SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
☆17Feb 10, 2016Updated 10 years ago
Alternatives and similar repositories for SecLists
Users that are interested in SecLists are comparing it to the libraries listed below
Sorting:
- The PDF Metadata Burp Extension provides an additional passive Scanner check for metadata in PDF files.☆11Jan 10, 2017Updated 9 years ago
- ☆13May 28, 2013Updated 12 years ago
- A script that parses nmap.xml output, identifies all SSL services and automatically performs an sslscan of each service☆14Jul 2, 2025Updated 8 months ago
- A tool for automated MITM attacks on SSL connections.☆22May 18, 2012Updated 13 years ago
- Repository aimed to compile scripts and tools that can be used during penetration tests to assess the security of different flash related…☆10Jan 5, 2015Updated 11 years ago
- Generates Flash based CORS CSRF Proof of Concepts that can be sent directly to clients☆14Jul 3, 2013Updated 12 years ago
- ☆12May 24, 2015Updated 10 years ago
- It checks how secure the program you made is and shows how vulnerable your program is.☆20Apr 20, 2017Updated 8 years ago
- Custom stagers with python encrypting proxy☆40May 25, 2015Updated 10 years ago
- Analyzes open source bug trackers for interesting vulnerabilities☆23Feb 3, 2015Updated 11 years ago
- Simple proxy designed to intercept and modify connections on the transport level. This means you can also modify TLS raw bytes.☆17Dec 13, 2021Updated 4 years ago
- Tutorial for Node.js security☆21Sep 4, 2020Updated 5 years ago
- Tools for NTDS.dit☆17Apr 26, 2018Updated 7 years ago
- Decrypt MITM SSL RDP and save to pcap☆53May 1, 2014Updated 11 years ago
- Local privilege escalation scripts and tools☆17Aug 4, 2016Updated 9 years ago
- Working Rsh Client With Bind/Reverse Shell☆19Sep 15, 2015Updated 10 years ago
- Vulnerable Grails application☆43Jun 12, 2015Updated 10 years ago
- A websocket proxy☆55Nov 13, 2017Updated 8 years ago
- Tiny payload for transfer via LOKI - Provides high speed Virtual Channel two way file transfer capabilities☆27Feb 23, 2015Updated 11 years ago
- Speeds up the extraction of password hashes from ntds.dit files. For use with the ntdsxtract project or the dshash script☆27Feb 1, 2024Updated 2 years ago
- A scoreboard for Security CTF events☆37Dec 11, 2012Updated 13 years ago
- Image size issues plugin for Burp Suite☆95Jun 27, 2018Updated 7 years ago
- Windows Offline Common Password Hash Checker☆29Aug 9, 2016Updated 9 years ago
- A plugin that provides resources for beginners to learn reverse engineering using Binary Ninja. It automatically installs several other p…☆26Aug 22, 2017Updated 8 years ago
- Things I've coded, or use (cause I can't find them online anymore)☆32May 25, 2012Updated 13 years ago
- Clickjacking Proof-of-Concept Exploit☆25Oct 1, 2020Updated 5 years ago
- A security scanner for Wordpress blogging engine☆32May 11, 2016Updated 9 years ago
- Find a useable IP address to use☆30Jul 4, 2014Updated 11 years ago
- ☆64Feb 12, 2022Updated 4 years ago
- Secure Coding Rules for Java☆31Oct 20, 2025Updated 4 months ago
- µphisher spear phishing tool (reference implementation)☆40Jun 26, 2020Updated 5 years ago
- ☆37Feb 12, 2018Updated 8 years ago
- A JRuby implementation of the BurpExtender interface for PortSwigger Burp Suite.☆58May 1, 2015Updated 10 years ago
- A tool to analyse JMX API security level.☆43Jul 23, 2014Updated 11 years ago
- MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.☆31May 10, 2016Updated 9 years ago
- A multi-codec media fuzzing tool.☆43Oct 9, 2012Updated 13 years ago
- This is where we work on the newsletter☆28Dec 2, 2017Updated 8 years ago
- PFI (Port Forwarding Interceptor)☆46Jan 29, 2026Updated last month
- Web shells for use in penetration testing☆41Mar 5, 2015Updated 10 years ago