TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

updated at June 7, 2024, 8:53 a.m.

125 +0

1,746 +1

388 +0

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

updated at June 7, 2024, 2:05 p.m.

267 +0

5,410 +14

1,181 +3

certificate-transparency by google

Auditing for TLS certificates.

updated at June 7, 2024, 2:28 p.m.

103 +0

868 +2

282 -1

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

updated at June 7, 2024, 2:52 p.m.

86 +0

3,575 +15

413 +1

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

updated at June 7, 2024, 3:44 p.m.

39 +0

769 +1

163 +0

weevely3 by epinna

Weaponized web shell

updated at June 7, 2024, 4:26 p.m.

132 +0

3,101 +5

600 +1

AwesomeXSS by UltimateHackers

Awesome XSS stuff

updated at June 7, 2024, 5:24 p.m.

240 +0

4,673 +7

759 +1

awesome-cve-poc by qazbnm456

✍️ A curated list of CVE PoCs.

updated at June 7, 2024, 10:14 p.m.

322 +0

3,250 +1

719 +0

Astra by flipkart-incubator

Automated Security Testing For REST API's

updated at June 8, 2024, 12:25 a.m.

86 +0

2,440 +1

389 +0

wfuzz by xmendez

Web application fuzzer

updated at June 8, 2024, 2:52 a.m.

168 +0

5,712 +18

1,333 +1

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

updated at June 8, 2024, 6:38 a.m.

103 +0

2,159 +1

436 +0

dirhunt by Nekmo

Find web directories without bruteforce

updated at June 8, 2024, 9:09 a.m.

35 +0

1,718 +2

237 +0

social_mapper by Greenwolf

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

updated at June 8, 2024, 10:17 a.m.

227 +0

3,710 +5

784 -1

command-injection-payload-list by payloadbox

🎯 Command Injection Payload List

updated at June 8, 2024, 10:23 a.m.

72 +0

2,719 +12

599 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

updated at June 8, 2024, 10:41 a.m.

157 +1

9,696 +19

9,622 +55

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

updated at June 8, 2024, 12:40 p.m.

24 +0

1,033 +1

283 +0

domain_analyzer by eldraco

Analyze the security of any domain by finding all the information possible. Made in python.

updated at June 8, 2024, 12:46 p.m.

83 +0

1,840 +1

245 +0

webshell by tennc

This is a webshell open source project

updated at June 8, 2024, 3:40 p.m.

489 +0

9,854 +9

5,569 +6

fuzzdb by fuzzdb-project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

updated at June 8, 2024, 4:41 p.m.

367 +0

8,015 +14

2,085 +2

sql-injection-payload-list by payloadbox

🎯 SQL Injection Payload List

updated at June 8, 2024, 4:46 p.m.

91 +0

4,470 +20

1,096 +4