ldionmarcil's Stars
vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
projectdiscovery/katana
A next-generation crawling and spidering framework.
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
six2dez/OneListForAll
Rockyou for web fuzzing
leibnitz27/cfr
This is the public repository for the CFR Java decompiler
ssl/ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
projectdiscovery/cvemap
Navigate the CVE jungle with ease.
wallarm/gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
fnmsd/MySQL_Fake_Server
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
emacs-evil/evil-collection
A set of keybindings for evil-mode
mstrobel/procyon
Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.
ptoomey3/evilarc
Create tar/zip archives that can exploit directory traversal vulnerabilities
ayoubfathi/leaky-paths
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
fyoorer/ShadowClone
Unleash the power of cloud
narfindustries/http-garden
Differential fuzzing REPL for HTTP implementations.
PortSwigger/BChecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
GoSecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
BishopFox/GadgetProbe
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
BlackFan/content-type-research
Content-Type Research
awslabs/threat-composer
A simple threat modeling tool to help humans to reduce time-to-value when threat modeling
mazen160/server-status_PWN
A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
hoodoer/JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
boostsecurityio/poutine
boostsecurityio/poutine
doyensec/Session-Hijacking-Visual-Exploitation
Session Hijacking Visual Exploitation
cloudflare/python-workers-examples
artsploit/rogue-jndi
A malicious LDAP server for JNDI injection attacks
mogwailabs/jarjarbigs
A python script to merge multiple jar files for easier debugging via JD-Eclipse
caido/workflows
🛠️ Workflows created by the community
vrechson/copy-to-bcheck
BurpSuite extension to convert requests into bcheck scripts