Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers....
WebApp PenTest
WebView2 Cookie Stealer The main advantage of using WebView2 for attackers is the rich functionality it provides...
awsEnum awsEnum is a python script that enumerates AWS services through the provided credential. It is coded...
Nali An offline tool for querying IP geographic information and CDN provider. Inspired by the Nali C...
chain-bench Chain-bench is an open-source tool for auditing your software supply chain stack for security compliance based...
Fofa Viewer A simple FOFA client written in JavaFX Features Support tabs Feature-rich Context Menu on items...
gowitness gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of...
Vulnerable API This is a Laravel App which I’ve used for several demos which is vulnerable to...
Admin Panel Finder A Burp Suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification:...
XSS Vulnerability Scenarios (challenges) This repository is a Dockerized php application containing some XSS vulnerability challenges. The...
WordPress webshell plugin for RCE A webshell plugin and interactive shell for pentesting a WordPress website. Features...
bitcrook Bitcrook is an open-source intelligence apparatus that aims to centralize all of the tools necessary to...
VAmPI The Vulnerable API (Based on OpenAPI 3) VAmPI is a vulnerable API made with Flask and it...
SoapUI What is SoapUI? SoapUI is a tool for testing Web Services; these can be the SOAP...
socialhunter Crawls the given URL and finds broken social media links that can be hijacked. Broken social...