This is your work, valued

UK, Worcestershire

Soroush Dalili

Elite
@irsdl

IIS-ShortName-Scanner. latest version of scanners for IIS short filename (8.3) disclosure vulnerability

1.7k

top10webseclist. Top Ten Web Hacking Techniques List

771

ysonet. Deserialization payload generator for a variety of .NET formatters

181

httpninja. HTTP.ninja

149

BurpSuiteJSBeautifier. Burp Suite JS Beautifier

102

BurpSuiteSharpenerEx. This extension enhances Burp Suite by adding several UI and functional features, making it more user-friendly.

78

auraditor. A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities.

67

OutlookLeakTest. The Outlook HTML Leak Test Project

41

BurpTabEssentials. This changes the style of Burp Suite's Repeater tabs to help the testers

29

updated-SWFIntruder. Updated version of SWFIntruder

27

crapsecrets. A library for detecting known secrets across many web frameworks

22

BurpRunnerShells. This makes it easier to open and run the latest version of Burp Suite via terminal or command line

10

Flash-Files-Vulnerability-Database. Known vulnerable Flash files will be listed here possibly with their exploit

7

BChecks. BChecks collection for Burp Suite Professional

6

BlazorTrafficProcessor. Java

6

Awesome-WAF. 🔥 Everything awesome about web-application firewalls (WAF).

5

dnschef_updated. DNSChef - DNS proxy for Penetration Testers and Malware Analysts

4

vulnerable-node-app. A NoSQL Injectable Node App

3

waf_bypadd. This Burp Suite extension is designed to bypass Web Application Firewalls (WAFs) by padding HTTP requests with dummy data.

3

CrossSiteContentHijacking. Content hijacking proof-of-concept using Flash, PDF and Silverlight

3

privatecollaborator. A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

2

shortscan. An IIS short filename enumeration tool

2

cve-2025-53770-exploit. SharePoint WebPart Injection Exploit Tool

2

WebShell-2. Webshell

2

CloudRecon. Go

1

PaddingOracleHunter. Python

1

github-subdomains. Find subdomains on GitHub.

1

ExploitDotNetDCOM. A tool to exploit .NET DCOM for EoP and RCE. Is fixed in latest versions of the .NET.

1

Stepper. A natural evolution of Burp Suite's Repeater tool

1

rhino. Rhino is an open-source implementation of JavaScript written entirely in Java

1

trufflehog. Find and verify credentials

1

JDBC-Attack. JDBC Connection URL Attack

1

SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

1

ysoserial. ysoserial for su18

1

GitDorker. A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

1

afrog. A Security Tool for Bug Bounty, Pentest and Red Teaming.

1

ayfabtu. Scripts to extract files from SCM directories left on web servers

1

gojwtcrack. Fast JSON Web Token (JWT) cracker written in Go

1

VulnerableDotNetHTTPRemoting. Example Vulnerable .NET HTTP Remoting

1