573 Open source projects that are alternatives of or similar to Rfi Lfi Payload List

A Powerful Subdomain Takeover Tool

Credentials Checking Framework

All about bug bounty (bypasses, payloads, and etc)

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

This challenge is Inon Shkedy's 31 days API Security Tips.

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Penetration tests guide based on OWASP including test cases, resources and examples.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Subdomain Takeover tool written in Go

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

A Continuous Threat Modeling methodology

SMB Relay Attack Script

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Vulnerability Database | huntr.dev

A simple Java command-line utility to mirror the CVE JSON data from NIST.

RubberDucky like payloads for DigiSpark Attiny85

Automated NoSQL database enumeration and web application exploitation tool.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

A tool to fastly get all javascript sources/files

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A Undetectable Payload Generation

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

ARCANUS is a customized payload generator/handler.

Python library and CLI for the Bug Bounty Recon API

A tool to test security of json web token

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Poor (rich?) man's bug bounty pipeline

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

A tool to automate the boring process of APK recon

Curating the best DevSecOps resources and tooling.

The all-in-one Red Team extension for Web Pentester 🛠

备考 OSCP 的各种干货资料/渗透测试干货资料

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A note-taking macOS app for penetration-testers.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Multiplatform payload dropper

🔺 Red Team Hardware Toolkit 🔺

Cross-site scripting labs for web application security enthusiasts

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A permutation generation tool written in golang

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

An Advanced Tool For Complete Apk-Modding In Termux ...

This project is about creating and publishing threat model examples.

bash scripting thing !

Your Google Recon is Now Automated