863 Open source projects that are alternatives of or similar to PayloadsAll

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

BugBounty Tool

Credentials Checking Framework

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Misc. Public Reports of Penetration Testing and Security Audits.

Penetration tests guide based on OWASP including test cases, resources and examples.

Common Web Managers Fuzz Wordlists

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

RFD Checker - security CLI tool to test Reflected File Download issues

🎯 Server Side Template Injection Payloads

Find exploits in local and online databases instantly

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Turn your VPS into an attack box

XSS in pastebin.com and reddit.com via unsanitized markdown output

Source code for Hacker101.com - a free online web and mobile security class.

Apache Solr Injection Research

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

🎯 RFI/LFI Payload List

🎯 Command Injection Payload List

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Automatic SSRF fuzzer and exploitation tool

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

All about bug bounty (bypasses, payloads, and etc)

This challenge is Inon Shkedy's 31 days API Security Tips.

🎯 SQL Injection Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Tool for catching and logging different types of requests.

Powerfull XSS Scanning and Parameter analysis tool&gem

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Related subdomains finder

Vulnerability Dashboard

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Automated Red Team Infrastructure deployement using Docker

汽车/安卓/固件/代码安全测试工具集

Awesome Writeups and POCs

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

DoS PoC's for SAP products

NodeJS Red-Team Cheat Sheet

Top disclosed reports from HackerOne

Notes about attacking Jenkins servers

Tutorials and Things to Do while Hunting Vulnerability.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Ruby library for interacting with Bugcrowd's VRT

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Vulnerability Recurrence:漏洞复现记录