507 Open source projects that are alternatives of or similar to Xray

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Security-related PHP7 OPcache abuse tools and demo

Lightweight In-App Web Application Firewall for PHP

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Misc. Public Reports of Penetration Testing and Security Audits.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

hacker, ready for more of our story ! 🚀

Extraction of iMessage Data via XSS

JAVA 漏洞靶场 (Vulnerability Environment For Java)

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

用cel-go重现了长亭xray的poc检测功能的轮子

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Poc Collected for study and develop

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

CVE-2020-11651: Proof of Concept

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

Powerful dork searcher and vulnerability scanner for windows platform

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Juniper Junos Space (CVE-2020-1611) (PoC)

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

XSS in pastebin.com and reddit.com via unsanitized markdown output

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

XSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/

A few SQL and XSS attack tools

Hacking tools

Web-Security-Learning

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

🔪Browser logic vulnerabilities ☠️

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Source code for Hacker101.com - a free online web and mobile security class.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Audit tool to find common vulnerabilities in PHP source code

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

SQL Injection Payload List

Go Web Application Penetration Test

Proofs-of-concept

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Proactively protect your Node.js web services

0day安全_软件漏洞分析技术

Auto Scanning to SSL Vulnerability

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Top disclosed reports from HackerOne

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

Automatic SQL injection and database takeover tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.

Apache Solr Injection Research

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

cwe_checker finds vulnerable patterns in binary executables