spaze/hashes

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/spaze/hashes)

spaze / hashes

Magic hashes – PHP hash "collisions"

☆822

Alternatives and similar repositories for hashes

Users that are interested in hashes are comparing it to the libraries listed below

Sorting:

ambionics / phpggc
View on GitHub
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
☆3,753Sep 29, 2025Updated 5 months ago
synacktiv / php_filter_chain_generator
View on GitHub
☆994Jan 23, 2023Updated 3 years ago
w181496 / Web-CTF-Cheatsheet
View on GitHub
Web CTF CheatSheet 🐈
☆2,934Oct 28, 2025Updated 4 months ago
epinna / tplmap
View on GitHub
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
☆4,123Apr 21, 2024Updated last year
BlackFan / client-side-prototype-pollution
View on GitHub
Prototype Pollution and useful Script Gadgets
☆1,589Jan 27, 2024Updated 2 years ago
pwntester / ysoserial.net
View on GitHub
Deserialization payload generator for a variety of .NET formatters
☆3,679Dec 23, 2024Updated last year
internetwache / GitTools
View on GitHub
A repository with 3 tools for pwn'ing websites with .git repositories available
☆4,128Jun 14, 2023Updated 2 years ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
ticarpi / jwt_tool
View on GitHub
A toolkit for testing, tweaking and cracking JSON Web Tokens
☆6,389May 1, 2025Updated 10 months ago
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
zigoo0 / JSONBee
View on GitHub
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
☆748May 6, 2024Updated last year
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,167May 26, 2023Updated 2 years ago
DominicBreuker / pspy
View on GitHub
Monitor linux processes without root permissions
☆5,902Updated this week
Paradoxis / Flask-Unsign
View on GitHub
Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
☆625Dec 3, 2024Updated last year
frohoff / ysoserial
View on GitHub
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
☆8,765Dec 4, 2025Updated 3 months ago
terjanq / Tiny-XSS-Payloads
View on GitHub
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
☆2,313Nov 29, 2024Updated last year
mm0r1 / exploits
View on GitHub
Pwn stuff.
☆1,804May 31, 2022Updated 3 years ago
GTFOBins / GTFOBins.github.io
View on GitHub
GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.
☆12,698Updated this week
wireghoul / htshells
View on GitHub
Self contained htaccess shells and attacks
☆1,075Feb 17, 2022Updated 4 years ago
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,082Aug 14, 2024Updated last year
cure53 / HTTPLeaks
View on GitHub
HTTPLeaks - All possible ways, a website can leak HTTP requests
☆2,098Jan 3, 2026Updated 2 months ago
wupco / PHP_INCLUDE_TO_SHELL_CHAR_DICT
View on GitHub
☆349Jan 24, 2023Updated 3 years ago
peass-ng / PEASS-ng
View on GitHub
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
☆19,384Updated this week
RsaCtfTool / RsaCtfTool
View on GitHub
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
☆6,800Feb 23, 2026Updated last week
jmdx / TLS-poison
View on GitHub
☆705Nov 27, 2024Updated last year
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆656Jun 29, 2025Updated 8 months ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
ambionics / wrapwrap
View on GitHub
Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.
☆236Oct 8, 2024Updated last year
orangetw / My-Presentation-Slides
View on GitHub
Collections of Orange Tsai's public presentation slides.
☆751Jan 1, 2025Updated last year
BishopFox / GadgetProbe
View on GitHub
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
☆613Mar 4, 2021Updated 5 years ago
orangetw / My-CTF-Web-Challenges
View on GitHub
Collection of CTF Web challenges I made
☆2,820Aug 31, 2025Updated 6 months ago
swisskyrepo / PayloadsAllTheThings
View on GitHub
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
☆75,690Updated this week
DominicBreuker / stego-toolkit
View on GitHub
Collection of steganography tools - helps with CTF challenges
☆2,640Nov 27, 2022Updated 3 years ago
calebstewart / pwncat
View on GitHub
Fancy reverse and bind shell handler
☆2,871Aug 9, 2024Updated last year
swisskyrepo / SSRFmap
View on GitHub
Automatic SSRF fuzzer and exploitation tool
☆3,489Sep 4, 2025Updated 6 months ago
pimps / JNDI-Exploit-Kit
View on GitHub
JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP S…
☆936Sep 2, 2025Updated 6 months ago
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
irsdl / httpninja
View on GitHub
HTTP.ninja
☆148Sep 3, 2023Updated 2 years ago
niklasb / libc-database
View on GitHub
Build a database of libc offsets to simplify exploitation
☆1,853Oct 23, 2024Updated last year