863 Open source projects that are alternatives of or similar to PayloadsAll

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Powerfull XSS Scanning and Parameter analysis tool&gem

Vulnerability Recurrence:漏洞复现记录

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Awesome Writeups and POCs

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Hacking tools

Source code for Hacker101.com - a free online web and mobile security class.

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Top disclosed reports from HackerOne

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Open Redirect Payloads

A list of interesting payloads, tips and tricks for bug bounty hunters.

Vulnerability Dashboard

NodeJS Red-Team Cheat Sheet

Notes about attacking Jenkins servers

Pentest: Subdomains enumeration tool for penetration testers.

NTP Doser is a NTP Amplification DoS/DDoS attack tool for penttesting

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

Gosint is a distributed asset information collection and vulnerability scanning platform

Some of my public exploits

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

rsGen is a Reverse Shell Payload Generator for hacking.

RAS(RAndom Subdomain) Fuzzer

A tool for generating reverse shell payloads on the fly.

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Tiny Sentry client with idiomatic wrapper for Angular

log4j rce test environment and poc

Send notifications on different channels such as Slack, Telegram, Discord etc.

Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.

Quick SQL Scanner, Dorker, Webshell injector PHP

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

Transcribed video lessons of HackerOne to pdf's

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial environments. This repo is a mirror of https://gitlab.com/d0ubl3g/industrial-security-auditing-framework.

An unofficial wrapper for the HackerOne API

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

An Extended, Modulair, Host Discovery Framework

GitHub Action to run `npm audit`

Information Security Library

A CLI tool to interact with hackerone.com. This was my submission for HackerOne's Summer 2018 Hack Day.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

This Python script can be used to bypass IP source restrictions using HTTP headers.

Nuclei Templates to reproduce Cracking the lens's Research

VNC pentest tool with bruteforce and ducky script execution features

🖖 Fast, modern, easy-to-use network scanner

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

Bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits

generates weak passwords based on current date

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)