wireghoul / graudit

Related projects: ⓘ

• gquere / pwn_jenkins
  Notes about attacking Jenkins servers
  ☆1,949Updated 2 months ago
• epinna / tplmap
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆3,739Updated 4 months ago
• snoopysecurity / awesome-burp-extensions
  A curated list of amazingly awesome Burp Extensions
  ☆2,943Updated 2 months ago
• infosec-au / altdns
  Generates permutations, alterations and mutations of subdomains and then resolves them
  ☆2,299Updated 4 months ago
• cujanovic / SSRF-Testing
  SSRF (Server Side Request Forgery) testing resources
  ☆2,335Updated last year
• wireghoul / dotdotpwn
  DotDotPwn - The Directory Traversal Fuzzer
  ☆973Updated last year
• mandatoryprogrammer / xsshunter
  The XSS Hunter service - a portable version of XSSHunter.com
  ☆1,472Updated last year
• 1N3 / IntruderPayloads
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,636Updated 2 years ago
• swisskyrepo / SSRFmap
  Automatic SSRF fuzzer and exploitation tool
  ☆2,937Updated 3 months ago
• haccer / subjack
  Subdomain Takeover tool written in Go
  ☆1,892Updated last year
• wagiro / BurpBounty
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,657Updated 4 months ago
• nccgroup / singularity
  A DNS rebinding attack framework.
  ☆1,018Updated 3 months ago
• bugcrowd / HUNT
  ☆2,163Updated 9 months ago
• sleventyeleven / linuxprivchecker
  linuxprivchecker.py -- a Linux Privilege Escalation Check Script
  ☆1,545Updated 2 years ago
• RedSiege / EyeWitness
  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  ☆4,905Updated last month
• PortSwigger / param-miner
  ☆1,203Updated last week
• BuffaloWill / oxml_xxe
  A tool for embedding XXE/XML exploits into different filetypes
  ☆1,030Updated 2 months ago
• EdOverflow / can-i-take-over-xyz
  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
  ☆4,756Updated last week
• PortSwigger / http-request-smuggler
  ☆950Updated 9 months ago
• codingo / Reconnoitre
  A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…
  ☆2,101Updated last year
• jondonas / linux-exploit-suggester-2
  Next-Generation Linux Kernel Exploit Suggester
  ☆1,836Updated last year
• techgaun / github-dorks
  Find leaked secrets via github search
  ☆2,760Updated 9 months ago
• PortSwigger / turbo-intruder
  Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
  ☆1,459Updated this week
• michenriksen / aquatone
  A Tool for Domain Flyovers
  ☆5,604Updated 2 years ago
• 0xInfection / XSRFProbe
  The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
  ☆1,089Updated 4 months ago
• GerbenJavado / LinkFinder
  A python script that finds endpoints in JavaScript files
  ☆3,638Updated 5 months ago
• doyensec / inql
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,519Updated 2 months ago
• sa7mon / S3Scanner
  Scan for misconfigured S3 buckets across S3-compatible APIs!
  ☆2,507Updated this week
• bluscreenofjeff / Red-Team-Infrastructure-Wiki
  Wiki to collect Red Team infrastructure hardening resources
  ☆4,098Updated 5 months ago
• wisec / domxsswiki
  Automatically exported from code.google.com/p/domxsswiki
  ☆515Updated 6 years ago