Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Scrapy, a fast high-level web crawling & scraping framework for Python.
cliffe / SecGen
Forked from SecGen/SecGenCreate randomly insecure VMs
cve-search - a tool to perform local searches for known vulnerabilities
SSRF (Server Side Request Forgery) testing resources
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Convolutional neural network for analyzing pentest screenshots
Active Directory Integrated DNS dumping by any authenticated user
Create tar/zip archives that can exploit directory traversal vulnerabilities
A library for detecting known secrets across many web frameworks
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible t…
Grammar-based HTTP/1 fuzzer with mutation ability
HeapHopper is a bounded model checking framework for Heap-implementations
OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website.
SALT - SLUB ALlocator Tracer for the Linux kernel
jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.
Home Assistant SunPower Integration using the local installer ethernet interface.
A framework built on top of Burp's Python Scripter extension.