JShell - Get a JavaScript shell with XSS.
updated at June 5, 2024, 3:38 p.m.
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
updated at June 5, 2024, 5:52 p.m.
List DTDs and generate XXE payloads using those local DTDs.
updated at June 5, 2024, 5:57 p.m.
XRay is a tool for recon, mapping and OSINT gathering from public networks.
updated at June 6, 2024, 1:31 a.m.
Tool to scan for secret files on HTTP servers
updated at June 6, 2024, 2:46 a.m.
Rip web accessible (distributed) version control systems: SVN/GIT/HG...
updated at June 6, 2024, 10:56 a.m.
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
updated at June 6, 2024, 1:23 p.m.
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
updated at June 6, 2024, 5:25 p.m.
A fast sub domain brute tool for pentesters
updated at June 7, 2024, 12:43 a.m.
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
updated at June 7, 2024, 5:24 a.m.
Automated All-in-One OS Command Injection Exploitation Tool.
updated at June 7, 2024, 5:42 a.m.
A high performance offensive security tool for reconnaissance and vulnerability scanning
updated at June 7, 2024, 8:20 a.m.