godzeo/swagger-scan

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/godzeo/swagger-scan)

godzeo / swagger-scan

对在测试中常见的swagger页面泄露，进行批量的测试，未授权和被动扫描

☆149

Alternatives and similar repositories for swagger-scan

Users that are interested in swagger-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

godzeo / MULTIPLEXING_PORT
View on GitHub
在极端限制出网情况下，可以使用端口复用的技术
☆22Oct 5, 2022Updated 3 years ago
godzeo / ArsenalWeb
View on GitHub
☆21Jul 12, 2021Updated 4 years ago
godzeo / shiro_cb_memshell
View on GitHub
使用shiro无CC依赖的CB1直接写入冰蝎马支持tomcat、spring
☆35Mar 11, 2023Updated 3 years ago
lemonlove7 / EHole_magic
View on GitHub
EHole(棱洞)魔改。可对路径进行指纹识别；支持识别出来的重点资产进行漏洞检测(支持从hunter和fofa中提取资产)支持对ftp服务识别及爆破
☆951Mar 6, 2024Updated 2 years ago
lijiejie / swagger-exp
View on GitHub
A Swagger API Exploit
☆1,369Jun 7, 2024Updated last year
Virtual machines for every use case on DigitalOcean • Ad
Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
vaycore / OneScan
View on GitHub
OneScan 是一款用于递归目录扫描的 BurpSuite 插件
☆1,235Jun 24, 2025Updated 9 months ago
AbelChe / cola_dnslog
View on GitHub
Cola Dnslog v1.3.2 更加强大的dnslog平台/无回显漏洞探测辅助平台完全开源 dnslog httplog ldaplog rmilog 支持dns http ldap rmi等协议提供API调用方式便于与其他工具结合支持钉钉机器人、Bark等提醒…
☆501Feb 6, 2023Updated 3 years ago
smxiazi / xia_Yue
View on GitHub
burp 插件 xia_Yue（瞎越）主要用于测试越权、未授权
☆675Aug 27, 2024Updated last year
AabyssZG / SpringBoot-Scan
View on GitHub
针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具
☆2,248Nov 9, 2025Updated 4 months ago
a1phaboy / FastjsonScan
View on GitHub
Fastjson扫描器，可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
☆1,050Oct 7, 2022Updated 3 years ago
LittleBear4 / OA-EXPTOOL
View on GitHub
OA综合利用工具，集合将近20款OA漏洞批量扫描
☆1,339Oct 28, 2023Updated 2 years ago
KimJun1010 / WeblogicTool
View on GitHub
WeblogicTool，GUI漏洞利用工具，支持漏洞检测、命令执行、内存马注入、密码解密等（深信服深蓝实验室天威战队强力驱动）
☆1,777Nov 1, 2023Updated 2 years ago
yuLinnnn / ExifScan
View on GitHub
右键检测图片是否存在Exif漏洞
☆31Mar 27, 2023Updated 2 years ago
yuyan-sec / druid_sessions
View on GitHub
获取 alibaba druid 一些 sessions , sql , urls
☆313Apr 4, 2025Updated 11 months ago
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
gh0stkey / HaE
View on GitHub
HaE - Highlighter and Extractor, Empower ethical hacker for efficient operations.
☆4,116Mar 19, 2026Updated last week
f0ng / autoDecoder
View on GitHub
Burp插件，根据自定义来达到对数据包的处理（适用于加解密、爆破等），类似mitmproxy，不同点在于经过了burp中转，在自动加解密的基础上，不影响APP、网站加解密正常逻辑等。
☆1,341Dec 14, 2025Updated 3 months ago
m-sec-org / EZ
View on GitHub
EZ是一款集信息收集、端口扫描、服务暴破、URL爬虫、指纹识别、被动扫描为一体的跨平台漏洞扫描器。
☆1,034Jan 17, 2025Updated last year
G0mini / Jmc_Tools
View on GitHub
分享极梦C团队写的一些使用工具
☆57Nov 6, 2023Updated 2 years ago
Tsojan / TsojanScan
View on GitHub
An integrated BurpSuite vulnerability detection plug-in.
☆1,463Jan 29, 2026Updated last month
whwlsfb / JDumpSpider
View on GitHub
HeapDump敏感信息提取工具
☆1,638Dec 15, 2025Updated 3 months ago
sectest2024 / leakinfo_finder
View on GitHub
☆177Oct 8, 2024Updated last year
F6JO / RouteVulScan
View on GitHub
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
☆1,313Jun 29, 2024Updated last year
c0olw / NacosRce
View on GitHub
Nacos JRaft Hessian 反序列化 RCE 加载字节码注入内存马不出网利用
☆847Jul 7, 2023Updated 2 years ago
NordVPN Threat Protection Pro™ • Ad
Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
savior-only / Spring_All_Reachable
View on GitHub
Spring漏洞综合利用工具
☆674Jul 5, 2023Updated 2 years ago
iamHuFei / HVVault
View on GitHub
梳理【护网高利用率POC】并集成Nuclei模板仓库，针对解决网上同一资产漏洞一键检测工具参次不齐问题。
☆577Mar 21, 2024Updated 2 years ago
jayus0821 / swagger-hack
View on GitHub
自动化爬取并自动测试所有swagger接口
☆1,170Dec 1, 2025Updated 3 months ago
dark-kingA / cloudTools
View on GitHub
云资产管理工具目前工具定位是云安全相关工具，目前是两个模块云存储工具、云服务工具，云存储工具主要是针对oss存储、查看、删除、上传、下载、预览等等云服务工具主要是针对rds、服务器的管理，查看、执行命令、接管等等
☆1,145Feb 26, 2026Updated last month
shuanx / BurpAPIFinder
View on GitHub
攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
☆1,382Oct 3, 2024Updated last year
smxiazi / xia_sql
View on GitHub
xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。
☆1,238May 18, 2023Updated 2 years ago
Y0-kan / YoScan
View on GitHub
YoScan是一款综合性资产收集工具
☆66Mar 24, 2024Updated 2 years ago
nOnExiaoyu / YQScan
View on GitHub
语雀敏感信息泄露搜索工具
☆19Jan 20, 2023Updated 3 years ago
SummerSec / ShiroAttack2
View on GitHub
shiro反序列化漏洞综合利用,包含（回显执行命令/注入内存马）修复原版中NoCC的问题 https://github.com/j1anFen/shiro_attack
☆2,396Apr 10, 2024Updated last year
DigitalOcean Gradient AI Platform • Ad
Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
f0ng / captcha-killer-modified
View on GitHub
captcha-killer的修改版，支持关键词识别base64编码的图片，添加免费ocr库，用于验证码爆破，适配新版Burpsuite
☆1,880Aug 26, 2025Updated 7 months ago
eeeeeeeeee-code / e0e1-wx
View on GitHub
微信小程序辅助渗透-自动化
☆1,842Oct 13, 2025Updated 5 months ago
chainreactors / urlfounder
View on GitHub
Fast passive URL enumeration tool.
☆86Jun 6, 2023Updated 2 years ago
wyzxxz / heapdump_tool
View on GitHub
heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等
☆1,436May 21, 2024Updated last year
Ryze-T / Sylas
View on GitHub
数据库综合利用工具
☆543Feb 16, 2022Updated 4 years ago
AabyssZG / Web-SurvivalScan
View on GitHub
对Web渗透项目资产进行快速存活验证
☆583Dec 9, 2024Updated last year
EdgeSecurityTeam / EHole
View on GitHub
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
☆3,448Apr 2, 2024Updated last year