IIS-ShortName-Scanner. latest version of scanners for IIS short filename (8.3) disclosure vulnerability
1.7ktop10webseclist. Top Ten Web Hacking Techniques List
771ysonet. Deserialization payload generator for a variety of .NET formatters
181httpninja. HTTP.ninja
149BurpSuiteJSBeautifier. Burp Suite JS Beautifier
102BurpSuiteSharpenerEx. This extension enhances Burp Suite by adding several UI and functional features, making it more user-friendly.
78auraditor. A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities.
67OutlookLeakTest. The Outlook HTML Leak Test Project
41BurpTabEssentials. This changes the style of Burp Suite's Repeater tabs to help the testers
29updated-SWFIntruder. Updated version of SWFIntruder
27crapsecrets. A library for detecting known secrets across many web frameworks
22BurpRunnerShells. This makes it easier to open and run the latest version of Burp Suite via terminal or command line
10Flash-Files-Vulnerability-Database. Known vulnerable Flash files will be listed here possibly with their exploit
7BChecks. BChecks collection for Burp Suite Professional
6BlazorTrafficProcessor. Java
6Awesome-WAF. 🔥 Everything awesome about web-application firewalls (WAF).
5dnschef_updated. DNSChef - DNS proxy for Penetration Testers and Malware Analysts
4vulnerable-node-app. A NoSQL Injectable Node App
3waf_bypadd. This Burp Suite extension is designed to bypass Web Application Firewalls (WAFs) by padding HTTP requests with dummy data.
3CrossSiteContentHijacking. Content hijacking proof-of-concept using Flash, PDF and Silverlight
3privatecollaborator. A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
2shortscan. An IIS short filename enumeration tool
2cve-2025-53770-exploit. SharePoint WebPart Injection Exploit Tool
2WebShell-2. Webshell
2CloudRecon. Go
1PaddingOracleHunter. Python
1github-subdomains. Find subdomains on GitHub.
1ExploitDotNetDCOM. A tool to exploit .NET DCOM for EoP and RCE. Is fixed in latest versions of the .NET.
1Stepper. A natural evolution of Burp Suite's Repeater tool
1rhino. Rhino is an open-source implementation of JavaScript written entirely in Java
1trufflehog. Find and verify credentials
1JDBC-Attack. JDBC Connection URL Attack
1SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
1ysoserial. ysoserial for su18
1GitDorker. A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
1afrog. A Security Tool for Bug Bounty, Pentest and Red Teaming.
1ayfabtu. Scripts to extract files from SCM directories left on web servers
1gojwtcrack. Fast JSON Web Token (JWT) cracker written in Go
1VulnerableDotNetHTTPRemoting. Example Vulnerable .NET HTTP Remoting
1