sardella-dav

sardella-dav's Stars

• IlanKalendarov/PyHook

  PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

  Language:Python18217

• GhostPack/Certify

  Active Directory certificate abuse.

  Language:C#1.5k206

• fijimunkii/bash-dev-tcp

  collection of scripts using /dev/tcp

  Language:Shell5819

• NotSoSecure/android_application_analyzer

  The tool is used to analyze the content of the android application in local storage.

  Language:Python15429

• scspcommunity/Cyber-Sec-Resources

  An organized list of resources including tools, blog-posts and how-to tutorials compiled and created by SCSP community members.

  Language:Python425130

• EdOverflow/can-i-take-over-xyz

  "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

  Language:Python4.8k715

• danielmiessler/SecLists

  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

  Language:PHP58.3k23.9k

• blechschmidt/massdns

  A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

  Language:C3.2k466

• lc/gau

  Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

  Language:Go4k447

• R0X4R/Garud

  An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

  Language:Shell777178

• GerbenJavado/LinkFinder

  A python script that finds endpoints in JavaScript files

  Language:Python3.7k595

• KathanP19/HowToHunt

  Collection of methodology and test case for various web vulnerabilities.

  6.1k1.7k

• chbrown/unmap

  Unpack a JavaScript Source Map back into filesystem structure

  Language:JavaScript17324

• ffuf/ffuf

  Fast web fuzzer written in Go

  Language:Go12.6k1.3k

• maurosoria/dirsearch

  Web path scanner

  Language:Python12.1k2.3k

• s0md3v/sqlmate

  A friend of SQLmap which will do what you always expected from SQLmap.

  Language:Python427118

• find-sec-bugs/find-sec-bugs

  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  Language:Java2.3k472

• projectdiscovery/nuclei

  Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

  Language:Go20.5k2.5k

• 0xSobky/HackVault

  A container repository for my public web hacks!

  Language:JavaScript1.9k276

• vitalysim/Awesome-Hacking-Resources

  A collection of hacking / penetration testing resources to make you better!

  15.3k2.1k

• google/firing-range

  Language:Java1.4k240

• ZephrFish/Wordlists

  Various Payload wordlists

  23565

• MobSF/Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  Language:JavaScript17.4k3.2k

• epinna/tplmap

  Server-Side Template Injection and Code Injection Detection and Exploitation Tool

  Language:Python3.8k671

• orangetw/Tiny-URL-Fuzzer

  A tiny and cute URL fuzzer

  Language:Python38783

• swisskyrepo/SSRFmap

  Automatic SSRF fuzzer and exploitation tool

  Language:Python3k521

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python61.1k14.6k

• 0xInfection/XSRFProbe

  The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

  Language:Python1.1k208