Stars
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
Free and Open Source Reverse Engineering Platform powered by rizin
Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
Generates permutations, alterations and mutations of subdomains and then resolves them
Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
CommonMark spec, with reference implementations in C and JavaScript
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
PEDA - Python Exploit Development Assistance for GDB
Find, verify, and analyze leaked credentials
[NOT MAINTAINED] This script creates a NATed or Bridged WiFi Access Point.
A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development…
A DNS connectback shell executed by strings in payloads.txt
This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter
A simple curses based in-place hex editor for Linux. Built to replace using xxd and emacs hexl-mode over and over to do low level editing of files. Supports resizing of files and ASCII insertion.
Access the power and flexibility of PHP from within Python
Watchtower is a Static Code Analysis tool designed to assist security auditors who are tasked with performing manual code reviews. It is platform- and language-agnostic.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Scripted Local Linux Enumeration & Privilege Escalation Checks
Removes swear words and inappropriate content from wordlists.