mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

created at Feb. 16, 2010, 4:10 a.m.

622 +0

34,367 +60

3,895 +3

DVCS-Pillage by evilpacket

Pillage web accessible GIT, HG and BZR repositories

created at June 18, 2011, 8:04 p.m.

16 +0

314 +0

63 +0

beef by beefproject

The Browser Exploitation Framework Project

created at Nov. 23, 2011, 6:53 a.m.

438 +1

9,380 +11

2,056 +6

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

created at June 26, 2012, 9:52 a.m.

1,088 +0

30,577 +58

5,536 +4

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

486 +0

19,633 +33

2,938 +3

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

created at July 11, 2012, 8:27 p.m.

264 +0

8,238 +14

1,236 +3

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

created at Sept. 18, 2012, 2:05 p.m.

117 +0

5,102 +6

630 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

53 +2

1,648 +3

308 +2

webshell by tennc

This is a webshell open source project

created at May 23, 2013, 7:37 a.m.

493 +1

9,772 +15

5,547 +5

retire.js by RetireJS

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

created at Aug. 30, 2013, 9:43 p.m.

87 +0

3,517 +10

412 +0

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

153 +1

12,816 +41

671 +5

EyeWitness by RedSiege

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

created at Feb. 26, 2014, 4:23 p.m.

148 +0

4,703 +3

819 +1

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

created at March 28, 2014, 8:42 a.m.

154 +0

2,818 -1

418 +0

certificate-transparency by google

Auditing for TLS certificates.

created at May 20, 2014, 5:03 p.m.

103 +0

865 -2

281 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

103 +0

2,139 +3

432 +2

Infosec_Reference by rmusser01

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

created at Sept. 13, 2014, 12:08 a.m.

267 +0

5,363 +6

1,180 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

156 +2

9,532 +30

9,303 +52

weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

131 +0

3,070 +9

596 +1

wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

169 +0

5,647 +11

1,330 +2

gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

155 +0

5,830 -2

823 +0