singularity by nccgroup

A DNS rebinding attack framework.

updated at Nov. 14, 2024, 6:16 a.m.

33 +0

1,036 +3

138 +0

CSS-Keylogging by maxchehab

Chrome extension and Express server that exploits keylogging abilities of CSS.

updated at Nov. 14, 2024, 9:53 a.m.

97 +0

3,216 +1

432 +0

AwesomeXSS by UltimateHackers

Awesome XSS stuff

updated at Nov. 14, 2024, 1:22 p.m.

239 +0

4,786 +6

767 +1

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

updated at Nov. 14, 2024, 1:46 p.m.

153 +0

2,857 +3

420 +0

LinkFinder by GerbenJavado

A python script that finds endpoints in JavaScript files

updated at Nov. 14, 2024, 3:15 p.m.

66 +0

3,723 +6

597 +0

notes by ChALkeR

Some public notes

updated at Nov. 14, 2024, 9:16 p.m.

92 +0

1,268 +1

77 +0

js-vuln-db by tunz

A collection of JavaScript engine CVEs with PoCs

updated at Nov. 14, 2024, 9:33 p.m.

185 +0

2,291 +2

405 +0

JShell by UltimateHackers

JShell - Get a JavaScript shell with XSS.

updated at Nov. 15, 2024, 7:57 a.m.

24 +0

511 +2

137 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

updated at Nov. 15, 2024, 11:50 a.m.

51 +0

1,706 +4

313 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

updated at Nov. 15, 2024, 2:39 p.m.

104 +0

2,221 +8

440 +1

cloudgoat by RhinoSecurityLabs

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

updated at Nov. 15, 2024, 5:45 p.m.

74 +0

2,974 +3

622 +3

EQGRP by x0rz

Decrypted content of eqgrp-auction-file.tar.xz

updated at Nov. 15, 2024, 7:19 p.m.

397 +0

4,099 +1

2,070 -3

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

updated at Nov. 15, 2024, 8:41 p.m.

39 +0

778 +1

163 +0

FOCA by ElevenPaths

Tool to find metadata and hidden information in the documents.

updated at Nov. 15, 2024, 8:56 p.m.

143 +0

2,979 +9

552 +1

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

updated at Nov. 15, 2024, 9:12 p.m.

42 +0

1,357 +2

128 +0

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

updated at Nov. 16, 2024, 12:12 a.m.

124 +0

1,781 +2

392 +1

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

updated at Nov. 16, 2024, 1:18 a.m.

19 +0

571 +5

121 +0

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

updated at Nov. 16, 2024, 5:17 a.m.

23 +0

1,096 +5

299 +1

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

updated at Nov. 16, 2024, 6:49 a.m.

265 +0

5,584 +5

1,191 +3

snallygaster by hannob

Tool to scan for secret files on HTTP servers

updated at Nov. 16, 2024, 10:48 a.m.

74 +0

2,076 +2

228 +0