#vulnerabilities

Nuclei templates
sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

additional-scanner-checks
additional-scanner-checks

Collection of scanner checks missing in Burp.

DVCA
DVCA

Damn vulnerable cloud application.

Vampi
Vampi

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.

DVWS
DVWS

Vulnerable application with a web service and an API.

AzureGoat
AzureGoat

A damn vulnerable Azure infrastructure.

AWSGoat
AWSGoat

A damn vulnerable AWS infrastructure.

Grendel-Scan
Grendel-Scan

A tool for automated security scanning of web applications.

Samurai WTF
Samurai WTF

The best security training environment for developers and AppSec professionals.

WebInspect
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

Invicti
Invicti

Web Application Security For Enterprise.

Striker
Striker

Offensive information and vulnerability scanner.

RedTeam_toolkit
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

RED HAWK
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

APTRS
APTRS

Automated penetration testing reporting system.

Pentest Mapper
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

Vulmap
Vulmap

Online local vulnerability scanners project.

afrog
afrog

A vulnerability scanning tools for penetration testing.

awesome-cve-poc
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

Qualys Cloud Platform
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

LanGuard
LanGuard

Patch management, vulnerability scanning, and network auditing.

Nexpose
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

Core Impact
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

Paros Proxy
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

Nessus
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

VulnHub
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat
WebGoat

Deliberately insecure application.

bWAPP
bWAPP

An extremely buggy web application!.

Vuls
Vuls

Agent-less vulnerability scanner.

Weaponised XSS Payloads
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

Apidor
Apidor

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

MagicRecon
MagicRecon

A powerful shell script to maximize the recon and data collection process.

Trishul
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

Bug Bounty Reference
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

AllAboutBugBounty
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

SQLRecon
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

DependencyCheck
DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

TheftFuzzer
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

BurpSuiteHTTPSmuggler
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

JSgen
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

Kadimus
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

Acunetix
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

OpenVAS
OpenVAS

This repository contains the scanner component for Greenbone Community Edition.

Bugcrowd VRT
Bugcrowd VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities.

Exploitalert
Exploitalert

Exploits found on the INTERNET.

The Exploit Database
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

burp-vulners-scanner
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

HTTPoxy Scanner
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

UploadScanner
UploadScanner

HTTP file upload scanner for Burp Proxy.

BurpSentinel
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

Eagle
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

backslash-powered-scanner
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

flan
flan

A pretty sweet vulnerability scanner.

takeover
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

Second Order
Second Order

Second-order subdomain takeover scanner.

HostileSubBruteforcer
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

tko-subs
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

subHijack
subHijack

Hijacking forgotten & misconfigured subdomains.

Can I take over XYZ?
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

SubOver
SubOver

A Powerful Subdomain Takeover Tool.

git-vuln-finder
git-vuln-finder

Find potential software vulnerabilities from git commit messages.

XSS'OR
XSS'OR

Hack with JavaScript.

xsscrapy
xsscrapy

Fast, thorough, XSS/SQLi spider.

Sleepy Puppy
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

ezXSS
ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

XSSer
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

Tracy
Tracy

Assists with finding all sinks and sources of a webapp and display the results in a nice way.

xssValidator
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

bXSS
bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

XSS Radar
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

BruteXSS
BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

DOMDig
DOMDig

DOM XSS scanner for Single Page Applications.

Femida
Femida

Automated blind-xss search for Burp Suite.

DOM XSS Scanner
DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

XSSMap
XSSMap

Detect XSS vulnerability in Web Applications.

XSSCon
XSSCon

Simple XSS Scanner tool.

BitBlinder
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

DTD Finder
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

Ground control
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

NoSQL Injector
NoSQL Injector

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

SQLiv
SQLiv

Massive SQL injection vulnerability scanner.

andor
andor

Blind SQL Injection Tool with Golang.

SQLTruncSanner
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Burp-to-SQLMap
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

MSSQLi-DUET
MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

waybackSqliScanner
waybackSqliScanner

Gather urls from wayback machine and test each GET parameter for SQL injection.

SQLi-Hunter
SQLi-Hunter

Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

SQLiScanner
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

Extended SSRF search
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

B-XSSRF
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

SSRF Sheriff
SSRF Sheriff

A simple SSRF-testing sheriff written in Go.

httprebind
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

Gopherus
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

SSRFmap
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

h2cSmuggler
h2cSmuggler

HTTP Request Smuggling over HTTP/2 Cleartext.

Smuggler
Smuggler

An HTTP Request Smuggling / Desync testing tool.

Requests-Racer
Requests-Racer

Exploit race conditions in web apps with Requests.

dom-red
dom-red

Small script to check a list of domains against open redirect vulnerability.

Oralyzer
Oralyzer

Open Redirection Analyzer.

LFI Suite
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

Liffy
Liffy

Local file inclusion exploitation tool.

off-by-slash
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

DotDotPwn
DotDotPwn

The Directory Traversal Fuzzer.

Injectus
Injectus

CRLF and open redirect fuzzer.

CRLF-Injection-Scanner
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFsuite
CRLFsuite

The most powerful CRLF injection scanner.

CorsMe
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORS Scanner
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CORStest
CORStest

A simple CORS misconfiguration scanner.

Corsy
Corsy

CORS Misconfiguration Scanner.

jSQL Injection
jSQL Injection

Java application for automatic SQL database injection.

BeEF
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

CRLFMap
CRLFMap

CRLFMap is a tool to find HTTP Splitting vulnerabilities.

FinDOM-XSS
FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

http-request-smuggling
http-request-smuggling

HTTP Request Smuggling Detection Tool.

FDsploit
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

kxss
kxss

Adaption of tomnomnom's kxss tool with a different output format.

OpenRedireX
OpenRedireX

A Fuzzer for OpenRedirect issues.

mx-takeover
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

reconFTW
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

Venom
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

w3af
w3af

Web Application Attack and Audit Framework.

tplmap
tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

Ghauri
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

Knoxnl
Knoxnl

This is a python wrapper around the amazing KNOXSS.

SQLninja
SQLninja

Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.

NoSQLMap
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

SSRFTest
SSRFTest

SSRF testing tool.

sqlmap
sqlmap

Automatic SQL injection and database takeover tool.

Subjack
Subjack

Subdomain Takeover tool written in Go.

KNOXSS
KNOXSS

Online XSS tool with demonstration of vulnerability.

Commix
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

DalFox
DalFox

Powerful open source XSS scanning tool and parameter analyzer.

XSStrike
XSStrike

Most advanced XSS scanner.