weevely3 by epinna

Weaponized web shell

updated at May 24, 2024, 7:57 p.m.

132 +0

3,095 +9

599 +1

awesome-cve-poc by qazbnm456

✍️ A curated list of CVE PoCs.

updated at May 24, 2024, 6:35 p.m.

322 +0

3,249 +6

718 +0

Raccoon by evyatarmeged

A high performance offensive security tool for reconnaissance and vulnerability scanning

updated at May 24, 2024, 6:11 p.m.

109 +0

3,015 +7

391 +1

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

updated at May 24, 2024, 6:08 p.m.

40 +0

1,302 +1

127 +0

openrasp by baidu

🔥Open source RASP solution

updated at May 24, 2024, 5:53 p.m.

108 +0

2,710 +5

589 +1

GSIL by FeeiCN

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

updated at May 24, 2024, 5:47 p.m.

62 +0

2,110 +0

486 +0

awesome-bug-bounty by djadmin

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

updated at May 24, 2024, 5:24 p.m.

289 +0

4,406 +6

899 +0

social_mapper by Greenwolf

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

updated at May 24, 2024, 4:48 p.m.

227 +0

3,705 +6

785 +0

dirhunt by Nekmo

Find web directories without bruteforce

updated at May 24, 2024, 2:28 p.m.

35 +0

1,714 +3

237 +1

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

updated at May 24, 2024, 12:08 p.m.

24 +0

1,028 +2

283 +2

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

updated at May 24, 2024, 11:32 a.m.

84 +0

3,647 +2

660 -1

tinfoleak by vaguileradiaz

The most complete open-source tool for Twitter intelligence analysis

updated at May 24, 2024, 9:21 a.m.

72 +0

1,902 +1

273 +0

xssor2 by evilcos

XSS'OR - Hack with JavaScript.

updated at May 24, 2024, 7:13 a.m.

95 +0

2,102 -1

378 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

updated at May 24, 2024, 6:31 a.m.

103 +0

2,156 +3

436 +1

EQGRP by x0rz

Decrypted content of eqgrp-auction-file.tar.xz

updated at May 24, 2024, 4:24 a.m.

397 +0

4,075 +3

2,072 +1

awesome-ctf-cheatsheet by uppusaikiran

CTF Cheatsheet

updated at May 23, 2024, 11:12 p.m.

1 +0

24 +3

2 +0

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

updated at May 23, 2024, 10:32 a.m.

19 +0

544 +1

121 +0

DVCS-Pillage by evilpacket

Pillage web accessible GIT, HG and BZR repositories

updated at May 23, 2024, 9:37 a.m.

16 +0

313 +1

63 +0

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

updated at May 23, 2024, 7:32 a.m.

125 +0

1,744 +1

388 +0

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

updated at May 23, 2024, 2:30 a.m.

36 +0

1,008 +13

189 +1