573 Open source projects that are alternatives of or similar to Rfi Lfi Payload List

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

PHP Security Check List [ EN ] 🌋 ☣️

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Pentest/BugBounty progress control with scanning modules

A Fast Broken Link Hijacker Tool written in Python

Good resources about web security that I have read.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A tool to automate the boring process of APK recon

Image Payload Creating/Injecting tools

List of considerations for commerce site auditing and security teams. This is summary of action points and areas that need to be built into the Techinical Specific Document, or will be checked in the Security testing phases.

Powerfull XSS Scanning and Parameter analysis tool&gem

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Security tool to quickly audit Public Box files and folders.

A note-taking macOS app for penetration-testers.

Making Favicon.ico based Recon Great again !

🦄🔒 Awesome list of secrets in environment variables 🖥️

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

SQL Injection Payload List

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

OpenSSL对称算法、哈希校验、非对称算法、证书管理、SSL安全

A curated list of various bug bounty tools

Automated Red Team Infrastructure deployement using Docker

Open Redirect scanner - (out of date)

Powerful Visual Subdomain Enumeration at the Click of a Mouse

🖇 Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline

websocket-connection-smuggler

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Multiplatform payload dropper

Python antivirus evasion tool

No description or website provided.

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Remote exploitation framework written in Python

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Misc. Public Reports of Penetration Testing and Security Audits.

Automatically brute force all services running on a target.

A permutation generation tool written in golang

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

Secret and/ credential patterns used for gf.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Vendor-Neutral Security Tool Automation Controller (over REST)

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

A tool for testing subdomain takeover possibilities at a mass scale.

anewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew

Your Google Recon is Now Automated

An HTTP/HTTPS intercept proxy written in Go.

CVE-2017-9506 - SSRF

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

A polyglot payload generator

Hacking tools

HERCULES is a special payload generator that can bypass antivirus softwares.

Scan for open AWS S3 buckets and dump the contents

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Writing custom backdoor payloads with C# - Defcon 27 Workshop

Scans a list of websites for Cloudfront or S3 Buckets

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.