735 Open source projects that are alternatives of or similar to Proof Of Concepts

Misc. Public Reports of Penetration Testing and Security Audits.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

POC de uma aplicação de domínio financeiro.

Astra is a tool to find URLs and secrets inside a webpage/files

XSS in pastebin.com and reddit.com via unsanitized markdown output

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

用cel-go重现了长亭xray的poc检测功能的轮子

Multi Tool Subdomain Enumeration

IOTA Proof of Concept, store MQTT messages on the tangle.

Information Security Library

goverview - Get an overview of the list of URLs

GZip HTTP Bombing in Python for everyone

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Microarchitectural exploitation and other hardware attacks.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

A big list of Android Hackerone disclosed reports and other resources.

Proofs-of-concept

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

RFD Checker - security CLI tool to test Reflected File Download issues

Scan for open AWS S3 buckets and dump the contents

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Turn your VPS into an attack box

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Related subdomains finder

Little Bug Bounty & Hacking Tools⚔️

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Various proofs of concept examples using Github Actions 🤖

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

sub domain wild card filtering tool

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

A Tool for Domain Flyovers

Secret and/ credential patterns used for gf.

Awesome cloud enumerator

Pentest: Subdomains enumeration tool for penetration testers.

Hetty is an HTTP toolkit for security research.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Intelligence tool but without API key

🎯 XML External Entity (XXE) Injection Payload List

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Web path scanner

The fastest dork scanner written in Go.

The Swiss Army knife for automated Web Application Testing

This challenge is Inon Shkedy's 31 days API Security Tips.

Subdomain Takeover tool written in Go

A collection of response templates for invalid bug bounty reports.

all manner of wordlists

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Hacking tools

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️