#vulnerabilities

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

APTRS on offsec.tools
Featured
APTRS

Automated penetration testing reporting system.

additional-scanner-checks on offsec.tools
additional-scanner-checks

Collection of scanner checks missing in Burp.

DVCA on offsec.tools
DVCA

Damn vulnerable cloud application.

Vampi on offsec.tools
Vampi

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.

DVWS on offsec.tools
DVWS

Vulnerable application with a web service and an API.

AzureGoat on offsec.tools
AzureGoat

A damn vulnerable Azure infrastructure.

AWSGoat on offsec.tools
AWSGoat

A damn vulnerable AWS infrastructure.

Grendel-Scan on offsec.tools
Grendel-Scan

A tool for automated security scanning of web applications.

Samurai WTF on offsec.tools
Samurai WTF

The best security training environment for developers and AppSec professionals.

WebInspect on offsec.tools
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

Invicti on offsec.tools
Invicti

Web Application Security For Enterprise.

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

RedTeam_toolkit on offsec.tools
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Pentest Mapper on offsec.tools
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

Vulmap on offsec.tools
Vulmap

Online local vulnerability scanners project.

afrog on offsec.tools
afrog

A vulnerability scanning tools for penetration testing.

awesome-cve-poc on offsec.tools
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc on offsec.tools
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

Qualys Cloud Platform on offsec.tools
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

LanGuard on offsec.tools
LanGuard

Patch management, vulnerability scanning, and network auditing.

Nexpose on offsec.tools
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

Core Impact on offsec.tools
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

Paros Proxy on offsec.tools
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

Nessus on offsec.tools
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

VulnHub on offsec.tools
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat on offsec.tools
WebGoat

Deliberately insecure application.

bWAPP on offsec.tools
bWAPP

An extremely buggy web application!.

Vuls on offsec.tools
Vuls

Agent-less vulnerability scanner.

Weaponised XSS Payloads on offsec.tools
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

Apidor on offsec.tools
Apidor

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

MagicRecon on offsec.tools
MagicRecon

A powerful shell script to maximize the recon and data collection process.

Trishul on offsec.tools
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

Bug Bounty Reference on offsec.tools
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

AllAboutBugBounty on offsec.tools
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

SQLRecon on offsec.tools
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

DependencyCheck on offsec.tools
DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

TheftFuzzer on offsec.tools
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

BurpSuiteHTTPSmuggler on offsec.tools
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

JSgen on offsec.tools
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

Kadimus on offsec.tools
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

Acunetix on offsec.tools
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

OpenVAS on offsec.tools
OpenVAS

This repository contains the scanner component for Greenbone Community Edition.

Bugcrowd VRT on offsec.tools
Bugcrowd VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities.

Exploitalert on offsec.tools
Exploitalert

Exploits found on the INTERNET.

The Exploit Database on offsec.tools
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

burp-vulners-scanner on offsec.tools
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

HTTPoxy Scanner on offsec.tools
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

UploadScanner on offsec.tools
UploadScanner

HTTP file upload scanner for Burp Proxy.

BurpSentinel on offsec.tools
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

Eagle on offsec.tools
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

backslash-powered-scanner on offsec.tools
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

flan on offsec.tools
flan

A pretty sweet vulnerability scanner.

takeover on offsec.tools
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

HostileSubBruteforcer on offsec.tools
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

tko-subs on offsec.tools
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

subHijack on offsec.tools
subHijack

Hijacking forgotten & misconfigured subdomains.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

SubOver on offsec.tools
SubOver

A Powerful Subdomain Takeover Tool.

git-vuln-finder on offsec.tools
git-vuln-finder

Find potential software vulnerabilities from git commit messages.

XSS'OR on offsec.tools
XSS'OR

Hack with JavaScript.

xsscrapy on offsec.tools
xsscrapy

Fast, thorough, XSS/SQLi spider.

Sleepy Puppy on offsec.tools
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

ezXSS on offsec.tools
ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

XSSer on offsec.tools
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear on offsec.tools
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

Tracy on offsec.tools
Tracy

Assists with finding all sinks and sources of a webapp and display the results in a nice way.

xssValidator on offsec.tools
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

bXSS on offsec.tools
bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

XSS Radar on offsec.tools
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

BruteXSS on offsec.tools
BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

DOMDig on offsec.tools
DOMDig

DOM XSS scanner for Single Page Applications.

Femida on offsec.tools
Femida

Automated blind-xss search for Burp Suite.

DOM XSS Scanner on offsec.tools
DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

XSSMap on offsec.tools
XSSMap

Detect XSS vulnerability in Web Applications.

XSSCon on offsec.tools
XSSCon

Simple XSS Scanner tool.

BitBlinder on offsec.tools
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

DTD Finder on offsec.tools
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

Ground control on offsec.tools
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

NoSQL Injector on offsec.tools
NoSQL Injector

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

SQLiv on offsec.tools
SQLiv

Massive SQL injection vulnerability scanner.

andor on offsec.tools
andor

Blind SQL Injection Tool with Golang.

SQLTruncSanner on offsec.tools
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Burp-to-SQLMap on offsec.tools
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

MSSQLi-DUET on offsec.tools
MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

waybackSqliScanner on offsec.tools
waybackSqliScanner

Gather urls from wayback machine and test each GET parameter for SQL injection.

SQLi-Hunter on offsec.tools
SQLi-Hunter

Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

SQLiScanner on offsec.tools
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

Extended SSRF search on offsec.tools
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

B-XSSRF on offsec.tools
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

SSRF Sheriff on offsec.tools
SSRF Sheriff

A simple SSRF-testing sheriff written in Go.

httprebind on offsec.tools
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

Gopherus on offsec.tools
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

h2cSmuggler on offsec.tools
h2cSmuggler

HTTP Request Smuggling over HTTP/2 Cleartext.

Smuggler on offsec.tools
Smuggler

An HTTP Request Smuggling / Desync testing tool.

Requests-Racer on offsec.tools
Requests-Racer

Exploit race conditions in web apps with Requests.

dom-red on offsec.tools
dom-red

Small script to check a list of domains against open redirect vulnerability.

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

LFI Suite on offsec.tools
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

Liffy on offsec.tools
Liffy

Local file inclusion exploitation tool.

off-by-slash on offsec.tools
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

DotDotPwn on offsec.tools
DotDotPwn

The Directory Traversal Fuzzer.

Injectus on offsec.tools
Injectus

CRLF and open redirect fuzzer.

CRLF-Injection-Scanner on offsec.tools
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFsuite on offsec.tools
CRLFsuite

The most powerful CRLF injection scanner.

CorsMe on offsec.tools
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORS Scanner on offsec.tools
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CORStest on offsec.tools
CORStest

A simple CORS misconfiguration scanner.

Corsy on offsec.tools
Corsy

CORS Misconfiguration Scanner.

jSQL Injection on offsec.tools
jSQL Injection

Java application for automatic SQL database injection.

BeEF on offsec.tools
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

CRLFMap on offsec.tools
CRLFMap

CRLFMap is a tool to find HTTP Splitting vulnerabilities.

FinDOM-XSS on offsec.tools
FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

http-request-smuggling on offsec.tools
http-request-smuggling

HTTP Request Smuggling Detection Tool.

FDsploit on offsec.tools
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

kxss on offsec.tools
kxss

Adaption of tomnomnom's kxss tool with a different output format.

OpenRedireX on offsec.tools
OpenRedireX

A Fuzzer for OpenRedirect issues.

mx-takeover on offsec.tools
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

reconFTW on offsec.tools
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

Venom on offsec.tools
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

w3af on offsec.tools
w3af

Web Application Attack and Audit Framework.

tplmap on offsec.tools
tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

Ghauri on offsec.tools
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

Knoxnl on offsec.tools
Knoxnl

This is a python wrapper around the amazing KNOXSS.

SQLninja on offsec.tools
SQLninja

Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.

NoSQLMap on offsec.tools
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

SSRFTest on offsec.tools
SSRFTest

SSRF testing tool.

sqlmap on offsec.tools
sqlmap

Automatic SQL injection and database takeover tool.

Subjack on offsec.tools
Subjack

Subdomain Takeover tool written in Go.

KNOXSS on offsec.tools
KNOXSS

Online XSS tool with demonstration of vulnerability.

Commix on offsec.tools
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

DalFox on offsec.tools
DalFox

Powerful open source XSS scanning tool and parameter analyzer, utility.

XSStrike on offsec.tools
XSStrike

Most advanced XSS scanner.