PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✠32,909 (+7716.86%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✠2,617 (+521.62%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✠167 (-60.33%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✠1,316 (+212.59%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✠1,022 (+142.76%)
ChimeraChimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✠463 (+9.98%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✠150 (-64.37%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✠45 (-89.31%)
DirsearchWeb path scanner
Stars: ✠7,246 (+1621.14%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✠427 (+1.43%)
BrutalPayload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✠678 (+61.05%)
maalikFeature-rich Post Exploitation Framework with Network Pivoting capabilities.
Stars: ✠75 (-82.19%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✠760 (+80.52%)
AwsbucketdumpSecurity Tool to Look For Interesting Files in S3 Buckets
Stars: ✠1,021 (+142.52%)
GivingstormInfection vector that bypasses AV, IDS, and IPS. (For now...)
Stars: ✠72 (-82.9%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✠182 (-56.77%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✠119 (-71.73%)
centCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✠315 (-25.18%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✠187 (-55.58%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✠53 (-87.41%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✠297 (-29.45%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✠3,391 (+705.46%)
xecaPowerShell payload generator
Stars: ✠103 (-75.53%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✠96 (-77.2%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✠767 (+82.19%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✠62 (-85.27%)
Sn1perAttack Surface Management Platform | Sn1perSecurity LLC
Stars: ✠4,897 (+1063.18%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✠162 (-61.52%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✠140 (-66.75%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✠183 (-56.53%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✠1,928 (+357.96%)
hinjectHost Header Injection Checker
Stars: ✠64 (-84.8%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✠189 (-55.11%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✠3,439 (+716.86%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✠44 (-89.55%)
LscriptThe LAZY script will make your life easier, and of course faster.
Stars: ✠3,056 (+625.89%)
ArmorArmor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.
Stars: ✠228 (-45.84%)
Loki.RatLoki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.
Stars: ✠63 (-85.04%)
LnkupGenerates malicious LNK file payloads for data exfiltration
Stars: ✠205 (-51.31%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✠142 (-66.27%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✠294 (-30.17%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✠3,873 (+819.95%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✠478 (+13.54%)
badcharsBad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.
Stars: ✠178 (-57.72%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✠58 (-86.22%)
bug-bountyMy personal bug bounty toolkit.
Stars: ✠127 (-69.83%)
PassivehunterSubdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Stars: ✠83 (-80.29%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✠208 (-50.59%)
HostPanicFind host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Stars: ✠23 (-94.54%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✠31 (-92.64%)
window-ratThe purpose of this tool is to test the window10 defender protection and also other antivirus protection.
Stars: ✠59 (-85.99%)
DeadDNSDNS hijacking via dead records automation tool
Stars: ✠44 (-89.55%)
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
Stars: ✠56 (-86.7%)