XSStrike by UltimateHackers

Most advanced XSS scanner.

updated at June 9, 2024, 5:33 a.m.

273 +0

12,836 +27

1,861 +3

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

updated at June 9, 2024, 5:19 a.m.

154 +1

15,536 +86

1,335 +7

CyberChef by gchq

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

updated at June 9, 2024, 5:18 a.m.

380 +4

26,072 +60

3,002 +10

LinkFinder by GerbenJavado

A python script that finds endpoints in JavaScript files

updated at June 9, 2024, 4:15 a.m.

63 +0

3,520 +21

587 +2

beef by beefproject

The Browser Exploitation Framework Project

updated at June 9, 2024, 4:09 a.m.

439 +0

9,462 +16

2,078 +6

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

updated at June 9, 2024, 3:54 a.m.

1,090 +0

30,939 +67

5,565 +7

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

updated at June 9, 2024, 3:24 a.m.

117 +0

9,788 +54

1,417 +6

xss-payload-list by payloadbox

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

updated at June 9, 2024, 2:54 a.m.

138 +0

5,789 +21

1,594 +2

awesome-bug-bounty by djadmin

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

updated at June 9, 2024, 2:48 a.m.

289 +0

4,420 +8

900 +1

nuclei by projectdiscovery

Fast and customizable vulnerability scanner based on simple YAML based DSL.

updated at June 9, 2024, 2:41 a.m.

216 +1

17,876 +241

2,287 +14

CSS-Keylogging by maxchehab

Chrome extension and Express server that exploits keylogging abilities of CSS.

updated at June 9, 2024, 1:25 a.m.

97 +0

3,210 +8

432 +0

mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

updated at June 9, 2024, 12:46 a.m.

624 -1

34,813 +63

3,924 +5

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

updated at June 9, 2024, 12:02 a.m.

84 +0

3,659 +6

662 +2

Photon by UltimateHackers

Incredibly fast crawler designed for OSINT.

updated at June 8, 2024, 11:30 p.m.

322 +0

10,599 +11

1,457 +0

cloudgoat by RhinoSecurityLabs

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

updated at June 8, 2024, 11:20 p.m.

72 +1

2,793 +10

583 +1

FOCA by ElevenPaths

Tool to find metadata and hidden information in the documents.

updated at June 8, 2024, 9:16 p.m.

142 +1

2,800 +12

532 +0

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

updated at June 8, 2024, 9:13 p.m.

266 +0

8,307 +12

1,245 +1

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

updated at June 8, 2024, 6:48 p.m.

150 +1

13,075 +39

680 +2

bug-bounty-reference by ngalongc

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

updated at June 8, 2024, 6:45 p.m.

243 +0

3,623 +6

980 +2

Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

updated at June 8, 2024, 6:28 p.m.

235 +1

9,397 +36

2,062 +3