WhatwafDetect and bypass web application firewalls and protection systems
Stars: ✭ 1,881 (+922.28%)
BlazyBlazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Stars: ✭ 637 (+246.2%)
Hoomanhttp interceptor to hoomanize cloudflare requests
Stars: ✭ 82 (-55.43%)
OpenwafWeb security protection system based on openresty
Stars: ✭ 563 (+205.98%)
PayloadHeadless CMS and Application Framework built with Node.js, React and MongoDB
Stars: ✭ 154 (-16.3%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+17785.33%)
UefiFast and lightweight yet another UEFI implementation
Stars: ✭ 79 (-57.07%)
WafWin Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.
Stars: ✭ 539 (+192.93%)
CuriefenseCuriefense is a unified, open source platform protecting cloud native applications.
Stars: ✭ 136 (-26.09%)
HerculesHERCULES is a special payload generator that can bypass antivirus softwares.
Stars: ✭ 526 (+185.87%)
ChimeraChimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (+151.63%)
CovertutilsA framework for Backdoor development!
Stars: ✭ 424 (+130.43%)
IroncladWeb Application Firewall (WAF) on Kubernetes
Stars: ✭ 58 (-68.48%)
Awesome Nginx Security🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Stars: ✭ 417 (+126.63%)
ArcanusARCANUS is a customized payload generator/handler.
Stars: ✭ 130 (-29.35%)
CloakCloak can backdoor any python script with some tricks.
Stars: ✭ 411 (+123.37%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+487.5%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+111.41%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+1322.28%)
RaasnetOpen-Source Ransomware As A Service for Linux, MacOS and Windows
Stars: ✭ 371 (+101.63%)
Awesome Waf🔥 Everything about web-application firewalls (WAF).
Stars: ✭ 4,047 (+2099.46%)
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-34.24%)
Htrace.shMy simple Swiss Army knife for http/https troubleshooting and profiling.
Stars: ✭ 3,465 (+1783.15%)
XwafxWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48 (-73.91%)
Padrino FrameworkPadrino is a full-stack ruby framework built upon Sinatra.
Stars: ✭ 3,310 (+1698.91%)
EnigmaMultiplatform payload dropper
Stars: ✭ 180 (-2.17%)
Botwall4jA botwall for Java web applications
Stars: ✭ 41 (-77.72%)
Gray hat csharp codeThis repository contains full code examples from the book Gray Hat C#
Stars: ✭ 301 (+63.59%)
DuckysparkTranslator from USB-Rubber-Ducky payloads to a Digispark code.
Stars: ✭ 107 (-41.85%)
CloudbunnyCloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Stars: ✭ 273 (+48.37%)
Openrasp🔥Open source RASP solution
Stars: ✭ 2,036 (+1006.52%)
SQL-XSSA few SQL and XSS attack tools
Stars: ✭ 29 (-84.24%)
TegrarcmguiC++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)
Stars: ✭ 965 (+424.46%)
WriteupsThis repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-66.85%)
Collection DocumentCollection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (+653.8%)
broomA disk cleaning utility for developers.
Stars: ✭ 38 (-79.35%)
Nem Apps LibSemantic Java API Library for NEM Platform
Stars: ✭ 16 (-91.3%)
litewafLightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-82.61%)
KaitenA Undetectable Payload Generation
Stars: ✭ 169 (-8.15%)
pakkeroPakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.
Stars: ✭ 143 (-22.28%)
MsfpcMSFvenom Payload Creator (MSFPC)
Stars: ✭ 808 (+339.13%)
Horus-EyeJust Simple Code To Play With Android Payloads (;
Stars: ✭ 54 (-70.65%)
Awesome Cloud SecurityCurated list of awesome cloud security blogs, podcasts, standards, projects, and examples.
Stars: ✭ 98 (-46.74%)
certexfilExfiltration based on custom X509 certificates
Stars: ✭ 18 (-90.22%)
payloadPSR-15 middleware to parse the body of the request with support for json, csv and url-encode
Stars: ✭ 30 (-83.7%)
ProtonProton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-22.83%)
PupyPupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Stars: ✭ 6,737 (+3561.41%)
Docker WafAn NGINX and ModSecurity based Web Application Firewall for Docker
Stars: ✭ 181 (-1.63%)
HackapkAn Advanced Tool For Complete Apk-Modding In Termux ...
Stars: ✭ 180 (-2.17%)
AboutsecurityA list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-9.78%)
CidramCIDRAM: Classless Inter-Domain Routing Access Manager.
Stars: ✭ 86 (-53.26%)