godzeo/swagger-scan

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/godzeo/swagger-scan)

godzeo / swagger-scan

对在测试中常见的swagger页面泄露，进行批量的测试，未授权和被动扫描

☆145

Alternatives and similar repositories for swagger-scan

Users that are interested in swagger-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

godzeo / MULTIPLEXING_PORT
View on GitHub
在极端限制出网情况下，可以使用端口复用的技术
☆22Oct 5, 2022Updated 3 years ago
godzeo / ArsenalWeb
View on GitHub
☆21Jul 12, 2021Updated 4 years ago
lemonlove7 / EHole_magic
View on GitHub
EHole(棱洞)魔改。可对路径进行指纹识别；支持识别出来的重点资产进行漏洞检测(支持从hunter和fofa中提取资产)支持对ftp服务识别及爆破
☆965Mar 6, 2024Updated 2 years ago
godzeo / shiro_cb_memshell
View on GitHub
使用shiro无CC依赖的CB1直接写入冰蝎马支持tomcat、spring
☆36Mar 11, 2023Updated 3 years ago
lijiejie / swagger-exp
View on GitHub
A Swagger API Exploit
☆1,379Jun 7, 2024Updated 2 years ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
vaycore / OneScan
View on GitHub
OneScan 是一款用于递归目录扫描的 BurpSuite 插件
☆1,251Jun 24, 2025Updated 11 months ago
AbelChe / cola_dnslog
View on GitHub
Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探测辅助平台完全开源 dnslog httplog ldaplog rmilog 支持dns http ldap rmi等协议提供API调用方式便于与其他工具结合支持钉钉机器人、Bark等提醒…
☆502Feb 6, 2023Updated 3 years ago
smxiazi / xia_Yue
View on GitHub
burp 插件 xia_Yue（瞎越）主要用于测试越权、未授权
☆696Aug 27, 2024Updated last year
AabyssZG / SpringBoot-Scan
View on GitHub
针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具
☆2,292Nov 9, 2025Updated 7 months ago
a1phaboy / FastjsonScan
View on GitHub
Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
☆1,057Oct 7, 2022Updated 3 years ago
yuyan-sec / druid_sessions
View on GitHub
获取 alibaba druid 一些 sessions , sql , urls
☆325Apr 4, 2025Updated last year
LittleBear4 / OA-EXPTOOL
View on GitHub
OA综合利用工具，集合将近20款OA漏洞批量扫描
☆1,344Oct 28, 2023Updated 2 years ago
KimJun1010 / WeblogicTool
View on GitHub
WeblogicTool，GUI漏洞利用工具，支持漏洞检测、命令执行、内存马注入、密码解密等（深信服深蓝实验室天威战队强力驱动）
☆1,792Nov 1, 2023Updated 2 years ago
yuLinnnn / ExifScan
View on GitHub
右键检测图片是否存在Exif漏洞
☆30Mar 27, 2023Updated 3 years ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
gh0stkey / HaE
View on GitHub
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations. 赋能白帽，高效作战！
☆4,218Jun 9, 2026Updated last week
G0mini / Jmc_Tools
View on GitHub
分享极梦C团队写的一些使用工具
☆58Nov 6, 2023Updated 2 years ago
f0ng / autoDecoder
View on GitHub
Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。
☆1,404Apr 14, 2026Updated 2 months ago
m-sec-org / EZ
View on GitHub
EZ是一款集信息收集、端口扫描、服务暴破、URL爬虫、指纹识别、被动扫描为一体的跨平台漏洞扫描器。
☆1,055Jan 17, 2025Updated last year
Tsojan / TsojanScan
View on GitHub
An integrated BurpSuite vulnerability detection plug-in.
☆1,518Jan 29, 2026Updated 4 months ago
whwlsfb / JDumpSpider
View on GitHub
HeapDump敏感信息提取工具
☆1,660Dec 15, 2025Updated 6 months ago
sectest2024 / leakinfo_finder
View on GitHub
☆175Oct 8, 2024Updated last year
F6JO / RouteVulScan
View on GitHub
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
☆1,324Jun 29, 2024Updated last year
c0olw / NacosRce
View on GitHub
Nacos JRaft Hessian 反序列化 RCE 加载字节码注入内存马不出网利用
☆851Jul 7, 2023Updated 2 years ago
Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
savior-only / Spring_All_Reachable
View on GitHub
Spring漏洞综合利用工具
☆676Jul 5, 2023Updated 2 years ago
iamHuFei / HVVault
View on GitHub
梳理【护网高利用率POC】并集成Nuclei模板仓库，针对解决网上同一资产漏洞一键检测工具参次不齐问题。
☆578Mar 21, 2024Updated 2 years ago
jayus0821 / swagger-hack
View on GitHub
自动化爬取并自动测试所有swagger接口
☆1,179Dec 1, 2025Updated 6 months ago
dark-kingA / cloudTools
View on GitHub
云资产管理工具目前工具定位是云安全相关工具，目前是两个模块云存储工具、云服务工具，云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等云服务工具主要是针对rds、服务器的管理，查看、执行命令、接管等等
☆1,156Feb 26, 2026Updated 3 months ago
smxiazi / xia_sql
View on GitHub
xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。
☆1,274May 18, 2023Updated 3 years ago
shuanx / BurpAPIFinder
View on GitHub
攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
☆1,438Oct 3, 2024Updated last year
Y0-kan / YoScan
View on GitHub
YoScan是一款综合性资产收集工具
☆65Mar 24, 2024Updated 2 years ago
nOnExiaoyu / YQScan
View on GitHub
语雀敏感信息泄露搜索工具
☆19Jan 20, 2023Updated 3 years ago
f0ng / captcha-killer-modified
View on GitHub
captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite
☆1,932Aug 26, 2025Updated 9 months ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
chainreactors / urlfounder
View on GitHub
Fast passive URL enumeration tool.
☆86Jun 6, 2023Updated 3 years ago
SummerSec / ShiroAttack2
View on GitHub
shiro反序列化漏洞综合利用（仅限授权测试使用）
☆2,551Jun 4, 2026Updated last week
wyzxxz / heapdump_tool
View on GitHub
heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等
☆1,449May 21, 2024Updated 2 years ago
eeeeeeeeee-code / e0e1-wx
View on GitHub
微信小程序辅助渗透-自动化
☆2,057May 26, 2026Updated 2 weeks ago
Ryze-T / Sylas
View on GitHub
数据库综合利用工具
☆544Feb 16, 2022Updated 4 years ago
EdgeSecurityTeam / EHole
View on GitHub
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
☆3,481Apr 2, 2024Updated 2 years ago
AabyssZG / Web-SurvivalScan
View on GitHub
对Web渗透项目资产进行快速存活验证
☆593Dec 9, 2024Updated last year