BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+955.95%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+294.05%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+217.86%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-71.43%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (+14.29%)
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+7302.38%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+594.05%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (+36.9%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+73.81%)
diwaA Deliberately Insecure Web Application
Stars: ✭ 32 (-61.9%)
SQL-XSSA few SQL and XSS attack tools
Stars: ✭ 29 (-65.48%)
T1tl3A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Stars: ✭ 14 (-83.33%)
GowaptGo Web Application Penetration Test
Stars: ✭ 300 (+257.14%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+1060.71%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1059.52%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+188.1%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+3015.48%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-38.1%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-72.62%)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-69.05%)
NIST-to-TechAn open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-27.38%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+250%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (+25%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-60.71%)
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
Stars: ✭ 26 (-69.05%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-54.76%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (+1.19%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+172.62%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+269.05%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+572.62%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (+122.62%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+908.33%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+1116.67%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+841.67%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (+41.67%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (+34.52%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+3466.67%)
gwdomainssub domain wild card filtering tool
Stars: ✭ 38 (-54.76%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-30.95%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+186.9%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+69.05%)
gradejsGradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Stars: ✭ 362 (+330.95%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-65.48%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (+104.76%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (+147.62%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-63.1%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (+10.71%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-28.57%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+1466.67%)
MyriamA vulnerable iOS App with Security Challenges for the Security Researcher inside you.
Stars: ✭ 146 (+73.81%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+14478.57%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+469.05%)