trickest / find-gh-poc

Related projects: ⓘ

• mschwager / route-detect
  Find authentication (authn) and authorization (authz) security bugs in web application routes.
  ☆250Updated 2 months ago
• pry0cc / proteus
  A projectdiscovery driven attack surface monitoring bot powered by axiom
  ☆175Updated 2 years ago
• pentagridsec / PentagridScanController
  Improve automated and semi-automated active scanning in Burp Pro
  ☆60Updated 2 years ago
• cybervelia / graphicator
  A GraphQL enumeration and extraction tool
  ☆127Updated last year
• usdAG / FlowMate
  FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…
  ☆151Updated 3 weeks ago
• akabe1 / OAUTHScan
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security
  ☆169Updated 3 months ago
• h4wkst3r / SCMKit
  Source Code Management Attack Toolkit
  ☆209Updated last year
• Anof-cyber / Pentest-Mapper
  A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabiliti…
  ☆110Updated last year
• dbrwsky / Nuclei-BurpExtension
  Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.
  ☆115Updated last year
• hahwul / RegexPassive
  🔭 Collection of regexp pattern for security passive scanning
  ☆110Updated last year
• trickest / log4j
  Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.
  ☆112Updated 2 years ago
• wdahlenburg / interactsh-collaborator
  Burpsuite plugin for Interact.sh
  ☆197Updated 2 months ago
• osmedeus / osmedeus-base
  Build your own reconnaissance system with Osmedeus Next Generation
  ☆177Updated 3 months ago
• PortSwigger / auth-analyzer
  ☆72Updated 4 months ago
• projectdiscovery / interactsh-web
  Web dashboard for Interactsh client
  ☆188Updated this week
• JaimePolop / RExpository
  ☆70Updated 2 months ago
• projectdiscovery / tldfinder
  A streamlined tool for discovering TLDs, associated domains, and related domain names.
  ☆103Updated this week
• dhn / udon
  A simple tool that helps to find assets/domains based on the Google Analytics ID.
  ☆166Updated 4 months ago
• DevSecOpsDocs / nuclearpond
  Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.
  ☆169Updated 8 months ago
• projectdiscovery / openrisk
  openrisk is a tool that generates a risk score based on the results of a Nuclei scan.
  ☆162Updated 4 months ago
• Static-Flow / BurpSuiteAutoCompletion
  This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
  ☆162Updated 3 years ago
• trickest / mksub
  Generate tens of thousands of subdomain combinations in a matter of seconds
  ☆251Updated 11 months ago
• osmedeus / osmedeus-workflow
  Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
  ☆67Updated 4 months ago
• elttam / semgrep-rules
  ☆173Updated 6 months ago
• d3mondev / burp-vps-proxy
  This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.
  ☆237Updated last year
• Brum3ns / firefly
  Black box fuzzer for web applications
  ☆395Updated 2 months ago
• EasyRecon / Hunt3r
  Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework
  ☆161Updated last year
• assetnote / exploits
  Repository to store exploits created by Assetnotes Security Research team
  ☆175Updated 10 months ago
• 0xmoot / s3sec
  Check AWS S3 instances for read/write/delete access
  ☆119Updated 2 years ago
• pruzko / hakuin
  A blazing fast Blind SQL Injection optimization and automation framework.
  ☆115Updated last month