There are 32 repositories under web-penetration-testing topic.
All In One Web Recon
The Offensive Manual Web Application Penetration Testing Framework.
An XSS exploitation command-line interface and payload generator.
Work in progress...
PHP shells that work on Linux OS, macOS, and Windows OS.
Bypass 4xx HTTP response status codes and more. Based on PycURL and Python Requests.
A python script designed to check if the website if vulnerable of clickjacking and create a poc
WEB PENETRATION TESTING TOOL 💥
OWASP based Web Application Security Testing Checklist
Improve automated and semi-automated active scanning in Burp Pro
JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
Herramienta donde puedes practicar las vulnerabilidades web más conocidas
My notes on PentesterLab's Bootcamp series 🕵️
Hello my friends, it is my repo about sql injections. Call me in Telegram: @anakein
Simple API for storing all incoming XSS requests.
This is a website penetration testing tool for testing webdav server vulnerabilities.
Search Google Dorks like Chad. / Social media takeover tool.
Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML content. Widespread due to input validation lapses.
A bash script to automate the necessary Reconnaissance task for websites.
All Type Of Tools written in multipule language .
Web crawler and downloader based on GNU Wget.
MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.
This is a list contains 7000+ Cross Site Scripting Payloads.
Brute force a JWT token. Script uses multithreading.
Response Overview Extension for BurpSuite
This checklist provides a comprehensive guide for conducting a website pentest.
A powerful recon tool
Brute force subdomains in multiple smaller iterations. Based on DNSRecon.
Burp Suite extensions if you want to teach Burp a new Transport-Encoding
Generate some payload to bypass restriction when you perform a file upload
:neckbeard: This repository contains slides and notes from my workshop at the Grace Hopper Conference, India (2019).
This script take a URL or list of subdomain and the required DIR for specific CVE and give the response code for each url
This tool build for test Cross Origin Sharing vulnerabilities
Web crawler and scraper based on Scrapy and Playwright's headless browser.
A python tool to test for web cache poisoning denial of service (CPDoS) vulnerabilities.