573 Open source projects that are alternatives of or similar to Rfi Lfi Payload List

🎯 XML External Entity (XXE) Injection Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 SQL Injection Payload List

🎯 Server Side Template Injection Payloads

A Tool for Domain Flyovers

Full Nuclei automation script with logic explanation.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Some good resources for getting started with application security

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

🎯 Command Injection Payload List

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

🎯 Open Redirect Payload List

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Git All the Payloads! A collection of web attack payloads.

XSS Payload without Anything.

Little Bug Bounty & Hacking Tools⚔️

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

It's a Docker Environment for pentesting which having all the required tool for VAPT.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

A python tool to check subdomain takeover vulnerability

Next generation web scanner

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

平常看到好的渗透hacking工具和多领域效率工具的集合

One-click installer for Frida and Burp certs for SSL Pinning bypass

The purpose of this tool is to test the window10 defender protection and also other antivirus protection.

GitHub Action to set up Fortify ScanCentral Client

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

A list of interesting payloads, tips and tricks for bug bounty hunters.

Repositório com conteúdo sobre web hacking em português

A collection of awesome one-liner scripts especially for bug bounty tips.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

A Powerful Subdomain Takeover Tool

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

All about bug bounty (bypasses, payloads, and etc)

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Subdomain Takeover tool written in Go

Penetration tests guide based on OWASP including test cases, resources and examples.

Collection of Facebook Bug Bounty Writeups

This challenge is Inon Shkedy's 31 days API Security Tips.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.