551 Open source projects that are alternatives of or similar to Xrcross

The NelmioCorsBundle allows you to send Cross-Origin Resource Sharing headers with ACL-style per-URL configuration.

Deno.js CORS middleware.

A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on flask-cors by Cory Dolphin.

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Miscellaneous exploit code

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.

Cloudflare Workers

massive SQL injection vulnerability scanner

CORS support for aiohttp

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

SQL Vulnerability Scanner

Weblogic coherence.jar RCE

🎯 Server Side Template Injection Payloads

A tool to hunt for publicly accessible DigitalOcean Spaces

A Laravel 5.8 API Boilerplate to create a ready-to-use REST API in seconds.

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

No description or website provided.

exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts

Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.

Semi-automatic OSINT framework and package manager

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

Albatar is a SQLi exploitation framework in Python

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Create React + Redux app structure with build configurations ✨

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Mining parameters from dark corners of Web Archives

ecshop rce getshell

my oscp prep collection

commonspeak2 subdomains wordlist generated daily **DEPRECATED** The author(s) of commonspeak2 maintain an official repo with more lists. Please use it instead: https://github.com/assetnote/wordlists

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

NodeJS Red-Team Cheat Sheet

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

sub domain wild card filtering tool

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Some files for bruteforcing certain things.

bluekeep exploit

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

OSINT

REST API boilerplate using NodeJS and KOA2, typescript. Logging and JWT as middlewares. TypeORM with class-validator, SQL CRUD. Docker included. Swagger docs, actions CI and valuable README

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Para pencari bug / celah kemanan bisa bergabung.

🎯 SQL Injection Payload List

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

Network footprint scanner platform. Discover domains and run your custom checks periodically.

平常看到好的渗透hacking工具和多领域效率工具的集合

A CORS proxy in a container (Docker) for when you need to `Access-Control-Allow-Origin: *`!

Cross-site scripting labs for web application security enthusiasts

Extract API keys from file or url using by magic of python and regex.

A fast DOM based XSS vulnerability scanner with simplicity.

Hetty is an HTTP toolkit for security research.