551 Open source projects that are alternatives of or similar to Xrcross

Sample vulnerable code and its exploit code

bash scripting thing !

yotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage

Audit tool to find common vulnerabilities in PHP source code

Cross Origin Resource Sharing MisConfiguration Scanner

The unofficial HackerOne disclosure Timeline

CORS "anywhere" proxy in a Cloudflare worker. DEMO at: https://test.cors.workers.dev/

🎢Preview html file in your default browser

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Automating XSS using Bash

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

One way to continuously monitor sensitive information that could be exposed on Github

A tool to check a bunch of URLs that contain reflecting params.

🔺 Red Team Hardware Toolkit 🔺

A Colab For Bug Hunting!

DNS-Discovery is a multithreaded subdomain bruteforcer.

The NelmioCorsBundle allows you to send Cross-Origin Resource Sharing headers with ACL-style per-URL configuration.

A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on flask-cors by Cory Dolphin.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Cloudflare Workers

CORS support for aiohttp

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Collection of Facebook Bug Bounty Writeups

CORS plugin for egg

exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts

Albatar is a SQLi exploitation framework in Python

Create React + Redux app structure with build configurations ✨

Striker is an offensive information and vulnerability scanner.

Cross Origin Resource Sharing middleware for gin-gonic

my oscp prep collection

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

CVE-2017-9506 - SSRF

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Node.js + ExpressJS + Joi + Typeorm + Typescript + JWT + ES2015 + Clustering + Tslint + Mocha + Chai

👀 Some of my favorite OSINT tools.

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

Ecommerce application back-end codes

A curated list of various bug bounty tools

🛠 Tools and scripts to manipulate Android APKs

Secret and/ credential patterns used for gf.

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

SIEM Tactics, Techiques, and Procedures

In-depth Attack Surface Mapping and Asset Discovery

Nodefony Starter Node.js Framework

Scan for open AWS S3 buckets and dump the contents

Automated NoSQL database enumeration and web application exploitation tool.

reverse proxy with CORS headers.

Scans a list of websites for Cloudfront or S3 Buckets

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Automatic Service Enumeration Script

Penetration tests guide based on OWASP including test cases, resources and examples.

Automation for internal Windows Penetrationtest / AD-Security

Complete PHP-based Login/Registration system, Profile system, Chat room, Forum system and Blog/Polls/Event Management System.