304 Open source projects that are alternatives of or similar to Ssrf Sheriff

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Tool for catching and logging different types of requests.

Repositório com conteúdo sobre web hacking em português

The unofficial HackerOne disclosure Timeline

Awesome Vulnerable Applications

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Decode All Bases - Base Scheme Decoder

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

CVE-2017-9506 - SSRF

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Scanning APK file for URIs, endpoints & secrets.

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

A Colab For Bug Hunting!

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Automated NoSQL database enumeration and web application exploitation tool.

A passive subdomain finder

A note-taking macOS app for penetration-testers.

Change monitoring app that checks the content of web pages in different periods.

Your Google Recon is Now Automated

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

A tool to check a bunch of URLs that contain reflecting params.

Poor (rich?) man's bug bounty pipeline

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Collection of Facebook Bug Bounty Writeups

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

🎯 Server Side Template Injection Payloads

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

A tool to automate the boring process of APK recon

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

An OSINT tool to find contacts in order to report security vulnerabilities.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

Default signature for Jaeles Scanner

Cross-site scripting labs for web application security enthusiasts

Tutorials and Things to Do while Hunting Vulnerability.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Cross Origin Resource Sharing MisConfiguration Scanner

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Automating XSS using Bash

Python library and CLI for the Bug Bounty Recon API

DNS-Discovery is a multithreaded subdomain bruteforcer.

A tool to fastly get all javascript sources/files

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Rockyou for web fuzzing

🎯 RFI/LFI Payload List

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

🔺 Red Team Hardware Toolkit 🔺