fuzz.txt by Bo0oM

Potentially dangerous files

created at Jan. 19, 2016, 1:35 p.m.

85 +0

2,817 +2

476 -1

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

103 +0

2,157 -2

438 +0

CSS-Keylogging by maxchehab

Chrome extension and Express server that exploits keylogging abilities of CSS.

created at Feb. 20, 2018, 6:19 p.m.

97 +0

3,211 -1

432 +0

GitMiner by UnkL4b

Tool for advanced mining for content on Github

created at Feb. 27, 2016, 12:30 p.m.

108 +0

2,060 +0

427 +0

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

created at March 28, 2014, 8:42 a.m.

153 +0

2,823 +0

418 +1

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

created at Aug. 30, 2013, 9:43 p.m.

85 +0

3,584 +4

413 +0

js-vuln-db by tunz

A collection of JavaScript engine CVEs with PoCs

created at Aug. 6, 2016, 1:02 a.m.

185 +0

2,270 +3

406 +0

Raccoon by evyatarmeged

A high performance offensive security tool for reconnaissance and vulnerability scanning

created at May 13, 2018, 5:05 p.m.

109 +0

3,028 +2

394 +1

Astra by flipkart-incubator

Automated Security Testing For REST API's

created at Jan. 10, 2018, 11:56 a.m.

86 +0

2,448 +6

392 +2

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

created at June 8, 2018, 7:05 a.m.

125 +0

1,746 +1

388 +0

xssor2 by evilcos

XSS'OR - Hack with JavaScript.

created at June 25, 2017, 6:32 a.m.

95 +0

2,104 +0

378 +0

ReconDog by UltimateHackers

Reconnaissance Swiss Army Knife

created at June 12, 2017, 6:19 p.m.

82 +0

1,733 +6

338 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

52 +0

1,652 +0

309 +0

xray by evilsocket

XRay is a tool for recon, mapping and OSINT gathering from public networks.

created at July 8, 2017, 8:48 p.m.

79 +0

2,176 +12

295 +0

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

created at Nov. 19, 2019, 5:04 a.m.

24 +0

1,037 +2

285 +1

certificate-transparency by google

Auditing for TLS certificates.

created at May 20, 2014, 5:03 p.m.

103 +0

870 +1

282 +0

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

created at March 9, 2015, 9:16 p.m.

148 +0

3,044 +0

278 +0

ctftool by taviso

Interactive CTF Exploration Tool

created at June 7, 2019, 3:39 a.m.

60 +0

1,632 +0

274 +0

tinfoleak by vaguileradiaz

The most complete open-source tool for Twitter intelligence analysis

created at Jan. 27, 2018, 7:03 p.m.

72 +0

1,907 +3

272 +0

domato by googleprojectzero

DOM fuzzer

created at Sept. 21, 2017, 3:28 p.m.

68 +0

1,653 +1

271 +0