H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

updated at Nov. 14, 2024, 1:46 p.m.

153 +0

2,857 +3

420 +0

AwesomeXSS by UltimateHackers

Awesome XSS stuff

updated at Nov. 14, 2024, 1:22 p.m.

239 +0

4,786 +6

767 +1

CSS-Keylogging by maxchehab

Chrome extension and Express server that exploits keylogging abilities of CSS.

updated at Nov. 14, 2024, 9:53 a.m.

97 +0

3,216 +1

432 +0

singularity by nccgroup

A DNS rebinding attack framework.

updated at Nov. 14, 2024, 6:16 a.m.

33 +0

1,036 +3

138 +0

HTTPLeaks by cure53

HTTPLeaks - All possible ways, a website can leak HTTP requests

updated at Nov. 13, 2024, 10:55 a.m.

90 +0

1,980 -1

202 +0

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

updated at Nov. 13, 2024, 9:57 a.m.

117 +0

5,218 +3

628 +0

awesome-cve-poc by qazbnm456

✍️ A curated list of CVE PoCs.

updated at Nov. 13, 2024, 9:07 a.m.

323 +0

3,324 +2

721 +0

reverse-shell by lukechilds

Reverse Shell as a Service

updated at Nov. 13, 2024, 2:54 a.m.

31 +0

1,852 +0

234 +0

GitMiner by UnkL4b

Tool for advanced mining for content on Github

updated at Nov. 12, 2024, 6:48 p.m.

108 +0

2,092 +2

426 +0

awesome-ctf-cheatsheet by uppusaikiran

CTF Cheatsheet

updated at Nov. 12, 2024, 4:27 p.m.

1 +0

50 +1

4 +0

open-redirect-payload-list by payloadbox

🎯 Open Redirect Payload List

updated at Nov. 12, 2024, 1:51 p.m.

18 +0

532 +4

185 +2

domain_analyzer by eldraco

Analyze the security of any domain by finding all the information possible. Made in python.

updated at Nov. 11, 2024, 9:15 p.m.

83 +0

1,844 +1

240 +0

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

updated at Nov. 11, 2024, 3:08 p.m.

14 +0

610 +2

106 +0

zen-rails-security-checklist by brunofacca

Checklist of security precautions for Ruby on Rails applications.

updated at Nov. 11, 2024, 7:19 a.m.

76 +0

1,814 +1

150 +0

xray by evilsocket

XRay is a tool for recon, mapping and OSINT gathering from public networks.

updated at Nov. 11, 2024, 6:23 a.m.

80 +0

2,206 +2

299 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

updated at Nov. 11, 2024, 1:27 a.m.

22 +0

627 +1

88 +0

EyeWitness by ChrisTruncer

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

updated at Nov. 10, 2024, 8:23 p.m.

0 +0

18 +1

0 +0

uxss-db by Metnew

🔪Browser logic vulnerabilities :skull_and_crossbones:

updated at Nov. 8, 2024, 6:22 p.m.

35 +0

688 +0

90 +0

aws_pwn by dagrz

A collection of AWS penetration testing junk

updated at Nov. 8, 2024, 7:02 a.m.

52 +0

1,173 +0

194 +0

cefdebug by taviso

Minimal code to connect to a CEF debugger.

updated at Nov. 8, 2024, 3:10 a.m.

7 +0

197 +0

19 +0