523 Open source projects that are alternatives of or similar to Virtual-Host

Nuclei Templates to reproduce Cracking the lens's Research

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Full Nuclei automation script with logic explanation.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Extract server and IP address information from Browser SSRF

A curated list of various bug bounty tools

Running nuclei Continuously

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Making Favicon.ico based Recon Great again !

Python library and CLI for the Bug Bounty Recon API

A list of resources for those interested in getting started in bug bounties

Some contributions in the nuclei-templates repository

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Good resources about web security that I have read.

Cross platform community web fingerprint identification tool

nuclei framework scripts

Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

In this repository I intend to keep configuration files that I deem important, in addition to the theme customizations that I make to have a consistent working environment.

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

侦查守卫(ObserverWard)的指纹库

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Pentest/BugBounty progress control with scanning modules

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker.

goverview - Get an overview of the list of URLs

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Http request smuggling vulnerability scanner

Scan secrets from Continuous Integration Build Logs

Intentionally vulnerable Android application.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Astra is a tool to find URLs and secrets inside a webpage/files

Some personal exploits/pocs

Vacuum is a system-wide configuration file collector

Unleash the power of cloud

一些漏洞分析

Mass querying whois records

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

XSS Payload without Anything.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

国光的手把手带你用 SSRF 打穿内网靶场源码

Instructions and configuration files to deploy Authelia in Unraid OS using Docker + FreeIPA LDAP.

Tool to bypass 40X response codes.

Archivos de configuraciones de i3

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Signatures for jaeles scanner by @j3ssie

Jenkins plugin to administrate the maven settings (settings.xml).

The knife of the Admin & Security auditor

A ruby gem for defending against Server Side Request Forgery (SSRF) attacks

Little Bug Bounty & Hacking Tools⚔️