threlfall

GitGot

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

o365-attack-toolkit

A toolkit to attack Office365

magic-wormhole

get things from one computer to another, safely

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

honeybits

A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

render

easily manage HTTP request / response payloads of Go HTTP services

aem-rce-bundle

the-art-of-subdomain-enumeration

This repository contains all the supplement material for the book "The art of sub-domain enumeration"

femida

Automated blind-xss search for Burp Suite

DeTTECT

Detect Tactics, Techniques & Combat Threats

CollabOzark

CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.

chw00t

chw00t - Unices chroot breaking tool

barq

barq: The AWS Cloud Post Exploitation framework!

Jenkins-Pillage

A tool for automatically gathering sensitive information from exposed Jenkins servers

blackboxprotobuf

Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.

SAP_GW_RCE_exploit

SAP Gateway RCE exploits

WeblogicScan

Weblogic一键漏洞检测工具，V1.5，更新时间：20200730

CVE-2019-2618

Weblogic Unrestricted File Upload

hacks

A collection of hacks and one-off scripts

ActiveScanPlusPlus

ActiveScan++ Burp Suite Plugin

J2EEScan

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

SSRF-Testing

SSRF (Server Side Request Forgery) testing resources

CRLF-Injection-Payloads

Payloads for CRLF Injection

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

GCPBucketBrute

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

Awesome-WAF

🔥 Web-application firewalls (WAFs) from security standpoint.

Paper

Web Security Technology & Vulnerability Analysis Whitepapers

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

oxml_xxe

A tool for embedding XXE/XML exploits into different filetypes

DNSlivery

Easy files and payloads delivery over DNS