domato by googleprojectzero

DOM fuzzer

created at Sept. 21, 2017, 3:28 p.m.

68 +0

1,643 +1

273 +0

domain_analyzer by eldraco

Analyze the security of any domain by finding all the information possible. Made in python.

created at Aug. 8, 2017, 6:52 p.m.

83 +0

1,837 +1

245 +0

dirhunt by Nekmo

Find web directories without bruteforce

created at Jan. 5, 2018, 1:05 a.m.

35 +0

1,707 +6

234 +3

snallygaster by hannob

Tool to scan for secret files on HTTP servers

created at April 10, 2018, 12:01 p.m.

75 +0

2,023 +1

231 +0

reverse-shell by lukechilds

Reverse Shell as a Service

created at Sept. 13, 2017, 11:38 a.m.

33 +0

1,789 +2

230 -1

HTTPLeaks by cure53

HTTPLeaks - All possible ways, a website can leak HTTP requests

created at April 17, 2015, 2:48 p.m.

90 -1

1,931 +0

194 +0

aws_pwn by dagrz

A collection of AWS penetration testing junk

created at Oct. 18, 2016, 3:14 a.m.

52 +0

1,122 -1

188 +0

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

created at Aug. 21, 2018, 5:49 a.m.

36 +0

978 +4

188 +3

open-redirect-payload-list by payloadbox

🎯 Open Redirect Payload List

created at Aug. 15, 2019, 3:29 p.m.

19 +0

496 +1

173 +0

a2sv by hahwul

Auto Scanning to SSL Vulnerability

created at Jan. 25, 2016, 7:15 a.m.

45 +0

610 +0

166 +0

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

created at Aug. 22, 2017, 3:41 p.m.

39 +0

767 -1

162 +0

zen-rails-security-checklist by brunofacca

Checklist of security precautions for Ruby on Rails applications.

created at April 10, 2017, 8:36 p.m.

76 +0

1,815 +0

150 +0

XSS.png by LucaBongiorni

A XSS mind map ;)

created at Jan. 16, 2016, 7:47 a.m.

5 +0

57 +0

143 +0

JShell by UltimateHackers

JShell - Get a JavaScript shell with XSS.

created at Feb. 26, 2018, 1:40 p.m.

25 +0

504 +3

140 +0

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

32 +0

974 +0

136 +0

iaito by hteso

This project has been moved to:

created at March 28, 2017, 5:27 p.m.

82 +0

1,470 +0

131 +0

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

created at Nov. 14, 2016, 4:23 p.m.

40 +0

1,298 +1

127 +1

Webshell-Sniper by WangYihang

Manage your website via terminal

created at July 24, 2017, 9:13 a.m.

21 +0

421 +1

123 +0

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

created at Nov. 11, 2018, 7:07 p.m.

19 +0

541 +1

121 +0

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

created at July 15, 2019, 8:13 p.m.

14 +0

582 +0

103 +0