gosirys
Follow
HackingTools
Check your WAF before an attacker does
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…
gup aka Get All Urls parameters to create wordlists for brute forcing parameters.
🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
A Nmap XSL implementation with Bootstrap.
Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
A tool to exploit .NET Remoting Services
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
Take a list of domains/subdomains and probe for working http/https server.
Bypassing WAF by abusing SSL/TLS Ciphers
Grammar-based HTTP/1 fuzzer with mutation ability
A sqlmap tamper script for manipulating parameters within a serialized PHP array.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
Albatar is a SQLi exploitation framework in Python
automated web assets enumeration & scanning [DEPRECATED]
A Burp Suite extension to extract datas from source code while browsing.
Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
Cloudflare, Sucuri, Incapsula real IP tracker.
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…