Webshell-Sniper by WangYihang

Manage your website via terminal

created at July 24, 2017, 9:13 a.m.

21 +0

421 +1

123 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

created at April 1, 2018, 12:11 a.m.

22 +0

612 +0

102 +0

dns-rebind-toolkit by brannondorsey

A front-end JavaScript toolkit for creating DNS rebinding attacks.

created at June 19, 2018, 2:06 a.m.

24 +0

481 +0

93 +0

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

created at Nov. 19, 2019, 5:04 a.m.

24 +0

1,021 +2

281 +0

JShell by UltimateHackers

JShell - Get a JavaScript shell with XSS.

created at Feb. 26, 2018, 1:40 p.m.

25 +0

504 +3

140 +0

dref by mwrlabs

DNS Rebinding Exploitation Framework

created at June 26, 2018, 10:09 a.m.

25 +0

481 +0

71 +0

singularity by nccgroup

A DNS rebinding attack framework.

created at June 5, 2018, 9:04 p.m.

32 +0

974 +0

136 +0

nano by UltimateHackers

Nano is a family of PHP web shells which are code golfed for stealth.

created at May 25, 2018, 3:17 p.m.

32 +0

429 +0

95 +0

reverse-shell by lukechilds

Reverse Shell as a Service

created at Sept. 13, 2017, 11:38 a.m.

33 +0

1,789 +2

230 -1

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

633 +0

101 +0

uxss-db by Metnew

🔪Browser logic vulnerabilities :skull_and_crossbones:

created at Oct. 27, 2017, 5:32 p.m.

35 +0

675 +0

97 +0

dirhunt by Nekmo

Find web directories without bruteforce

created at Jan. 5, 2018, 1:05 a.m.

35 +0

1,707 +6

234 +3

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

created at Aug. 21, 2018, 5:49 a.m.

36 +0

978 +4

188 +3

raven by 0x09AL

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

created at Aug. 22, 2017, 3:41 p.m.

39 +0

767 -1

162 +0

acra by cossacklabs

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

created at Nov. 14, 2016, 4:23 p.m.

40 +0

1,298 +1

127 +1

a2sv by hahwul

Auto Scanning to SSL Vulnerability

created at Jan. 25, 2016, 7:15 a.m.

45 +0

610 +0

166 +0

malware-jail by HynekPetrak

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

created at Jan. 10, 2016, 10:41 p.m.

46 +0

453 +0

99 +0

dvcs-ripper by kost

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

created at Oct. 23, 2012, 4:55 a.m.

52 -1

1,648 +1

308 +0

aws_pwn by dagrz

A collection of AWS penetration testing junk

created at Oct. 18, 2016, 3:14 a.m.

52 +0

1,122 -1

188 +0

ctftool by taviso

Interactive CTF Exploration Tool

created at June 7, 2019, 3:39 a.m.

60 +0

1,631 +0

276 -1