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具

Ruby on Rails Phishing Framework

一个基于 Koa 的 RESTful API 服务脚手架。 A RESTful API generator for Koa

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

🐶 A curated list of Web Security materials and resources.

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

jSQL Injection is a Java application for automatic SQL database injection.

A default credential scanner.

An HTTP/HTTPS intercept proxy written in Go.

JSON Web Token based Authentication powered by Keycloak

Burp extension to passively scan for applications revealing software version numbers

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

无状态子域名爆破工具

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

基于SpringBoot+Shiro+Redis+Jwt+Thymeleaf+MyBatis 开发的后台用户、角色、权限、会员管理、RestFul、Token和前台用户登录注册以及前后台用户分离的脚手架，技术交流请加QQ群：805442966

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Nest + Sequelize + jwt

Find web directories without bruteforce

A Cloudflare resolver that works

Penetration test Achieve Knowledge Unite Rapid Interface

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

The Last Web Recon Tool You'll Need

Automatic SSRF fuzzer and exploitation tool

ODAT: Oracle Database Attacking Tool

VOIP Security Audit Framework

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Privilege Escalation Enumeration Script for Windows

Burp Suite extension to passively scan for applications revealing server error messages

A JSON file RESTful API with authorization based on json-server

Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies

Browse and search through nmap's NSE scripts.