frogy – subdomain enumeration script My goal is to create an open-source Attack Surface Management solution and...
WebApp PenTest
s3sec Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list...
Nuclei plugin for BurpSuite A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher...
shfz A scenario-based web application fuzzing tool that supports fuzz generation by genetic algorithm. Features Easy to...
Nuclei – Burp Extension A simple extension that allows to run nuclei scanner directly from burp and...
Request smuggler – Http request smuggling vulnerability scanner Based on the amazing research by James Kettle. The tool can help...
ICG-AutoExploiterBoT OsCommerce Exploits 💥 – OsCommerce 2.x Core RCE Drupal Exploits 💥 – Drupal Add admin – Drupal BruteForcer...
cherrybomb Cherrybomb is a CLI tool that helps you avoid undefined user behavior by validating your API...
SecureBank SecureBank is a FinTech application which contains all OWASP TOP 10 security vulnerabilities along with some...
jwt-hack jwt-hack is a tool for hacking/security testing to JWT. Supported for En/decoding JWT, Generate payload for...
vAPI vAPI is a Vulnerable Adversely Programmed Interface which is a Self-Hostable API that mimics OWASP API...
presshell – Quick & dirty WordPress Command Execution Shell Execute shell commands on your wordpress server. The...
GitLab Watchman GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive...
authz0 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and...
HEY SERIAL! Programmatically create hunting rules for deserialization exploitation with multiple keywords (e.g. cmd.exe) gadget chains (e.g....