1619 Open source projects that are alternatives of or similar to Websocket Connection Smuggler

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

Awesome Vulnerable Applications

Hacking tools

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Automatically brute force all services running on a target.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

🔺 Red Team Hardware Toolkit 🔺

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

OSINT

This repository created for personal use and added tools from my latest blog post.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

A tool to fastly get all javascript sources/files

Making Favicon.ico based Recon Great again !

The Swiss Army knife for automated Web Application Testing

Web path scanner

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

Repositório com conteúdo sobre web hacking em português

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Your Google Recon is Now Automated

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

平常看到好的渗透hacking工具和多领域效率工具的集合

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Powerfull XSS Scanning and Parameter analysis tool&gem

🎯 SQL Injection Payload List

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Automated Red Team Infrastructure deployement using Docker

🎯 XML External Entity (XXE) Injection Payload List

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Automated NoSQL database enumeration and web application exploitation tool.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.

👽 Open source API development ecosystem https://hoppscotch.io

Python library and CLI for the Bug Bounty Recon API

Awesome cloud enumerator

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Rockyou for web fuzzing

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

A shell script that automatically performs a series of *NIX enumeration tasks.

Simple JUnit rule for overriding RxJava/RxAndroid schedulers during unit tests

This repository contains some of the executables that I've cracked.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Speedhack coded in C++, inspired by Cheat Engine's own speedhack.

Client not paid ? This is the solution of your problem

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Benchmarking tool to stress real-time protocols

一个基于threejs的3d贪吃蛇游戏

Cross platform filtering HTTP/S proxy based on .NET Standard 2.0.

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

Websocket chat room written in PHP based on workerman.