WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: β 3,873 (+1562.23%)
Rebel FrameworkAdvanced and easy to use penetration testing framework π£π
Stars: β 183 (-21.46%)
Sherlock JsFind usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
Stars: β 153 (-34.33%)
Chaostools.jlTools for the exploration of chaos and nonlinear dynamics
Stars: β 77 (-66.95%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: β 292 (+25.32%)
PywerviewA (partial) Python rewriting of PowerSploit's PowerView
Stars: β 292 (+25.32%)
NolitsaA Python module implementing some standard algorithms used in nonlinear time series analysis
Stars: β 75 (-67.81%)
Jsfscan.shAutomation for javascript recon in bug bounty.
Stars: β 287 (+23.18%)
ShonyDanzaA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: β 86 (-63.09%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: β 62 (-73.39%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: β 85 (-63.52%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: β 148 (-36.48%)
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
Stars: β 56 (-75.97%)
ZileExtract API keys from file or url using by magic of python and regex.
Stars: β 61 (-73.82%)
Differerdifferer finds how URLs are parsed by different languages in order to help bug hunters break filters
Stars: β 56 (-75.97%)
ORtesterOpen Redirect scanner - (out of date)
Stars: β 24 (-89.7%)
Pyiris BackdoorPyIris-backdoor is a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems. It is now in the beta stage, possibly perpetually. There are bugs still present in the framework, feel free to contribute or help me out with this project its still under active development >_>
Stars: β 145 (-37.77%)
SecurityExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: β 301 (+29.18%)
FierceA DNS reconnaissance tool for locating non-contiguous IP space.
Stars: β 1,072 (+360.09%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: β 35 (-84.98%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: β 201 (-13.73%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: β 2,707 (+1061.8%)
SubjackSubdomain Takeover tool written in Go
Stars: β 1,194 (+412.45%)
SubzySubdomain takeover vulnerability checker
Stars: β 287 (+23.18%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: β 8,981 (+3754.51%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: β 24 (-89.7%)
authz0π Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: β 248 (+6.44%)
DeadtrapAn OSINT tool to gather information about the real owner of a phone number
Stars: β 73 (-68.67%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: β 507 (+117.6%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: β 175 (-24.89%)
Github ReconGitHub Recon β and what you can achieve with it!
Stars: β 47 (-79.83%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: β 182 (-21.89%)
Ssti Payloadsπ― Server Side Template Injection Payloads
Stars: β 150 (-35.62%)
Chaosπ₯ CHAOS is a Remote Administration Tool that allow generate binaries to control remote operating systems.
Stars: β 1,168 (+401.29%)
querytoolQuerytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.
Stars: β 104 (-55.36%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: β 1,928 (+727.47%)
DomainkerBugBounty Tool
Stars: β 40 (-82.83%)
Pcwt Stars: β 46 (-80.26%)
Ssrf SheriffA simple SSRF-testing sheriff written in Go
Stars: β 221 (-5.15%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: β 1,026 (+340.34%)
SeekerAccurately Locate Smartphones using Social Engineering
Stars: β 2,772 (+1089.7%)
nuubiNuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: β 76 (-67.38%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: β 1,022 (+338.63%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: β 1,210 (+419.31%)
Taie Bugbounty Killerζζε½ε
ε€ζΌζ΄εΉ³ε°εΏ
ε€ηθͺε¨εζ‘ι±θ΅ιζε·§οΌηδΊεΉΆε»εδΊζ‘ι±ε¦εζ°΄γ
Stars: β 175 (-24.89%)
ldapconsoleThe ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Stars: β 25 (-89.27%)
ksubdomainSubdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
Stars: β 320 (+37.34%)
Chaos Http ProxyIntroduce failures into HTTP requests via a proxy server
Stars: β 128 (-45.06%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: β 1,164 (+399.57%)
ProcspyPython tool that monitors and logs user-run commands on a Linux system for either offensive or defensive purposes..
Stars: β 272 (+16.74%)
CloudbruteAwesome cloud enumerator
Stars: β 268 (+15.02%)
MassdnsA high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Stars: β 2,093 (+798.28%)
FindsploitFind exploits in local and online databases instantly
Stars: β 1,160 (+397.85%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: β 257 (+10.3%)