subDomainsBrute by lijiejie

A fast sub domain brute tool for pentesters

created at April 1, 2015, 7:22 a.m.

116 +0

3,488 +2

1,010 +0

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

created at March 20, 2015, 8:38 a.m.

158 +0

4,611 +13

818 +2

Some-PoC-oR-ExP by coffeehb

各种漏洞poc、Exp的收集或编写

created at March 13, 2015, 3:31 p.m.

154 +0

2,384 +2

972 +0

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

created at March 9, 2015, 9:16 p.m.

149 +0

3,047 +0

277 +0

gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

154 +0

5,938 +3

832 +6

wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

167 +0

5,968 +13

1,385 +0

weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

132 +1

3,200 +10

605 +2

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

161 +0

10,468 +20

10,939 +47

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

created at Sept. 13, 2014, 12:08 a.m.

265 +0

5,584 +5

1,191 +3

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

104 +0

2,221 +8

440 +1

certificate-transparency by google

Auditing for TLS certificates.

created at May 20, 2014, 5:03 p.m.

102 +0

869 +0

283 +0

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

created at March 28, 2014, 8:42 a.m.

153 +0

2,857 +3

420 +0

EyeWitness by ChrisTruncer

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

created at Feb. 26, 2014, 4:23 p.m.

0 +0

18 +1

0 +0

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

151 -1

14,021 +40

726 +3

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

created at Aug. 30, 2013, 9:43 p.m.

83 -1

3,692 +6

417 +0

webshell by tennc

This is a webshell open source project

created at May 23, 2013, 7:37 a.m.

488 +0

10,123 +15

5,574 +1

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

51 +0

1,706 +4

313 +0

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

created at Sept. 18, 2012, 2:05 p.m.

117 +0

5,218 +3

628 +0

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

created at July 11, 2012, 8:27 p.m.

268 +0

8,616 +14

1,266 -1

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

488 +1

20,710 +33

3,006 +3