FOCA by ElevenPaths

Tool to find metadata and hidden information in the documents.

updated at May 25, 2024, 10:45 p.m.

141 +0

2,780 +11

530 +0

xss-payload-list by payloadbox

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

updated at May 25, 2024, 10:24 p.m.

139 +0

5,739 +33

1,586 +7

mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

updated at May 25, 2024, 10:21 p.m.

623 +0

34,681 +83

3,913 +5

singularity by nccgroup

A DNS rebinding attack framework.

updated at May 25, 2024, 10:01 p.m.

32 +0

976 +1

135 +0

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

updated at May 25, 2024, 9:41 p.m.

86 +0

3,543 +7

412 +0

bug-bounty-reference by ngalongc

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

updated at May 25, 2024, 9:24 p.m.

242 +0

3,616 +5

977 +2

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

updated at May 25, 2024, 9:08 p.m.

117 -2

9,692 +28

1,408 +1

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

updated at May 25, 2024, 8:46 p.m.

265 +0

8,284 +11

1,243 +1

beef by beefproject

The Browser Exploitation Framework Project

updated at May 25, 2024, 7:54 p.m.

438 +0

9,436 +15

2,069 +5

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

updated at May 25, 2024, 7:32 p.m.

162 +1

4,368 +10

796 +0

fuzz.txt by Bo0oM

Potentially dangerous files

updated at May 25, 2024, 4:48 p.m.

85 +0

2,803 +5

476 +0

command-injection-payload-list by payloadbox

🎯 Command Injection Payload List

updated at May 25, 2024, 4:16 p.m.

72 +0

2,693 +12

595 +3

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

updated at May 25, 2024, 3:38 p.m.

267 +0

5,393 +16

1,178 +0

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

updated at May 25, 2024, 3:13 p.m.

117 +0

5,114 +4

631 +0

subDomainsBrute by lijiejie

A fast sub domain brute tool for pentesters

updated at May 25, 2024, 8:09 a.m.

116 +0

3,392 +4

1,009 +0

AwesomeXSS by UltimateHackers

Awesome XSS stuff

updated at May 25, 2024, 8:08 a.m.

240 +0

4,663 +7

755 +0

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

updated at May 25, 2024, 3:49 a.m.

14 +0

585 +1

103 +0

ReconDog by UltimateHackers

Reconnaissance Swiss Army Knife

updated at May 25, 2024, 12:38 a.m.

82 +0

1,717 +2

335 +0

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

updated at May 24, 2024, 8:38 p.m.

149 +0

3,042 +0

278 +0

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

updated at May 24, 2024, 8:18 p.m.

153 +1

15,400 +27

1,326 +1