Highlights
- Pro
sec web
Detect and bypass web application firewalls and protection systems
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities.
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Burp Plugin to decrypt AES encrypted traffic on the fly
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
WebGoat is a deliberately insecure application
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Search for Directory Traversal Vulnerabilities
The Swiss Army knife for automated Web Application Testing
Gospider - Fast web spider written in Go
Scan for misconfigured S3 buckets across S3-compatible APIs!
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Collection of methodology and test case for various web vulnerabilities.
The Offensive Manual Web Application Penetration Testing Framework.
Security Tool to Look For Interesting Files in S3 Buckets
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
A next-generation crawling and spidering framework.