domato by googleprojectzero

DOM fuzzer

updated at May 11, 2024, 7:22 a.m.

68 +0

1,643 +1

273 +0

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

updated at May 11, 2024, 7:51 a.m.

125 +0

1,740 +5

388 +1

fuzzdb by fuzzdb-project

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

updated at May 11, 2024, 7:53 a.m.

367 +0

7,974 +7

2,074 +0

zen-rails-security-checklist by brunofacca

Checklist of security precautions for Ruby on Rails applications.

updated at May 11, 2024, 9:19 a.m.

76 +0

1,815 +0

150 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

updated at May 11, 2024, 9:38 a.m.

103 +0

2,146 +7

434 +1

aquatone by michenriksen

A Tool for Domain Flyovers

updated at May 11, 2024, 11:18 a.m.

135 +0

5,489 +1

864 +0

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

updated at May 11, 2024, 11:19 a.m.

84 -1

3,643 +8

662 +0

domain_analyzer by eldraco

Analyze the security of any domain by finding all the information possible. Made in python.

updated at May 11, 2024, 11:39 a.m.

83 +0

1,837 +1

245 +0

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

updated at May 11, 2024, 11:48 a.m.

161 +0

4,348 +8

797 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

updated at May 11, 2024, 1:41 p.m.

52 -1

1,648 +1

308 +0

awesome-ctf-cheatsheet by uppusaikiran

CTF Cheatsheet

updated at May 11, 2024, 2:42 p.m.

1 +0

21 +2

2 +0

awesome-bug-bounty by djadmin

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

updated at May 11, 2024, 3:49 p.m.

289 +0

4,387 +1

898 +0

xss-payload-list by payloadbox

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

updated at May 11, 2024, 3:59 p.m.

139 +0

5,673 +19

1,580 +2

js-xss by leizongmin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

updated at May 11, 2024, 4:07 p.m.

117 +0

5,107 +1

630 +0

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

updated at May 11, 2024, 4:07 p.m.

36 +0

978 +4

188 +3

H5SC by cure53

HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

updated at May 11, 2024, 5:32 p.m.

153 -1

2,820 -2

418 +0

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

updated at May 11, 2024, 6:15 p.m.

156 +0

9,589 +31

9,399 +50

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

updated at May 11, 2024, 9:33 p.m.

118 -1

9,618 +40

1,404 +9

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

updated at May 11, 2024, 9:34 p.m.

1,090 +1

30,690 +56

5,549 +11

wpscan by wpscanteam

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

updated at May 11, 2024, 9:34 p.m.

264 +0

8,258 +7

1,240 +4