whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

updated at April 30, 2024, 7:42 p.m.

22 +0

612 +0

102 +0

nano by UltimateHackers

Nano is a family of PHP web shells which are code golfed for stealth.

updated at May 1, 2024, 7:40 p.m.

32 +0

429 +0

95 +0

singularity by nccgroup

A DNS rebinding attack framework.

updated at May 2, 2024, 5:48 a.m.

32 +0

974 +0

136 +0

IPObfuscator by OsandaMalith

A simple tool to convert the IP to a DWORD IP

updated at May 2, 2024, 6:52 a.m.

9 +0

136 +0

46 +0

GSIL by FeeiCN

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

updated at May 2, 2024, 4:43 p.m.

62 +0

2,109 +0

486 +0

pwngitmanager by allyshka

Git manager for pentesters

updated at May 3, 2024, 5:39 a.m.

6 +0

107 +0

22 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

updated at May 5, 2024, 6:14 a.m.

33 +0

633 +0

101 +0

aws_pwn by dagrz

A collection of AWS penetration testing junk

updated at May 6, 2024, 7:28 p.m.

52 +0

1,122 -1

188 +0

HTTPLeaks by cure53

HTTPLeaks - All possible ways, a website can leak HTTP requests

updated at May 7, 2024, 11:12 a.m.

90 -1

1,931 +0

194 +0

js-vuln-db by tunz

A collection of JavaScript engine CVEs with PoCs

updated at May 7, 2024, 11:12 a.m.

185 -1

2,261 -1

405 +0

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

updated at May 7, 2024, 11:12 a.m.

39 +0

767 -1

162 +0

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

updated at May 7, 2024, 6:10 p.m.

40 +0

1,298 +1

127 +1

bug-bounty-reference by ngalongc

Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

updated at May 8, 2024, 11:55 p.m.

242 -1

3,606 -2

974 -2

cefdebug by taviso

Minimal code to connect to a CEF debugger.

updated at May 9, 2024, 8:20 a.m.

7 +0

191 +1

19 +0

JoomlaScan by drego85

A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

updated at May 9, 2024, 8:59 a.m.

20 +0

200 +2

67 +0

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

updated at May 9, 2024, 11:52 a.m.

19 +0

541 +1

121 +0

snallygaster by hannob

Tool to scan for secret files on HTTP servers

updated at May 9, 2024, 3:33 p.m.

75 +0

2,023 +1

231 +0

bXSS by LewisArdern

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

updated at May 9, 2024, 6:04 p.m.

14 +0

484 +0

64 -5

Raccoon by evyatarmeged

A high performance offensive security tool for reconnaissance and vulnerability scanning

updated at May 10, 2024, 1:14 a.m.

109 +0

3,003 -3

390 +1

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

updated at May 10, 2024, 1:38 a.m.

149 +0

3,043 +1

278 +0