mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

created at Feb. 16, 2010, 4:10 a.m.

624 +0

36,847 +91

4,041 +6

DVCS-Pillage by evilpacket

Pillage web accessible GIT, HG and BZR repositories

created at June 18, 2011, 8:04 p.m.

16 +0

314 +0

60 +0

beef by beefproject

The Browser Exploitation Framework Project

created at Nov. 23, 2011, 6:53 a.m.

444 -1

9,856 +18

2,180 +1

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

created at June 26, 2012, 9:52 a.m.

1,092 +1

32,589 +78

5,725 +10

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

488 +1

20,710 +33

3,006 +3

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

created at July 11, 2012, 8:27 p.m.

268 +0

8,616 +14

1,266 -1

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

created at Sept. 18, 2012, 2:05 p.m.

117 +0

5,218 +3

628 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

51 +0

1,706 +4

313 +0

webshell by tennc

This is a webshell open source project

created at May 23, 2013, 7:37 a.m.

488 +0

10,123 +15

5,574 +1

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

created at Aug. 30, 2013, 9:43 p.m.

83 -1

3,692 +6

417 +0

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

151 -1

14,021 +40

726 +3

EyeWitness by ChrisTruncer

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

created at Feb. 26, 2014, 4:23 p.m.

0 +0

18 +1

0 +0

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

created at March 28, 2014, 8:42 a.m.

153 +0

2,857 +3

420 +0

certificate-transparency by google

Auditing for TLS certificates.

created at May 20, 2014, 5:03 p.m.

102 +0

869 +0

283 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

104 +0

2,221 +8

440 +1

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

created at Sept. 13, 2014, 12:08 a.m.

265 +0

5,584 +5

1,191 +3

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

161 +0

10,468 +20

10,939 +47

weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

132 +1

3,200 +10

605 +2

wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

167 +0

5,968 +13

1,385 +0

gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

154 +0

5,938 +3

832 +6