dirhunt by Nekmo

Find web directories without bruteforce

created at Jan. 5, 2018, 1:05 a.m.

33 +0

1,770 +5

255 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

51 +0

1,706 +4

313 +0

domato by googleprojectzero

DOM fuzzer

created at Sept. 21, 2017, 3:28 p.m.

67 +0

1,695 +9

278 +0

ctftool by taviso

Interactive CTF Exploration Tool

created at June 7, 2019, 3:39 a.m.

60 +0

1,641 +0

271 +0

iaito by hteso

This project has been moved to:

created at March 28, 2017, 5:27 p.m.

82 +0

1,463 +0

117 +1

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

created at Nov. 14, 2016, 4:23 p.m.

42 +0

1,357 +2

128 +0

notes by ChALkeR

Some public notes

created at Oct. 17, 2015, 11:02 p.m.

92 +0

1,268 +1

77 +0

aws_pwn by dagrz

A collection of AWS penetration testing junk

created at Oct. 18, 2016, 3:14 a.m.

52 +0

1,173 +0

194 +0

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

created at Aug. 21, 2018, 5:49 a.m.

37 +0

1,108 +1

207 -1

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

created at Nov. 19, 2019, 5:04 a.m.

23 +0

1,096 +5

299 +1

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

33 +0

1,036 +3

138 +0

certificate-transparency by google

Auditing for TLS certificates.

created at May 20, 2014, 5:03 p.m.

102 +0

869 +0

283 +0

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

created at Aug. 22, 2017, 3:41 p.m.

39 +0

778 +1

163 +0

uxss-db by Metnew

🔪Browser logic vulnerabilities :skull_and_crossbones:

created at Oct. 27, 2017, 5:32 p.m.

35 +0

688 +0

90 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

637 +0

88 +0

a2sv by hahwul

Auto Scanning to SSL Vulnerability

created at Jan. 25, 2016, 7:15 a.m.

46 +0

627 +1

169 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

created at April 1, 2018, 12:11 a.m.

22 +0

627 +1

88 +0

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

created at July 15, 2019, 8:13 p.m.

14 +0

610 +2

106 +0

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

created at Nov. 11, 2018, 7:07 p.m.

19 +0

571 +5

121 +0

open-redirect-payload-list by payloadbox

🎯 Open Redirect Payload List

created at Aug. 15, 2019, 3:29 p.m.

18 +0

532 +4

185 +2