1805 Open source projects that are alternatives of or similar to Xxe Injection Payload List

🎯 SQL Injection Payload List

🎯 RFI/LFI Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

🎯 Server Side Template Injection Payloads

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Git All the Payloads! A collection of web attack payloads.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Web path scanner

Awesome cloud enumerator

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Hawkeye filesystem analysis tool

Wireshark Cheat Sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A concise, directive, specific, flexible, and free incident response plan template

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Asynchronous Python implementation of SlowLoris DoS attack

🎯 Open Redirect Payload List

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

An ongoing list of virtual cybersecurity conferences.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Repositório com conteúdo sobre web hacking em português

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Python library and CLI for the Bug Bounty Recon API

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

The all-in-one Red Team extension for Web Pentester 🛠

A Tool for Domain Flyovers

A permutation generation tool written in golang

A collection of some of my scripts

Subdomain Takeover tool written in Go

This challenge is Inon Shkedy's 31 days API Security Tips.

平常看到好的渗透hacking工具和多领域效率工具的集合

A list of interesting payloads, tips and tricks for bug bounty hunters.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Pentest: Subdomains enumeration tool for penetration testers.

Related subdomains finder

The Swiss Army knife for automated Web Application Testing

Little Bug Bounty & Hacking Tools⚔️

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Information Security Library

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Subdomain takeover vulnerability checker

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Astra is a tool to find URLs and secrets inside a webpage/files

goverview - Get an overview of the list of URLs

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

XSS Payload without Anything.

🔑 Hash type identifier (CLI & lib)

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.

The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.

This document proposes a way of standardising the structure, language, and grammar used in security policies.