Lists (4)
Stars
FastAPI framework, high performance, easy to learn, fast to code, ready for production
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
GFPGAN aims at developing Practical Algorithms for Real-world Face Restoration.
Incredibly fast crawler designed for OSINT.
📱 objection - runtime mobile exploration
Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
A python script that finds endpoints in JavaScript files
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
cve-search - a tool to perform local searches for known vulnerabilities
A friendly car security exploration tool for the CAN bus
Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".
AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
Tools for auditing WAFS
Correlated injection proxy tool for XSS Hunter
🏰 A Python script for AWS S3 bucket enumeration.
A tool to uncover undocumented APIs from the AWS Console.
Tool for exploiting SQL injection vulnerabilities that sqlmap can't find.
A security assessment tool for Hitachi Vantara's Pentaho Business Analytics platform.
SSL/TLS Certificate Authority Replacement