singularity by nccgroup

A DNS rebinding attack framework.

updated at May 25, 2024, 10:01 p.m.

32 +0

976 +1

135 +0

mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

updated at May 25, 2024, 10:21 p.m.

623 +0

34,681 +83

3,913 +5

xss-payload-list by payloadbox

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

updated at May 25, 2024, 10:24 p.m.

139 +0

5,739 +33

1,586 +7

FOCA by ElevenPaths

Tool to find metadata and hidden information in the documents.

updated at May 25, 2024, 10:45 p.m.

141 +0

2,780 +11

530 +0

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

updated at May 25, 2024, 11:38 p.m.

156 +0

9,651 +20

9,526 +49

LinkFinder by GerbenJavado

A python script that finds endpoints in JavaScript files

updated at May 26, 2024, 12:19 a.m.

63 +0

3,492 +16

584 +3

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at May 26, 2024, 12:29 a.m.

483 +0

19,752 +26

2,942 +3

xray by evilsocket

XRay is a tool for recon, mapping and OSINT gathering from public networks.

updated at May 26, 2024, 1:24 a.m.

79 +0

2,154 +5

294 +0

wfuzz by xmendez

Web application fuzzer

updated at May 26, 2024, 1:44 a.m.

168 +0

5,683 +8

1,332 +0

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

updated at May 26, 2024, 2:18 a.m.

1,090 -1

30,810 +56

5,557 +3

fuzzdb by fuzzdb-project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

updated at May 26, 2024, 2:24 a.m.

367 +0

7,994 +9

2,081 +3

EyeWitness by RedSiege

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

updated at May 26, 2024, 2:34 a.m.

146 -1

4,756 +13

820 +0

Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

updated at May 26, 2024, 2:39 a.m.

233 +0

9,341 +23

2,056 +2

gitrob by michenriksen

Reconnaissance tool for GitHub organizations

updated at May 26, 2024, 2:40 a.m.

154 +0

5,850 +6

823 +0

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

updated at May 26, 2024, 3:11 a.m.

149 +0

13,002 +41

677 +1

webshell by tennc

This is a webshell open source project

updated at May 26, 2024, 3:42 a.m.

489 -1

9,833 +24

5,561 +4

nuclei by projectdiscovery

Fast and customizable vulnerability scanner based on simple YAML based DSL.

updated at May 26, 2024, 4:15 a.m.

214 -1

17,553 +69

2,269 +7

aquatone by michenriksen

A Tool for Domain Flyovers

updated at May 26, 2024, 4:25 a.m.

135 +0

5,501 +7

864 +0

CyberChef by gchq

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

updated at May 26, 2024, 5:20 a.m.

376 -1

25,952 +85

2,985 +5

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

updated at May 26, 2024, 5:32 a.m.

153 +0

2,821 +2

418 +0