subDomainsBrute by lijiejie

A fast sub domain brute tool for pentesters

created at April 1, 2015, 7:22 a.m.

116 +0

3,388 +2

1,009 +0

bug-bounty-reference by ngalongc

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

created at Sept. 1, 2016, 12:53 p.m.

242 +0

3,611 +5

975 +1

Some-PoC-oR-ExP by coffeehb

各种漏洞poc、Exp的收集或编写

created at March 13, 2015, 3:31 p.m.

156 +0

2,332 +3

969 +1

awesome-bug-bounty by djadmin

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

created at Feb. 13, 2016, 11 p.m.

289 +0

4,400 +13

899 +1

aquatone by michenriksen

A Tool for Domain Flyovers

created at Nov. 19, 2015, 11:30 a.m.

135 +0

5,494 +5

864 +0

gitrob by michenriksen

Reconnaissance tool for GitHub organizations

created at Jan. 7, 2015, 1:58 p.m.

154 +0

5,844 +5

823 +0

EyeWitness by RedSiege

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

created at Feb. 26, 2014, 4:23 p.m.

147 +0

4,743 +28

820 +1

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

created at March 20, 2015, 8:38 a.m.

161 +0

4,358 +10

796 -1

social_mapper by Greenwolf

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

created at July 7, 2018, 2:50 p.m.

227 +0

3,699 +6

785 +0

AwesomeXSS by UltimateHackers

Awesome XSS stuff

created at March 11, 2018, 2:35 p.m.

240 +0

4,656 +8

755 -2

awesome-cve-poc by qazbnm456

✍️ A curated list of CVE PoCs.

created at Feb. 2, 2017, 6:43 a.m.

322 +0

3,243 +6

718 +0

DOMPurify by cure53

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

created at Feb. 17, 2014, 9:48 p.m.

149 -1

12,961 +37

676 +6

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

created at July 6, 2016, 8:33 p.m.

84 +0

3,645 +2

661 -1

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

created at Sept. 18, 2012, 2:05 p.m.

117 +0

5,110 +3

631 +1

weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

132 +0

3,086 +9

598 +2

command-injection-payload-list by payloadbox

🎯 Command Injection Payload List

created at Nov. 3, 2018, 6:35 p.m.

72 +0

2,681 +18

592 +3

openrasp by baidu

🔥Open source RASP solution

created at Aug. 10, 2017, 11:09 a.m.

108 +0

2,705 +5

588 +2

LinkFinder by GerbenJavado

A python script that finds endpoints in JavaScript files

created at June 9, 2017, 11:50 a.m.

63 -1

3,476 +6

581 +0

cloudgoat by RhinoSecurityLabs

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

created at July 17, 2018, 12:21 a.m.

71 +0

2,775 +15

580 +3

FOCA by ElevenPaths

Tool to find metadata and hidden information in the documents.

created at Oct. 2, 2017, 5:05 p.m.

141 +0

2,769 +9

530 +1