dns-rebind-toolkit by brannondorsey

A front-end JavaScript toolkit for creating DNS rebinding attacks.

created at June 19, 2018, 2:06 a.m.

24 +0

481 +0

93 +0

xxe-injection-payload-list by payloadbox

🎯 XML External Entity (XXE) Injection Payload List

created at Nov. 19, 2019, 5:04 a.m.

24 +0

1,021 +2

281 +0

whonow by brannondorsey

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

created at April 1, 2018, 12:11 a.m.

22 +0

612 +0

102 +0

Webshell-Sniper by WangYihang

Manage your website via terminal

created at July 24, 2017, 9:13 a.m.

21 +0

421 +1

123 +0

BadLibrary by SecureSkyTechnology

vulnerable web application for training

created at Dec. 13, 2017, 6:43 a.m.

20 +0

57 +0

7 +0

JoomlaScan by drego85

A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.

created at Feb. 11, 2016, 9:28 p.m.

20 +0

200 +2

67 +0

mutual-tls-ssl by Hakky54

🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC, WebSocket and ElasticSearch examples are included

created at Nov. 11, 2018, 7:07 p.m.

19 +0

541 +1

121 +0

open-redirect-payload-list by payloadbox

🎯 Open Redirect Payload List

created at Aug. 15, 2019, 3:29 p.m.

19 +0

496 +1

173 +0

DVCS-Pillage by evilpacket

Pillage web accessible GIT, HG and BZR repositories

created at June 18, 2011, 8:04 p.m.

16 +0

313 +0

63 +0

cssInjection by dxa4481

Stealing CSRF tokens with CSS injection (without iFrames)

created at Feb. 4, 2018, 4:09 a.m.

15 +0

313 +0

53 +0

dtd-finder by GoSecure

List DTDs and generate XXE payloads using those local DTDs.

created at July 15, 2019, 8:13 p.m.

14 +0

582 +0

103 +0

bXSS by LewisArdern

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

created at Dec. 13, 2017, 11:49 p.m.

14 +0

484 +0

64 -5

IPObfuscator by OsandaMalith

A simple tool to convert the IP to a DWORD IP

created at April 30, 2016, 11:32 p.m.

9 +0

136 +0

46 +0

Reverse-Shell-Manager by WangYihang

A multiple reverse shell session/client manager via terminal

created at Oct. 23, 2017, 1:41 a.m.

8 +0

235 +1

66 +0

cefdebug by taviso

Minimal code to connect to a CEF debugger.

created at Oct. 3, 2019, 2:09 p.m.

7 +0

191 +1

19 +0

VWGen by qazbnm456

Vulnerable Web applications Generator

created at April 12, 2016, 4:06 p.m.

7 +0

84 +0

18 +0

GSDF by We5ter

A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具

created at Dec. 19, 2016, 4:58 p.m.

7 +0

174 +0

57 +0

pwngitmanager by allyshka

Git manager for pentesters

created at Feb. 25, 2016, 6:14 a.m.

6 +0

107 +0

22 +0

Dockerfiles by espi0n

None

created at Sept. 26, 2017, 3:54 p.m.

5 +0

37 +0

3 +0

XSS.png by LucaBongiorni

A XSS mind map ;)

created at Jan. 16, 2016, 7:47 a.m.

5 +0

57 +0

143 +0