This is your work, valued

Vancouver, Canada

Ajin Abraham

Elite
@ajinabraham

Offensive Security, Research & Engineering

nodejsscan. nodejsscan is a static security code scanner for Node.js applications.

2.6k

CMSScan. CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

1.1k

OWASP-Xenotix-XSS-Exploit-Framework. OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.

547

Xenotix-Python-Keylogger. Xenotix Python Keylogger for Windows.

461

njsscan. njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

434

Node.Js-Security-Course. Contents for Node.Js Security Course

346

Droid-Application-Fuzz-Framework. Android application fuzzing framework with fuzzers and crash monitor.

295

libsast. Generic SAST Library

138

WebAppSec. Web Application Security

133

Static-DOM-XSS-Scanner. Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.

119

Xenotix-APK-Reverser. Xenotix APK Reverser is an OpenSource Android Application Package (APK) decompiler and disassembler powered by dex2jar, baksmali and jd-core.

80

aws_security_tools. Scripts and tools for AWS Pentest

54

Mobile-Security-Framework-MobSF. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

47

PoC. Proof of Concepts, Exploits

29

njsscan-action. nodejsscan Github Action

28

Xenotix-xBOT. Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

28

WhatsApp-AutoClean. WhatsApp AutoClean is an android app that removes all WhatsApp media (images, videos, sound etc) and hide them from being shown in Gallery

16

tizen-security. Tools made for Tizen Security Analysis

15

Exploit-Research-Ported. Exploit Research & Development - Ported Exploits

11

package_scan. PoC: Python package static and dynamic analysis to detect environment variable stealing

11

bugbounty-cheatsheet. A list of interesting payloads, tips and tricks for bug bounty hunters.

10

MobileApp-Pentest-Cheatsheet. The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

9

node.js-simple-https-server. A simple HTTPS server that uses self signed certificate. Useful for PoC purposes

8

OAuth-Request-Crafter. OAuth Request Crafter

8

Android-SSL-Certificate-Pinning. A sample android application implementing Moxie's Certificate Pinning Library

8

bad_python_extract. A vulnerable web application written in Python Flask to demonstrate insecure file extraction

8

JSComm-API-Hooker. Tool to hook all communication APIs including XHR/XHR2, WebSockets, Web Workers, PostMessage and Server Sent Events

8

awesome-web-security. 🐶 A curated list of Web Security materials and resources.

7

OpSec-Firefox-Addon-Exploit-Suite. OpSec Firefox Addon Exploit Suite is a POC application that demonstrate various flaws in the Firefox Add-on Security Model.

7

Vulnerable_Tornado_App. An intentionally vulnerable web application written in Python using Tornado

7

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

7

API-Security-Checklist. Checklist of the most important security countermeasures when designing, testing, and releasing your API

6

AutomatingWindowsPrivilegeEscalation. Python

5

WindowsExploits. Windows exploits, mostly precompiled.

5

AuditDroid. AduitDroid

4

CSS-Keylogging. Chrome extension and Express server that exploits keylogging abilities of CSS.

4

iSpy. A reverse engineering framework for iOS

4

usbkill. usbkill waits for a change on your usb ports, then immediately kills your computer. Anti forensic, usb -> kill

4

proxy2. HTTP/HTTPS proxy in a single python script

3

python-hash-calculator. Python Hash Calculator

3

airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.

3

poc-rogue. Python

3

android-unpacker. Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0

3

play-scraper. A web scraper to retrieve application data from the Google Play Store.

2

dvna. Damn Vulnerable NodeJS Application

2

injectAllTheThings. Seven different DLL injection techniques in one single project.

2

lobotomy. Android Reverse Engineering Framework & Toolkit

2

iloot. OpenSource tool for iCloud backup extraction

2

ActiveScanPlusPlus. ActiveScan++ Burp Suite Plugin

2

InsecureProgramming. mirror of gera's insecure programming examples | http://community.coresecurity.com/~gera/InsecureProgramming/

1

CodeMirror. In-browser code editor

1

how2heap. A repository for learning various heap exploitation techniques.

1

nimbostratus. Tools for fingerprinting and exploiting Amazon cloud infrastructures

1

apache-struts2-CVE-2017-5638. Demo Application and Exploit

1