DirsearchWeb path scanner
Stars: ✭ 7,246 (+6800.95%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-86.67%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (+95.24%)
Public Bugbounty ProgramsCommunity curated list of public bug bounty and responsible disclosure programs.
Stars: ✭ 233 (+121.9%)
reFlutterFlutter Reverse Engineering Framework
Stars: ✭ 698 (+564.76%)
ImagejsSmall tool to package javascript into a valid image file.
Stars: ✭ 828 (+688.57%)
swiss-bugbounty-programsList of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
Stars: ✭ 25 (-76.19%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+2546.67%)
cf-checkCloudFlare Checker written in Go
Stars: ✭ 147 (+40%)
gosintGosint is a distributed asset information collection and vulnerability scanning platform
Stars: ✭ 344 (+227.62%)
ORtesterOpen Redirect scanner - (out of date)
Stars: ✭ 24 (-77.14%)
SitedorksSearch Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+110.48%)
SecurityExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: ✭ 301 (+186.67%)
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+658.1%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-66.67%)
DnsprobeDNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (+110.48%)
Webrtcxss利用XSS入侵内网(Use XSS automation Invade intranet)
Stars: ✭ 190 (+80.95%)
authz0🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: ✭ 248 (+136.19%)
targetsA collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-19.05%)
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+634.29%)
aneweranewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew
Stars: ✭ 46 (-56.19%)
PdlistA passive subdomain finder
Stars: ✭ 204 (+94.29%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-44.76%)
Xss PayloadsList of advanced XSS payloads
Stars: ✭ 696 (+562.86%)
TakeoverA tool for testing subdomain takeover possibilities at a mass scale.
Stars: ✭ 28 (-73.33%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+1052.38%)
Mad MetasploitMetasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (+90.48%)
ldapconsoleThe ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Stars: ✭ 25 (-76.19%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (+63.81%)
hack-pet🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Stars: ✭ 77 (-26.67%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (+86.67%)
InjectifyPerform advanced MiTM attacks on websites with ease 💉
Stars: ✭ 612 (+482.86%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✭ 53 (-49.52%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+80.95%)
flask-vulnPretty vulnerable flask app..
Stars: ✭ 23 (-78.1%)
webapp-wordlistsThis repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
Stars: ✭ 306 (+191.43%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (+80%)
recceDomain availbility checker
Stars: ✭ 30 (-71.43%)
xssmapIntelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (+1.9%)
GogitdumperDump exposed HTTP .git fast
Stars: ✭ 27 (-74.29%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+541.9%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (+74.29%)
Xssor2XSS'OR - Hack with JavaScript.
Stars: ✭ 1,969 (+1775.24%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+718.1%)
aparoidStatic and dynamic Android application security analysis
Stars: ✭ 62 (-40.95%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+35.24%)
SuperXSSMake XSS Great Again
Stars: ✭ 57 (-45.71%)
GraphDeeSmartContractSmart contract vulnerability detection using graph neural network (DR-GCN).
Stars: ✭ 84 (-20%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+129.52%)
XsstrikeMost advanced XSS scanner.
Stars: ✭ 9,822 (+9254.29%)
vulnerabilitiesList of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-86.67%)