Tools and resources for web app hacking. The payloads.txt documents are a must have for your Burpsuite intruder payload armory. They've helped me discover some stubborn and well hidden XSS vulnerabilities.
☆28Jun 10, 2019Updated 7 years ago
Alternatives and similar repositories for web-app
Users that are interested in web-app are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- this contain the burp pack☆210Jan 25, 2017Updated 9 years ago
- Tool for checking reflecting Parameters in a URL.☆10Aug 31, 2020Updated 5 years ago
- A curated list of amazingly bug bounty tips from security researchers around the world.☆107Mar 14, 2019Updated 7 years ago
- ☆20Apr 29, 2019Updated 7 years ago
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆123May 12, 2026Updated last month
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- A sub-domain enumeration tool☆20May 18, 2020Updated 6 years ago
- SubR3con is a script written in python. It uses Sublist3r to enumerate all subdomains of a specific target and then it checks for status …☆18Jul 23, 2019Updated 6 years ago
- Automate Recon process using Shell Scripting☆11Nov 26, 2021Updated 4 years ago
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆106Feb 11, 2019Updated 7 years ago
- ☆31Feb 10, 2020Updated 6 years ago
- $ curl -sL sub.sh | bash☆17Aug 7, 2023Updated 2 years ago
- Insecure Deserialization, PDF and lab☆18Nov 19, 2019Updated 6 years ago
- -☆11Nov 21, 2020Updated 5 years ago
- Cheat Sheets, Metodologies etc.☆19Apr 12, 2019Updated 7 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz☆63Dec 4, 2018Updated 7 years ago
- Collection of tips, tools and tutorials around infosec☆29May 18, 2017Updated 9 years ago
- A collection of scripts to extend Burp Suite☆142Apr 8, 2019Updated 7 years ago
- My Recon Automation☆194May 28, 2021Updated 5 years ago
- Resources I consider useful for security research of web applications☆61Dec 15, 2020Updated 5 years ago
- This repository is created for personal use and added tools from my blog post.☆14May 7, 2026Updated last month
- ☆11Dec 17, 2023Updated 2 years ago
- ☆23Jun 30, 2021Updated 4 years ago
- Enumerate AWS S3 buckets using different permutations☆17Jan 28, 2022Updated 4 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Official CTF for 44CON 2019☆17Jul 22, 2023Updated 2 years ago
- Proof of concept code for client-side vulnerabilities☆17Mar 14, 2019Updated 7 years ago
- Open Redirect Vulnerability Payload List☆12Feb 23, 2021Updated 5 years ago
- Burp Suite extension to discover assets from HTTP response.☆234Jan 22, 2025Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- A subdomain reconnaissance scanner☆36Dec 8, 2022Updated 3 years ago
- RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists☆19Feb 29, 2020Updated 6 years ago
- ☆21Nov 13, 2019Updated 6 years ago
- Local File Inclusion Burp-Suite Intruder Payload Generator Plugin☆41Oct 13, 2020Updated 5 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ASLR Evasion, Egghunters, SEH Overwrites☆29Mar 6, 2021Updated 5 years ago
- Subdomain Scan With Ping Method.☆46Dec 12, 2020Updated 5 years ago
- Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM,…☆16Oct 31, 2019Updated 6 years ago
- Take a list of URIs and print all the of the paths☆10Aug 16, 2020Updated 5 years ago
- This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, …☆54Mar 29, 2023Updated 3 years ago
- This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP…☆48Feb 27, 2019Updated 7 years ago
- Penetration Testing Playbook (PTP)☆177Jan 9, 2019Updated 7 years ago