This is your work, valued
SSRF-Testing. SSRF (Server Side Request Forgery) testing resources
★ 2.5kOpen-Redirect-Payloads. Open Redirect Payloads
★ 663Markdown-XSS-Payloads. XSS payloads for exploiting Markdown syntax
★ 497CRLF-Injection-Payloads. Payloads for CRLF Injection
★ 228Content-Bruteforcing-Wordlist. Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
★ 219subdomain-bruteforce-list. subdomain bruteforce list
★ 103Virtual-host-wordlist. Virtual host wordlist
★ 53CVE-2016-8610-PoC. CVE-2016-8610 (SSL Death Alert) PoC
★ 33Linux-default-files-images-location. Default Linux files/images location
★ 29XXE-FTP-HTTP-Server. Ruby
★ 25dirsearch-wordlist. Serbian/English wordlist for https://github.com/maurosoria/dirsearch
★ 20nginx-dynamic-tls-records-patch. Add TLS Dynamic Record Resizing to Nginx
★ 17grsecurity-patches. Unofficial grsecurity patch archive https://grsecurity.net
★ 11nginx-http2-spdy-patch. Patch to make NGINX support HTTP/2 and SPDY simultaneously
★ 11XSS-Testing-Page. PHP
★ 9ssspl. SSS is a simple socks server written in perl that implements the SOCKS v5 protocol.
★ 8params.
★ 8llm-sast-scanner. A SAST skill that gives AI coding agents structured vulnerability detection across 103 vulnerability classes.
★ 7resolvers. Free DNS resolvers
★ 6goaltdns. Go
★ 6public-dns-resolvers. List of periodically validated public DNS resolvers
★ 6burp-copy-to-clipboard-for-vulnreport. Burp Copy to Clipboard for VulnReport
★ 5blooming-password. Blooming Password
★ 4TCP-Starvation. Python
★ 4Internet-Explorer-11-Content-Type-JSON-bug. Internet Explorer 11 bug to exploit application JSON response to XSS
★ 4vulnreport. Open-source pentesting management and automation platform by Salesforce Product Security
★ 4Content-Type-Text-Plain-Considered-Harmful. Content-Type Text/Plain Considered Harmful
★ 4autochrome. This tool downloads, installs, and configures a shiny new copy of Chromium.
★ 4hosts-file.net.
★ 4cujanovic.
★ 3nginx_upstream_check_module. Health checks upstreams for nginx,support dynamic health check interface for adding servers, transplat from tengine based on upstream_check_module
★ 3cf-pngcrush-patch. pngcrush fork for CF - patch
★ 3Memcrashed-DDoS-Exploit. DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
★ 3openvpn. Shell
★ 3ffmpeg-avi-m3u-xbin. Python
★ 3xip.ninja. xip.ninja : PowerDNS pipe backend adapter powering xip.ninja
★ 2pentagi. Fully autonomous AI Agents system capable of performing complex penetration testing tasks
★ 20kawesome-agent-skills-security. 🛡️ A curated list of resources on agent skills security: attacks, defenses, frameworks, and benchmarks for securing AI agent tool use and skill ecosystems
★ 39pentest-ai. Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
★ 1.3kHackerOne-Disclosed-Reports. A structured, auto-updating archive of disclosed HackerOne reports. Filter by severity, CWE weakness, bounty program, or year - ideal for security researchers and bug bounty hunters.
★ 23hackerone-reports. Top disclosed reports from HackerOne
★ 6.3kskills. Pashov Audit Group Skills
★ 952Sec-88. Cyber Security Notes, Methodology, Resources and Tips
★ 251reverse-skill. Reverse Engineering / Authorized Penetration Testing / Security Research Skill Router Pack AI-powered routing + On-demand toolchain bootstrapping + Self-evolving knowledge base Supports Claude Code, Kiro, Cursor, Cline, and other AI coding clients 逆向/渗透/安全技能路由包 - AI 自动路由 + 按需自举工具链 + 自动进化经验库 | 支持 Claude Code / Kiro / Cursor / Cline 等代码 AI 客户端
★ 7.9kHow-To-Secure-A-Linux-Server. An evolving how-to guide for securing a Linux server.
★ 29kClaude-BugHunter. A Claude Code skill bundle for bug hunting and external red-team work — 71 skills, 15 slash commands, 681 disclosed-report patterns curated across 24 core vulnerability classes, plus enterprise identity + infrastructure attack matrices.
★ 2.9kpentestagent. PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
★ 2.8kshannon. Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
★ 46kllm-sast-scanner. A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.
★ 267claude-bug-bounty. AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
★ 3.9kcommunitytools. Open-source Claude Code skills, agents, and slash commands for AI-powered penetration testing, bug bounty hunting, and security research
★ 404FlareTunnel. Proxy system that routes traffic through Cloudflare Workers for IP rotation and anonymity
★ 631recollapse. REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
★ 1.4kclaude-code-security-review. An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.
★ 5.5kGemini-API-Key-Exposure-Scanner. Python
★ 50AllThingsSSRF. This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
★ 1.4kmalicious-pdf. 💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
★ 4.1kJsHunter. High-Performance JavaScript Security Scanner - Process 1M URLs in ~5 hours with Telegram & Discord bot integration, Docker support, and comprehensive workflow automation
★ 173fuzzuli. fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
★ 941hexstrike-ai. HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
★ 10kautoswagger. Autoswagger by Intruder - detect API auth weaknesses
★ 1.9kjsmap_inspector. A local-only GUI tool to analyze `.js.map` source map files.
★ 62Prompt-Hacking-Resources. A list of curated resources for people interested in AI Red Teaming, Jailbreaking, and Prompt Injection
★ 650damn-vulnerable-MCP-server. Damn Vulnerable MCP Server
★ 1.3kpdfrip. A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
★ 1.4krustdesk. An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
★ 118kBFScan. Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used in JAR / WAR / APK applications.
★ 256SubSeven. SubSeven Legacy Official Source Code Repository
★ 648Cognitohunter. A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter specializes in dissecting AWS Cognito implementations and performing advanced credential-to-session conversions.
★ 21js-snitch. Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets
★ 144plution. Prototype pollution scanner using headless chrome
★ 216NucleiFuzzer. NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enumeration techniques
★ 1.9khawk-eye. A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.
★ 498convert-params. Convert Parameters
★ 4crawlee-python. Crawlee—A web scraping and browser automation library for Python to build reliable crawlers. Extract data for AI, LLMs, RAG, or GPTs. Download HTML, PDF, JPG, PNG, and other files from websites. Works with Parsel, BeautifulSoup, Playwright, and raw HTTP. Both headful and headless mode. With proxy rotation.
★ 9.3kAPTs-Adversary-Simulation. This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real world attacks .
★ 1.1kproposal-symbol-proto. TC39 proposal for mitigating prototype pollution
★ 53reverse-slowloris. A reverse slowloris attack to hopefully troll bots polling for vulnerable web servers
★ 18sj. A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
★ 859HopLa. HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite
★ 835Flipper. Playground (and dump) of stuff I make or modify for the Flipper Zero
★ 17kkernel-hardening-checker. A tool for checking the security hardening options of the Linux kernel
★ 2.1kBambdas.
★ 142PhantomCrawler. PhantomCrawler is a Python-based web testing and research tool that simulates website interactions from multiple proxy IP addresses to analyze traffic behavior, access controls, and response patterns under different network conditions.
★ 80bash_tls. A minimal TLS 1.2 client implementation in a pure Bash script
★ 354airgorah. A WiFi security auditing software mainly based on aircrack-ng tools suite
★ 856dns-noise. Simple utility to add a stream of DNS queries for random domains to obfuscate traffic patterns.
★ 11XSRFProbe. The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
★ 1.3kAPI-Wordlist.
★ 253BrowserBruter. BrowserBruter is a powerful web form fuzzing automation tool designed for web security professionals and penetration testers. This Python-based tool leverages Selenium and Selenium-Wire to automate web form fuzzing, making it easier to identify potential vulnerabilities in web applications.
★ 333domloggerpp. A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
★ 808nowafpls. Burp Plugin to Bypass WAFs through the insertion of Junk Data
★ 1.5kGAP-Burp-Extension. Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
★ 1.5kPearcleaner. A free, source-available and fair-code licensed mac app cleaner
★ 14kgraphqlMaker. Finds graphql queries in javascript files
★ 69server-side-prototype-pollution. A collection of Server-Side Prototype Pollution gadgets and exploits
★ 234awesome-secure-defaults. Awesome secure by default libraries to help you eliminate bug classes!
★ 710git-rotate. Leveraging GitHub Actions to rotate IP addresses during password spraying attacks to bypass IP-Based blocking
★ 152pphack. Advanced Client-Side Prototype Pollution Scanner
★ 250MHDDoS. Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods
★ 16kpsmaps. Report memory usage of Linux processes
★ 1http-garden. Differential testing framework for HTTP implementations
★ 938PolarDNS. PolarDNS is a specialized authoritative DNS server suitable for penetration testing and vulnerability research.
★ 248py-strace2pcap. convert specific strace output file to pcap using scapy
★ 24metatrapd. A canary service for cloud metadata end-points
★ 7dummy. Generator of static files(csv, jpeg, png, pdf) for testing file upload. It can generate csv and png files of any number of bytes!
★ 68smugglefuzz. A rapid HTTP downgrade smuggling scanner written in Go.
★ 313CLZero. A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors
★ 91awesome-pentest. A collection of awesome penetration testing resources, tools and other shiny things
★ 27kBluetooth-LE-Spam. Kotlin
★ 4.8kclairvoyance. Obtain GraphQL API schema even if the introspection is disabled
★ 1.5kheaderpwn. A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers
★ 356kernel-exploit-factory. Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.
★ 1.3ksessionprobe. SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.
★ 463graphql-wordlist. The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
★ 477inql. InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
★ 1.8kCloudFlair. 🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
★ 3kcloudflare-origin-ip. Try to find the origin IP of a webapp protected by Cloudflare.
★ 357awesome-honeypots. an awesome list of honeypot resources
★ 10kTask-Ninja. Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
★ 154glutton. Generic Low Interaction Honeypot
★ 306WP-RestScan. Scan Wordpress Servers for Access Control Issues
★ 9linux-network-performance-parameters. Learn where some of the network sysctl variables fit into the Linux/Kernel network flow. Translations: 🇷🇺
★ 5.8kDockerDetectionNotes. Some of my rough notes for Docker threat detection
★ 51ReconAIzer. A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!
★ 901route-detect. Find authentication (authn) and authorization (authz) security bugs in web application routes.
★ 281API-Fuzzer. Python
★ 13Vulnerabilities-Unmasked. This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!
★ 371Burp-IISTildeEnumerationScanner. Burp extension to check and exploit the IIS Tilde Enumeration/IIS 8.3 Short Filename Disclosure vulnerability
★ 62wafaray. Enhance your malware detection with WAF + YARA (WAFARAY)
★ 108wsrepl. WebSocket REPL for pentesters
★ 238bas-celik. A program for reading smart-card documents issued by the government of Serbia
★ 351deepsecrets. Secrets scanner that understands code
★ 192Witcher. Witcher is the first framework for using AFL to fuzz web applications.
★ 109Afuzz. Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
★ 311awesome-sec-challenges. A curated list of Awesome Security Challenges.
★ 211CVE-2023-25157. CVE-2023-25157 - GeoServer SQL Injection - PoC
★ 170mac-monitor. "The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.
★ 1.4kwaf-bypass. Check your WAF before an attacker does
★ 1.5kfast-mail-bomber. Fast, multithreading, efficient and easy-to-use mail bombing/spamming tool. Sending mails via mailman services hosted by different providers.
★ 681dnstwist. Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
★ 5.7kemba. EMBA - The firmware security analyzer
★ 3.5kosint-balkan. Public sites and information related to Balkan countries that can be used for OSINT purposes.
★ 26KeyDecoder. KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.
★ 3.2kWeb-Attack-Cheat-Sheet. Web Attack Cheat Sheet
★ 4.4kFlipperAmiibo. Made to be used with Flipper just drag the folder into NFC
★ 3.6kXtreme-Firmware. The Dom amongst the Flipper Zero Firmware. Give your Flipper the power and freedom it is really craving. Let it show you its true form. Dont delay, switch to the one and only true Master today!
★ 9.9kFlipper_Zero. My SD Drive for Flipper Zero
★ 1.5ksafeurl. A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
★ 112wafme0w. Fast and lightweight Web Application Firewall Fingerprinting tool
★ 64yi-hack-v5. Even newer Custom Firmware for Xiaomi Cameras based on Hi3518ev200 Chipset. It includes free RTSP, ONVIF and other improvements based on the work by roleoroleo
★ 1koauth2c. User-friendly OAuth2 CLI
★ 930subzuf. a smart DNS response-guided subdomain fuzzer
★ 156oidc-ssrf. An Evil OIDC Server
★ 53ungoogled-chromium-macos. macOS packaging for ungoogled-chromium
★ 662DefaultCreds-cheat-sheet. One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
★ 6.7kbypass-url-parser. bypass-url-parser
★ 1.1kGoBypassAV. 整理了基于Go的16种API免杀测试、8种加密测试、反沙盒测试、编译混淆、加壳、资源修改等免杀技术,并搜集汇总了一些资料和工具。
★ 1.2kDirtyCred. Kernel exploitation technique
★ 592API-SecurityEmpire. API Security Project aims to present unique attack & defense methods in API Security field
★ 1.4kApacheTomcatScanner. A python script to scan for Apache Tomcat server vulnerabilities.
★ 892svg-cheatsheet. A cheatsheet for exploiting server-side SVG processors.
★ 802Publii. The most intuitive Static Site CMS designed for SEO-optimized and privacy-focused websites.
★ 7.2kawesome-flipperzero. 🐬 A collection of awesome resources for the Flipper Zero device.
★ 24kCrackQL. CrackQL is a GraphQL password brute-force and fuzzing utility.
★ 348GraphCrawler. GraphQL automated security testing toolkit
★ 335exploiting-smart-contract-vulnerabilities. Repository for "Exploiting smart contract vulnerabilities" bachelor thesis at School of Electrical Engineering, University of Belgrade. Paper (in Serbian) with 5 examples of vulnerable smart contracts and exploitation of them.
★ 9brutas. Wordlists handcrafted (and automated) with ♥
★ 233ved. Vault Exploit Defense
★ 129dockerfile. Dockerfile best-practices for writing production-worthy Docker images.
★ 4.1kCRLFsuite. The most powerful CRLF injection (HTTP Response Splitting) scanner.
★ 598slipit. Utility for creating ZipSlip archives
★ 92Awesome-RCE-techniques. Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
★ 1.9kgraphql-threat-matrix. GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
★ 365CVE-2022-23222. CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
★ 574tornado. Anonymously Reverse Shell over Tor Network using Hidden services without Portforwarding.
★ 534t-reqs. Grammar-based HTTP/1 fuzzer with mutation ability
★ 263linux-hardened. Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
★ 735resume.github.com. Resumes generated using the GitHub informations
★ 63kCVE-2021-43008-AdminerRead. Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
★ 85Bash-Oneliner. A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
★ 11kgau. Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
★ 5kstunner. Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
★ 852pwn_jenkins. Notes about attacking Jenkins servers
★ 2.1kcf-bypass. Shell
★ 87HTTP-Smuggling-Calculator. Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.
★ 73param-miner-doc. Unofficial documentation for the great tool Param Miner
★ 186wpgarlic. A proof-of-concept WordPress plugin fuzzer
★ 200Imperva_gzip_WAF_Bypass. Python
★ 169open-source-web-scanners. A list of open source web security scanners
★ 1.6kredirex. tool that generates bypasses for open redirects
★ 49jfrog-spring-tools. Python
★ 79graphql-cop. Security Auditor Utility for GraphQL APIs
★ 673coraza. OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
★ 3.6kSingleFile. Web Extension for saving a faithful copy of a complete web page in a single HTML file
★ 22kcontainer-security-checklist. Checklist for container security - devsecops practices
★ 1.6kcurl-impersonate. curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
★ 6.5kcve. Gather and update all available and newest CVEs with their PoC.
★ 7.9kpure-bash-bible. 📖 A collection of pure bash alternatives to external processes.
★ 42kwifi_pass. Collection of passwords from torrents/dumps/others - uniq, sorted, removed length bellow 8 for wifi cracking
★ 422CVE-2021-3156. Sudo Baron Samedit Exploit
★ 800sizesmuggler. Python
★ 3TProxer. A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
★ 184OAUTHScan. Burp Suite Extension useful to verify OAUTHv2 and OpenID security
★ 178InsecureShop. An Intentionally designed Vulnerable Android Application built in Kotlin.
★ 258log4j. Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.
★ 110Advanced-SQL-Injection-Cheatsheet. A cheat sheet that contains advanced queries for SQL Injection of all types.
★ 3.2kipsourcebypass. This Python script can be used to bypass IP source restrictions using HTTP headers.
★ 401openssh-backdoor. Experimental and sneaky backdoor patch for OpenSSH Portable.
★ 25rip_raw. Rip Raw is a small tool to analyse the memory of compromised Linux systems.
★ 133tfsec. Tfsec is now part of Trivy
★ 7kpoc-cve-2021-4034. PoC for CVE-2021-4034 dubbed pwnkit
★ 35restler-fuzzer. RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
★ 2.9ksliver. Adversary Emulation Framework
★ 11kcve-2021-3449. CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
★ 225OneListForAll. Rockyou for web fuzzing
★ 3.2kSourceCodeReview. Source Code Review resources for Bug Bounty Hunters & Developers. This Repo is updated consistently.
★ 82rotating-tor-http-proxy. A multi-arch image provides one HTTP proxy endpoint with many concurrent tunnels to the Tor network.
★ 262SpringBootVulExploit. SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
★ 6.1krelevant-wordlist. A wordlist that is kept up to date with the latest headlines to provide relevant words to human society
★ 120vortex. VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
★ 450awesome-list-of-secrets-in-environment-variables. 🦄🔒 Awesome list of secrets in environment variables 🖥️
★ 909portmaster. 🏔 Love Freedom - ❌ Block Mass Surveillance
★ 13kalternative-frontends. 🔐🌐 Privacy-respecting web frontends for popular services
★ 2.3kAtlas. Quick SQLMap Tamper Suggester
★ 1.4kwebapp-wordlists. This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
★ 537chronorace. Python
★ 72awesome-privacy. Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
★ 19kMy-CTF-Web-Challenges. Collection of CTF Web challenges I made
★ 2.9kburp-log4shell. Log4Shell scanner for Burp Suite
★ 485android-foss. A list of Free and Open Source Software (FOSS) for Android – saving Freedom and Privacy.
★ 11klog4jcheck. A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.
★ 126JNDI-Injection-Exploit. JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
★ 2.8kLog4jAttackSurface.
★ 2.1kSTEWS. A Security Tool for Enumerating WebSockets
★ 376cats. CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
★ 1.4k