zsahi's Stars
arkadiyt/bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
lanjelot/patator
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
lobuhi/byp4xx
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
PortSwigger/hackbar
HackBar plugin for Burpsuite
koutto/web-brutator
Fast Modular Web Interfaces Bruteforcer
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
charles2gan/GDA-android-reversing-Tool
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
ewilded/psychoPATH
psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
TROUBLE-1/Type-juggling
Lab that will help you to understand how type juggling vulnerability works.
wireghoul/graudit
grep rough audit - source code auditing tool
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
0wa1s/broken.net
byt3bl33d3r/CrackMapExec
A swiss army knife for pentesting networks
JGillam/SerPHPer
Serialized PHP toolkit for Burp Suite
Coalfire-Research/Slackor
A Golang implant that uses Slack as a command and control server
steverobbins/magescan
Scan a Magento site for information
rebootuser/LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
Mr-Un1k0d3r/SPFAbuse
SPF are not as strong as you may think. Red Team tool to send email on behalf of your target corp
OlivierLaflamme/Cheatsheet-God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
FuzzySecurity/Sharp-Suite
Also known by Microsoft as Knifecoat :hot_pepper:
infosecn1nja/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
CSPF-Founder/ASPVulnerableLab
Vulnerable ASP based Web Application
Ebryx/AES-Killer
Burp Plugin to decrypt AES encrypted traffic on the fly
d3vilbug/HackBar
HackBar plugin for Burpsuite