A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Python
Updated Aug 19, 2019
Automated pentest framework for offensive security experts
Shell
Updated Aug 6, 2019
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesti…
BitBake
Updated Nov 2, 2018
A list of interesting payloads, tips and tricks for bug bounty hunters.
Updated Mar 15, 2019
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Python
Updated Aug 16, 2019
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to a…
Updated Aug 18, 2019
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Updated Jul 8, 2019
Automated NoSQL database enumeration and web application exploitation tool.
Python
Updated Aug 13, 2019
Find exploits in local and online databases instantly
Shell
Updated Feb 1, 2019
Scan for open AWS S3 buckets and dump the contents
Python
Updated Jul 13, 2019
Security Tool to Look For Interesting Files in S3 Buckets
Python
Updated Jun 19, 2019
Automatically brute force all services running on a target.
Shell
Updated Apr 16, 2019
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
C
Updated Dec 13, 2017
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
HTML
Updated Jan 28, 2019
Subdomain Takeover tool written in Go
Go
Updated Jul 31, 2019
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code a…
JavaScript
Updated May 23, 2019
Penetration tests cases, resources and guidelines.
Updated Jul 26, 2019
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
PHP
Updated Jun 22, 2019
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work …
Python
Updated Jul 12, 2019
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Python
Updated Nov 8, 2018
Multi Tool Subdomain Enumeration
#47
opened Jun 16, 2019 by
mzfr
Python
Updated Jun 20, 2019
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple wa…
Java
Updated Aug 19, 2019
A Powerful Subdomain Takeover Tool
Go
Updated Aug 30, 2018
OneForAll是一款功能强大的子域收集工具
#8
opened Aug 13, 2019 by
l3m0n
1
Python
Updated Aug 20, 2019
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Python
Updated May 16, 2019
Collection of small security tools created mostly in Python. CTFs, pentests and so on
Python
Updated Aug 16, 2019
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if t…
Shell
Updated Jun 26, 2019
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Updated Dec 26, 2018
A big list of Android Hackerone disclosed reports and other resources.
Updated Jul 27, 2019
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Python
Updated Jul 18, 2018