CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on...
A DNS rebinding attack framework.
DNS Rebinding Exploitation Framework
Nano is a family of PHP web shells which are code golfed for stealth.
Database security suite for data-driven apps: database proxy with strong selective encryption, search through encrypted data,...
The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
The Browser Exploitation Framework Project
A collection of AWS penetration testing junk
WAScan - Web Application Scanner
Potentially dangerous files
Find web directories without bruteforce
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
Reconnaissance Swiss Army Knife
Incredibly fast crawler designed for OSINT.
Evaluate the security of S3 buckets
A XSS mind map ;)
Awesome XSS stuff
An Information Security Reference That Doesn't Suck
Decrypted content of eqgrp-auction-file.tar.xz
Some public notes
A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.
vulnerable web application for training
Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
This project has been moved to:
Reverse Shell as a Service
🔨 A multiple reverse shell session/client manager via terminal
🔨 Manage your website via terminal
Weaponized web shell
This is a webshell open source project
bXSS is a utility which can be used by bug hunters and organizations to identify Blind...
Scan your code for security misconfiguration, search for passwords and secrets. 🔍
Tool to scan for secret files on HTTP servers
Git manager for pentesters
Chrome extension and Express server that exploits keylogging abilities of CSS.
Audit git repos for secrets 🔑
Tool for advanced mining for content on Github
Pillage web accessible GIT, HG and BZR repositories
HTTPLeaks - All possible ways, a website can leak HTTP requests
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Most advanced XSS scanner.