CSS-Keylogging by maxchehab

Chrome extension and Express server that exploits keylogging abilities of CSS.

created at Feb. 20, 2018, 6:19 p.m.

CSS

97 +0

3,202 +2

431 +0

GitHub
phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

Python

103 +0

2,156 +3

436 +1

GitHub
fuzz.txt by Bo0oM

Potentially dangerous files

created at Jan. 19, 2016, 1:35 p.m.

Unknown languages

85 +0

2,803 +5

476 +0

GitHub
GSIL by FeeiCN

GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)

created at Oct. 11, 2017, 10:14 a.m.

Python

62 +0

2,110 +0

486 +0

GitHub
FOCA by ElevenPaths

Tool to find metadata and hidden information in the documents.

created at Oct. 2, 2017, 5:05 p.m.

C#

141 +0

2,780 +11

530 +0

GitHub
cloudgoat by RhinoSecurityLabs

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

created at July 17, 2018, 12:21 a.m.

Python

71 +0

2,781 +6

580 +0

GitHub
LinkFinder by GerbenJavado

A python script that finds endpoints in JavaScript files

created at June 9, 2017, 11:50 a.m.

Python

63 +0

3,492 +16

584 +3

GitHub
openrasp by baidu

🔥Open source RASP solution

created at Aug. 10, 2017, 11:09 a.m.

C++

108 +0

2,710 +5

589 +1

GitHub
command-injection-payload-list by payloadbox

🎯 Command Injection Payload List

created at Nov. 3, 2018, 6:35 p.m.

Unknown languages

72 +0

2,693 +12

595 +3

GitHub
weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

Python

132 +0

3,095 +9

599 +1

GitHub
js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

created at Sept. 18, 2012, 2:05 p.m.

HTML

117 +0

5,114 +4

631 +0

GitHub
tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

created at July 6, 2016, 8:33 p.m.

Python

84 +0

3,647 +2

660 -1

GitHub
DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

JavaScript

149 +0

13,002 +41

677 +1

GitHub
awesome-cve-poc by qazbnm456

✍️ A curated list of CVE PoCs.

created at Feb. 2, 2017, 6:43 a.m.

Unknown languages

322 +0

3,249 +6

718 +0

GitHub
AwesomeXSS by UltimateHackers

Awesome XSS stuff

created at March 11, 2018, 2:35 p.m.

JavaScript

240 +0

4,663 +7

755 +0

GitHub
social_mapper by Greenwolf

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

created at July 7, 2018, 2:50 p.m.

Python

227 +0

3,705 +6

785 +0

GitHub
commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

created at March 20, 2015, 8:38 a.m.

Python

162 +1

4,368 +10

796 +0

GitHub
EyeWitness by RedSiege

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

created at Feb. 26, 2014, 4:23 p.m.

Python

146 -1

4,756 +13

820 +0

GitHub
gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

Go

154 +0

5,850 +6

823 +0

GitHub
aquatone by michenriksen

A Tool for Domain Flyovers

created at Nov. 19, 2015, 11:30 a.m.

Go

135 +0

5,501 +7

864 +0

GitHub