SSRF-Testing. SSRF (Server Side Request Forgery) testing resources
2.5kOpen-Redirect-Payloads. Open Redirect Payloads
663Markdown-XSS-Payloads. XSS payloads for exploiting Markdown syntax
497CRLF-Injection-Payloads. Payloads for CRLF Injection
228Content-Bruteforcing-Wordlist. Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
219subdomain-bruteforce-list. subdomain bruteforce list
103Virtual-host-wordlist. Virtual host wordlist
53CVE-2016-8610-PoC. CVE-2016-8610 (SSL Death Alert) PoC
33Linux-default-files-images-location. Default Linux files/images location
29XXE-FTP-HTTP-Server. Ruby
25dirsearch-wordlist. Serbian/English wordlist for https://github.com/maurosoria/dirsearch
20nginx-dynamic-tls-records-patch. Add TLS Dynamic Record Resizing to Nginx
17grsecurity-patches. Unofficial grsecurity patch archive https://grsecurity.net
11nginx-http2-spdy-patch. Patch to make NGINX support HTTP/2 and SPDY simultaneously
11XSS-Testing-Page. PHP
9ssspl. SSS is a simple socks server written in perl that implements the SOCKS v5 protocol.
8params.
8llm-sast-scanner. A SAST skill that gives AI coding agents structured vulnerability detection across 103 vulnerability classes.
7resolvers. Free DNS resolvers
6goaltdns. Go
6public-dns-resolvers. List of periodically validated public DNS resolvers
6burp-copy-to-clipboard-for-vulnreport. Burp Copy to Clipboard for VulnReport
5blooming-password. Blooming Password
4TCP-Starvation. Python
4Internet-Explorer-11-Content-Type-JSON-bug. Internet Explorer 11 bug to exploit application JSON response to XSS
4vulnreport. Open-source pentesting management and automation platform by Salesforce Product Security
4Content-Type-Text-Plain-Considered-Harmful. Content-Type Text/Plain Considered Harmful
4autochrome. This tool downloads, installs, and configures a shiny new copy of Chromium.
4hosts-file.net.
4cujanovic.
3nginx_upstream_check_module. Health checks upstreams for nginx,support dynamic health check interface for adding servers, transplat from tengine based on upstream_check_module
3cf-pngcrush-patch. pngcrush fork for CF - patch
3Memcrashed-DDoS-Exploit. DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
3openvpn. Shell
3ffmpeg-avi-m3u-xbin. Python
3xip.ninja. xip.ninja : PowerDNS pipe backend adapter powering xip.ninja
2