nuclei by projectdiscovery

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

created at April 3, 2020, 6:47 p.m.

239 -1

20,685 +89

2,513 +8

awesome-ctf-cheatsheet by uppusaikiran

CTF Cheatsheet

created at Feb. 11, 2020, 5:14 p.m.

1 +0

50 +1

4 +0

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

created at Nov. 19, 2019, 5:04 a.m.

23 +0

1,096 +5

299 +1

ntlm_challenger by b17zr

Parse NTLM challenge messages over HTTP and SMB

created at Nov. 4, 2019, 10:27 p.m.

4 +0

143 +0

25 +0

sql-injection-payload-list by payloadbox

🎯 SQL Injection Payload List

created at Oct. 30, 2019, 5:03 a.m.

92 +0

4,995 +19

1,182 +3

cefdebug by taviso

Minimal code to connect to a CEF debugger.

created at Oct. 3, 2019, 2:09 p.m.

7 +0

197 +0

19 +0

open-redirect-payload-list by payloadbox

🎯 Open Redirect Payload List

created at Aug. 15, 2019, 3:29 p.m.

18 +0

532 +4

185 +2

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

created at July 15, 2019, 8:13 p.m.

14 +0

610 +2

106 +0

ctftool by taviso

Interactive CTF Exploration Tool

created at June 7, 2019, 3:39 a.m.

60 +0

1,641 +0

271 +0

slurp by hehnope

this can't keep happening

created at April 7, 2019, 12:30 a.m.

1 +0

2 +0

0 +0

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

created at Nov. 11, 2018, 7:07 p.m.

19 +0

571 +5

121 +0

command-injection-payload-list by payloadbox

🎯 Command Injection Payload List

created at Nov. 3, 2018, 6:35 p.m.

73 +0

3,004 +16

641 +3

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

created at Aug. 21, 2018, 5:49 a.m.

37 +0

1,108 +1

207 -1

cloudgoat by RhinoSecurityLabs

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

created at July 17, 2018, 12:21 a.m.

74 +0

2,974 +3

622 +3

social_mapper by Greenwolf

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

created at July 7, 2018, 2:50 p.m.

225 +0

3,808 +2

788 +0

dref by mwrlabs

DNS Rebinding Exploitation Framework

created at June 26, 2018, 10:09 a.m.

25 +0

481 +0

71 +0

dns-rebind-toolkit by brannondorsey

A front-end JavaScript toolkit for creating DNS rebinding attacks.

created at June 19, 2018, 2:06 a.m.

24 +0

485 +0

93 +0

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

created at June 8, 2018, 7:05 a.m.

124 +0

1,781 +2

392 +1

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

33 +0

1,036 +3

138 +0

nano by UltimateHackers

Nano is a family of PHP web shells which are code golfed for stealth.

created at May 25, 2018, 3:17 p.m.

32 +0

435 +1

93 +0