Fast and customizable vulnerability scanner based on simple YAML based DSL.
created at April 3, 2020, 6:47 p.m.
🎯 XML External Entity (XXE) Injection Payload List
created at Nov. 19, 2019, 5:04 a.m.
Parse NTLM challenge messages over HTTP and SMB
created at Nov. 4, 2019, 10:27 p.m.
🎯 SQL Injection Payload List
created at Oct. 30, 2019, 5:03 a.m.
🎯 Open Redirect Payload List
created at Aug. 15, 2019, 3:29 p.m.
List DTDs and generate XXE payloads using those local DTDs.
created at July 15, 2019, 8:13 p.m.
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included
created at Nov. 11, 2018, 7:07 p.m.
🎯 Command Injection Payload List
created at Nov. 3, 2018, 6:35 p.m.
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
created at Aug. 21, 2018, 5:49 a.m.
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
created at July 17, 2018, 12:21 a.m.
A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
created at July 7, 2018, 2:50 p.m.
A front-end JavaScript toolkit for creating DNS rebinding attacks.
created at June 19, 2018, 2:06 a.m.
The Offensive Manual Web Application Penetration Testing Framework.
created at June 8, 2018, 7:05 a.m.
Nano is a family of PHP web shells which are code golfed for stealth.
created at May 25, 2018, 3:17 p.m.