wewe
Concord - workflow orchestration and continuous deployment management
The flexible backend for all your projects 🐰 Turn your DB into a headless CMS, admin panels, or apps with a custom UI, instant APIs, auth & more.
Automatic SSTI detection tool with interactive interface
CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
GPT-3 found hundreds of security vulnerabilities in this repo
BurpSuite Extension: A one-stop pen testing checklist and logger tool
BurpSuite Extension: A one-stop pen testing checklist and logger tool
An easy but powerful hack of the standard copy-paste behaviour of any browser
A node.js version management utility for Windows. Ironically written in Go.
A small collection of vulnerable code snippets
Kraken, a modular multi-language webshell coded by @secu_x11
Check your WAF before an attacker does
Tips on how to write exploit scripts (faster!)
Detect and bypass web application firewalls and protection systems
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
A proof-of-concept malicious Chrome extension
System Security Project