1369 Open source projects that are alternatives of or similar to Phpvuln

Web Application Security Scanner Framework

Source code for Hacker101.com - a free online web and mobile security class.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Hacking tools

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Next generation web scanner

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Automated NoSQL database enumeration and web application exploitation tool.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

List of every possible vulnerabilities in computer security.

Git All the Payloads! A collection of web attack payloads.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Idiomatic nmap library for go developers

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of hacking / penetration testing resources to make you better!

Automated Penetration Testing Framework

nodejs + express security and performance boilerplate.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

xWAF 3.0 - Free Web Application Firewall, Open-Source.

vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Asynchronous Python implementation of SlowLoris DoS attack

An HTTP/HTTPS intercept proxy written in Go.

Learning Penetration Testing of Android Applications

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

pentest framework

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Here you can get full exploit for SAP NetWeaver AS JAVA

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

Penetration Testing Platform

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

🔪 Leak git repositories from misconfigured websites

massive SQL injection vulnerability scanner

It's a simple tool for test vulnerability shellshock

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

🛡️ GitHub Action for security audits

Penetration tests guide based on OWASP including test cases, resources and examples.

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

SSH man-in-the-middle tool

Don't let buffer overflows overflow your mind

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Collection of quality safety articles. Awesome articles.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Content for hackingthe.cloud

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

my oscp prep collection

Study Notes For Web Hacking / Web安全学习笔记

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration