Stars
🦊 I respect proton UI and aim to improve it.
A screencast tool to display your keys inspired by Screenflick
Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
Deserialization payload generator for a variety of .NET formatters
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
This repository holds all the list of advanced XSS payloads that can be used in penetration testing. These payloads can be loaded into XSS scanners as well.
🎯 XML External Entity (XXE) Injection Payload List
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Fetch all the URLs that the Wayback Machine knows about for a domain
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Take a list of domains and probe for working HTTP and HTTPS servers
In-depth attack surface mapping and asset discovery
Find domains and subdomains related to a given domain
A little tool to play with Windows security
A swiss army knife for pentesting networks
A Python based ingestor for BloodHound
PowerSploit - A PowerShell Post-Exploitation Framework
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords