JoomlaScan by drego85

A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

created at Feb. 11, 2016, 9:28 p.m.

20 +0

215 +0

68 -1

Webshell-Sniper by WangYihang

Manage your website via terminal

created at July 24, 2017, 9:13 a.m.

21 +0

420 +0

114 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

created at April 1, 2018, 12:11 a.m.

22 +0

627 +1

88 +0

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

created at Nov. 19, 2019, 5:04 a.m.

23 +0

1,096 +5

299 +1

dns-rebind-toolkit by brannondorsey

A front-end JavaScript toolkit for creating DNS rebinding attacks.

created at June 19, 2018, 2:06 a.m.

24 +0

485 +0

93 +0

JShell by UltimateHackers

JShell - Get a JavaScript shell with XSS.

created at Feb. 26, 2018, 1:40 p.m.

24 +0

511 +2

137 +0

dref by mwrlabs

DNS Rebinding Exploitation Framework

created at June 26, 2018, 10:09 a.m.

25 +0

481 +0

71 +0

reverse-shell by lukechilds

Reverse Shell as a Service

created at Sept. 13, 2017, 11:38 a.m.

31 +0

1,852 +0

234 +0

nano by UltimateHackers

Nano is a family of PHP web shells which are code golfed for stealth.

created at May 25, 2018, 3:17 p.m.

32 +0

435 +1

93 +0

dirhunt by Nekmo

Find web directories without bruteforce

created at Jan. 5, 2018, 1:05 a.m.

33 +0

1,770 +5

255 +0

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

33 +0

1,036 +3

138 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

637 +0

88 +0

uxss-db by Metnew

🔪Browser logic vulnerabilities :skull_and_crossbones:

created at Oct. 27, 2017, 5:32 p.m.

35 +0

688 +0

90 +0

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

created at Aug. 21, 2018, 5:49 a.m.

37 +0

1,108 +1

207 -1

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

created at Aug. 22, 2017, 3:41 p.m.

39 +0

778 +1

163 +0

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

created at Nov. 14, 2016, 4:23 p.m.

42 +0

1,357 +2

128 +0

malware-jail by HynekPetrak

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

created at Jan. 10, 2016, 10:41 p.m.

46 +0

460 +0

100 +0

a2sv by hahwul

Auto Scanning to SSL Vulnerability

created at Jan. 25, 2016, 7:15 a.m.

46 +0

627 +1

169 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

51 +0

1,706 +4

313 +0

aws_pwn by dagrz

A collection of AWS penetration testing junk

created at Oct. 18, 2016, 3:14 a.m.

52 +0

1,173 +0

194 +0