dalfox. ππ¦ Dalfox is a powerful open-source XSS scanner and utility focused on automation.
5.1kWebHackersWeapons. βοΈ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
4.9kDevSecOps. βΎοΈ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe π
2.1kXSpear. π± Powerfull XSS Scanning and Parameter analysis tool&gem
1.4kMobileHackersWeapons. Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
1.3kjwt-hack. JSON Web Token Hack Toolkit
1ka2sv. Auto Scanning to SSL Vulnerability
636authz0. π Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
429mad-metasploit. Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
407droid-hunter. (deprecated) Android application vulnerability analysis and Android pentest tool
310metasploit-autopwn. db_autopwn plugin of metasploit
273urx. Extracts URLs from OSINT Archives for Security Insights
188deadfinder. π΄ββ οΈ Find dead-links (broken links)
179RegexPassive. π Collection of regexp pattern for security passive scanning
116mzap. β‘οΈ Multiple target ZAP Scanning
111hack-pet. π° Managing command snippets for hackers/bug bounty hunters. with pet.
111XSS-Payload-without-Anything. XSS Payload without Anything.
108s3reverse. The format of various s3 buckets is convert in one format. for bugbounty and security testing.
89gee. π΅ Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
87websocket-connection-smuggler. websocket-connection-smuggler
68gitls. π Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline
56ws-smuggler. WebSocket Connection Smuggler
47ras-fuzzer. RAS(RAndom Subdomain) Fuzzer
43goyo. A simplicity and clean documentation theme
38MemBi. All the members of bugbounty and infosec. If you don't know who to follow, see!
36xssmaze. XSSMaze is a web service designed to test and improve the performance of security testing tools by providing various cases of XSS vulnerabilities.
35backbomb. π£ Dockerized penetration-testing/bugbounty/app-sec testing environment
35hbxss. Security test tool for Blind XSS
27action-dalfox. XSS scanning with Dalfox on Github-action
26recon-raven. Reconnaissance tool of Penetration test & Bug Bounty
26OmniOAST. Unify your OAST provider management and consolidate all interactions into a single, streamlined workflow.
25assets.hahwul.com. assets for www.hahwul.com
24fuzzstone. My fuzz repo!
23vais. SWF Vulnerability & Information Scanner
19volt. β‘ Golang library for quick make pentest tools
16awesome-oneliner-bugbounty. A collection of awesome one-liner scripts especially for bug bounty tips.
16can-i-protect-xss. Everything about xss protection technology
15hahwul. about me!
14raven. Automation Hacking & Penetration Testing Suite
12mcp-hack. MCP(Model Context Protocol) Hack Toolkit
11vunlink. Auto Web Vulnerability Scanning Framework
11xss-cheatsheet-data. This repository contains all the XSS cheatsheet data to allow contributions from the community.
11websocket-connection-smuggling-go. websocket-connection-smuggling write in go
10AutoSploit. Automated Mass Exploiter
10crawlergo. A powerful browser crawler for web vulnerability scanners
10PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
9zest-env. π Zest CLI Environment
9awesome-zap-extensions. A curated list of amazingly awesome ZAP Extensions
8urlgrab. A golang utility to spider through a website searching for additional links.
8golang-developer-roadmap. Roadmap to becoming a Go developer in 2020
8IntruderPayloads. A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
7cyclonedx-cr. A Crystal tool for generating CycloneDX Software Bill of Materials (SBOM) from Crystal shard projects.
6homebrew-dalfox. Ruby
6hetty. Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
6proxify. Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
6heroku-buildpack-firefox. Heroku buildpack for Firefox with geckodriver
5rings. Ruby
4homebrew-backbomb. backbomb homebrew repository
4