Tools and resources for web app hacking. The payloads.txt documents are a must have for your Burpsuite intruder payload armory. They've helped me discover some stubborn and well hidden XSS vulnerabilities.
☆28Jun 10, 2019Updated 6 years ago
Alternatives and similar repositories for web-app
Users that are interested in web-app are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- this contain the burp pack☆208Jan 25, 2017Updated 9 years ago
- Tool for checking reflecting Parameters in a URL.☆10Aug 31, 2020Updated 5 years ago
- A curated list of amazingly bug bounty tips from security researchers around the world.☆105Mar 14, 2019Updated 7 years ago
- ☆19Apr 29, 2019Updated 6 years ago
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆118Dec 23, 2025Updated 3 months ago
- NordVPN Threat Protection Pro™ • AdTake your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
- A sub-domain enumeration tool☆20May 18, 2020Updated 5 years ago
- SubR3con is a script written in python. It uses Sublist3r to enumerate all subdomains of a specific target and then it checks for status …☆18Jul 23, 2019Updated 6 years ago
- Automate Recon process using Shell Scripting☆11Nov 26, 2021Updated 4 years ago
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆107Feb 11, 2019Updated 7 years ago
- ☆31Feb 10, 2020Updated 6 years ago
- $ curl -sL sub.sh | bash☆17Aug 7, 2023Updated 2 years ago
- This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…☆52Mar 2, 2020Updated 6 years ago
- Insecure Deserialization, PDF and lab☆18Nov 19, 2019Updated 6 years ago
- -☆11Nov 21, 2020Updated 5 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Cheat Sheets, Metodologies etc.☆19Apr 12, 2019Updated 6 years ago
- burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz☆63Dec 4, 2018Updated 7 years ago
- Collection of tips, tools and tutorials around infosec☆29May 18, 2017Updated 8 years ago
- A collection of scripts to extend Burp Suite☆142Apr 8, 2019Updated 6 years ago
- My Recon Automation☆194May 28, 2021Updated 4 years ago
- Resources I consider useful for security research of web applications☆61Dec 15, 2020Updated 5 years ago
- This repository is created for personal use and added tools from my blog post.☆14Aug 27, 2023Updated 2 years ago
- ☆11Dec 17, 2023Updated 2 years ago
- ☆23Jun 30, 2021Updated 4 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Enumerate AWS S3 buckets using different permutations☆17Jan 28, 2022Updated 4 years ago
- Official CTF for 44CON 2019☆17Jul 22, 2023Updated 2 years ago
- Proof of concept code for client-side vulnerabilities☆17Mar 14, 2019Updated 7 years ago
- Open Redirect Vulnerability Payload List☆10Feb 23, 2021Updated 5 years ago
- Burp Suite extension to discover assets from HTTP response.☆233Jan 22, 2025Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- A subdomain reconnaissance scanner☆36Dec 8, 2022Updated 3 years ago
- RECON Notes taking from every fucking book about bugbounty and web-app penetration testing exists☆19Feb 29, 2020Updated 6 years ago
- ☆21Nov 13, 2019Updated 6 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Local File Inclusion Burp-Suite Intruder Payload Generator Plugin☆40Oct 13, 2020Updated 5 years ago
- ASLR Evasion, Egghunters, SEH Overwrites☆29Mar 6, 2021Updated 5 years ago
- Subdomain Scan With Ping Method.☆46Dec 12, 2020Updated 5 years ago
- Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM,…☆16Oct 31, 2019Updated 6 years ago
- Take a list of URIs and print all the of the paths☆10Aug 16, 2020Updated 5 years ago
- This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, …☆53Mar 29, 2023Updated 2 years ago
- This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP…☆47Feb 27, 2019Updated 7 years ago