Penetration Testing

Open-source platform for pentest reporting and security team collaboration

A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.

PlexTrac is a centralized platform for penetration test reporting and threat exposure management that helps security teams streamline assessment workflows, prioritize remediation, and track security posture improvements.

A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.

A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.

A tool to easily automate and multithread your pentesting and bug bounty workflow without any coding

A penetration testing framework for identifying and exploiting vulnerabilities.

A scripting engine for interacting with GraphQL endpoints for pentesting purposes.

SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.

A directory traversal fuzzer for finding and exploiting directory traversal vulnerabilities.

A tool for automated HTTP header injection

A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.

Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.

A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.

A subdomain enumeration tool for bug hunting and pentesting

A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.

A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.

A tool to declutter URL lists for crawling and pentesting

A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.

A tool for analyzing pentest screenshots using a convolutional neural network

An advanced cross-platform tool for detecting and exploiting SQL injection security flaws

FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.

Modular framework for web services penetration testing with support for various attacks.