augustd's Stars
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
ReactiveX/RxJava
RxJava – Reactive Extensions for the JVM – a library for composing asynchronous and event-based programs using observable sequences for the Java VM.
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
cure53/DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
berzerk0/Probable-Wordlists
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
shellphish/how2heap
A repository for learning various heap exploitation techniques.
google/tamperchrome
Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
secretsquirrel/the-backdoor-factory
Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
almandin/fuxploider
File upload vulnerability scanner and exploitation tool.
salesforce/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
nixawk/labs
Vulnerability Labs for security analysis
Netflix-Skunkworks/sleepy-puppy
Sleepy Puppy XSS Payload Management Framework
mindedsecurity/JStillery
Advanced JavaScript Deobfuscation via Partial Evaluation
nccgroup/freddy
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
turbo/KPTI-PoC-Collection
Meltdown/Spectre PoC src collection.
lanrat/certgraph
An open source intelligence tool to crawl the graph of certificate Alternate Names
003random/003Recon
Some tools to automate recon - 003random
zerofox-oss/SNAP_R
A machine learning based social media pen-testing tool
salesforce/secure-filters
Anti-XSS Security Filters for EJS and More
ajinabraham/Static-DOM-XSS-Scanner
Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.
debasishm89/burpy
Portable and flexible web application security assessment tool.It parses Burp Suite log and performs various tests depending on the module provided and finally generate a HTML report.
EdOverflow/bug-bounty-responses
A collection of response templates for invalid bug bounty reports.
tomekr/boilerman
A tool used to help with testing/auditing the security of a Rails application.
fergarrui/exploits
¯\_(ツ)_/¯