BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+14.48%)
Burp ExporterExporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.
Stars: ✭ 122 (-67.29%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-58.18%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-49.87%)
InqlInQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (+91.69%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-56.57%)
PwnbackBurp Extender plugin that generates a sitemap of a website using Wayback Machine
Stars: ✭ 203 (-45.58%)
PolichombrCollaborative malware analysis framework
Stars: ✭ 307 (-17.69%)
Impost3r👻Impost3r -- A linux password thief
Stars: ✭ 355 (-4.83%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-21.72%)
Cheatsheet GodPenetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+843.97%)
RaptorWeb-based Source Code Vulnerability Scanner
Stars: ✭ 314 (-15.82%)
Ethereum ListsA repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
Stars: ✭ 300 (-19.57%)
SpicypassA light-weight password manager with a focus on simplicity and security
Stars: ✭ 367 (-1.61%)
HeraldingCredentials catching honeypot
Stars: ✭ 297 (-20.38%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-7.51%)
OffensivedlrToolbox containing research notes & PoC code for weaponizing .NET's DLR
Stars: ✭ 364 (-2.41%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-22.79%)
UnsignRemove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)
Stars: ✭ 362 (-2.95%)
Syzkallersyzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+929.76%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+839.14%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+809.12%)
Ssh Mitmssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation
Stars: ✭ 335 (-10.19%)
CloudfruntA tool for identifying misconfigured CloudFront domains
Stars: ✭ 281 (-24.66%)
Kube Psp AdvisorHelp building an adaptive and fine-grained pod security policy
Stars: ✭ 280 (-24.93%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1122.79%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-1.61%)
BurpdeveltrainingMaterial for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
Stars: ✭ 302 (-19.03%)
KatanaA Python Tool For google Hacking
Stars: ✭ 355 (-4.83%)
DotdotslashSearch for Directory Traversal Vulnerabilities
Stars: ✭ 297 (-20.38%)
Rustscan🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+1298.93%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+908.85%)
BurpcryptoBurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (-6.17%)
RmiscoutRMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
Stars: ✭ 296 (-20.64%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-2.68%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-8.85%)
SusanooA REST API security testing framework.
Stars: ✭ 287 (-23.06%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-1.88%)
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+831.1%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (-3.22%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-25.2%)
Htrace.shMy simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+828.95%)
DgfraudA Deep Graph-based Toolbox for Fraud Detection
Stars: ✭ 281 (-24.66%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-3.49%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+757.37%)
Certificates🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Stars: ✭ 3,693 (+890.08%)
ReconnoteWeb Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: ✭ 322 (-13.67%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (-25.47%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-27.35%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (-3.75%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-28.42%)