bXSS by LewisArdern

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

updated at Nov. 17, 2024, 2:45 a.m.

14 +0

518 +5

64 +0

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

updated at Nov. 17, 2024, 3:04 a.m.

83 -1

3,692 +6

417 +0

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

updated at Nov. 17, 2024, 3:11 a.m.

130 +0

10,847 +39

1,543 +3

tinfoleak by vaguileradiaz

The most complete open-source tool for Twitter intelligence analysis

updated at Nov. 17, 2024, 4:38 a.m.

73 +0

1,932 +3

270 +1

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

updated at Nov. 17, 2024, 6:52 a.m.

37 +0

1,108 +1

207 -1

Some-PoC-oR-ExP by coffeehb

各种漏洞poc、Exp的收集或编写

updated at Nov. 17, 2024, 7:17 a.m.

154 +0

2,384 +2

972 +0

nano by UltimateHackers

Nano is a family of PHP web shells which are code golfed for stealth.

updated at Nov. 17, 2024, 8:42 a.m.

32 +0

435 +1

93 +0

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

updated at Nov. 17, 2024, 8:43 a.m.

158 +0

4,611 +13

818 +2

weevely3 by epinna

Weaponized web shell

updated at Nov. 17, 2024, 8:43 a.m.

132 +1

3,200 +10

605 +2

CyberChef by gchq

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

updated at Nov. 17, 2024, 8:48 a.m.

390 +0

29,267 +96

3,280 +13

GSIL by FeeiCN

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

updated at Nov. 17, 2024, 9:04 a.m.

61 +0

2,124 -1

486 +0

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

updated at Nov. 17, 2024, 9:31 a.m.

1,092 +1

32,589 +78

5,725 +10

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

updated at Nov. 17, 2024, 9:49 a.m.

268 +0

8,616 +14

1,266 -1

nuclei by projectdiscovery

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

updated at Nov. 17, 2024, 10:47 a.m.

239 -1

20,685 +89

2,513 +8

command-injection-payload-list by payloadbox

🎯 Command Injection Payload List

updated at Nov. 17, 2024, 11:04 a.m.

73 +0

3,004 +16

641 +3

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

updated at Nov. 17, 2024, 11:37 a.m.

83 +1

3,794 +9

671 +1

awesome-bug-bounty by djadmin

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

updated at Nov. 17, 2024, 11:42 a.m.

297 +0

4,662 +16

918 +0

wfuzz by xmendez

Web application fuzzer

updated at Nov. 17, 2024, 12:10 p.m.

167 +0

5,968 +13

1,385 +0

sql-injection-payload-list by payloadbox

🎯 SQL Injection Payload List

updated at Nov. 17, 2024, 12:11 p.m.

92 +0

4,995 +19

1,182 +3

openrasp by baidu

🔥Open source RASP solution

updated at Nov. 17, 2024, 12:19 p.m.

109 +0

2,793 +2

601 -1