Aalapsec

Aalapsec's Stars

• hakluke/weaponised-XSS-payloads

  XSS payloads designed to turn alert(1) into P1

  Language:JavaScript1.3k216

• chrislockard/api_wordlist

  A wordlist of API names for web application assessments

  759216

• AtharavRH/Hack_Pack_V1.0

  31

• danielmiessler/RobotsDisallowed

  A curated list of the most common and most interesting robots.txt disallowed directories.

  Language:Shell1.4k304

• jonluca/Anubis

  Subdomain enumeration and information gathering tool

  Language:Python1.2k154

• Voorivex/pentest-guide

  Penetration tests guide based on OWASP including test cases, resources and examples.

  2.5k548

• Liodeus/liodeus.github.io

  Language:HTML3610

• x90skysn3k/brutespray

  Bruteforcing from various scanner output - Automatically attempts default creds on found services.

  Language:Go2k384

• GovTech-CSG/Autowasp

  BurpSuite Extension: A one-stop pen testing checklist and logger tool

  Language:Java7445

• capture0x/XSS-LOADER

  Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder

  Language:Python569113

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python61.3k14.7k

• chvancooten/BugBountyScanner

  A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

  Language:Shell874120

• elkokc/reflector

  Burp plugin able to find reflected XSS on page in real-time while browsing on site

  Language:Java1.1k162

• PortSwigger/backslash-powered-scanner

  Finds unknown classes of injection vulnerabilities

  Language:Java63792

• dark-warlord14/JSScanner

  You can read the writeup on this script here

  Language:Shell26762

• Findomain/Findomain

  The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

  Language:Rust3.3k369

• lanjelot/patator

  Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

  Language:Python3.6k788

• random-robbie/rb-recon

  1410

• random-robbie/bruteforce-lists

  Some files for bruteforcing certain things.

  1.2k357

• d3vilbug/HackBar

  HackBar plugin for Burpsuite

  Language:Java1.5k260

• reconness/reconness

  ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

  Language:C#31435

• Zarcolio/sitedorks

  Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

  Language:Python893113

• m8sec/subscraper

  Subdomain and target enumeration tool built for offensive security testing

  Language:Python82297

• ghsec/webHunt

  Web App bug hunting

  553145

• m0nad/HellRaiser

  Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

  Language:Ruby562142

• skavngr/rapidscan

  :new: The Multi-Tool Web Vulnerability Scanner.

  Language:Python1.8k404

• venom26/recon

  information gathering

  Language:Shell26984

• Quitten/Autorize

  Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  Language:Python958197

• A3h1nt/Subcert

  Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

  Language:Python7915

• madhavtripathi05/encrypted_chat_app

  Simple AES encrypted chat app which works on Android, iOS, Web, and macOS with WebSocket server.

  Language:Dart21