payloads - Git All the Payloads! A collection of web attack payloads.

•    Shell

---

run ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.

payload payloads xss sqli web-attack-payloads passwords

SQLInjectionWiki - A wiki focusing on aggregating and documenting various SQL injection methods

•    HTML

---

A wiki focusing on aggregating and documenting various SQL injection methods

sql injection sqli netspi mysql oracle sqlserver mssql wiki

BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website

•    Python

---

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.

web application scanner osint fuzzer owasp vulnerability spider passive active sqli xss lfi rfi rce csrf automated scan report

ATSCAN - Advanced Search & Mass Exploit Scanner- فاحص متقدم لبحث و استغلال الثغرات بالجملة

•    Perl

---

● Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Extern commands execution. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress and Joomla sites. ● Find Admin page. ● Decode / Encode Base64 / MD5 ● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● Interactive and Normal interface. ● And more...

dork server engine scanner xss lfi rfi ports exploitation sqli data vulnerability-scanners system security tools portscan shell web-application mass-exploitation-scanner

fusker - Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io

•    CoffeeScript

---

You think you're one raw dog? fusker.nodester.com Come at me bro. Please see this for a working express example. It's as easy as app.use(fusker.express.check); Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.

fusker hack protect csrf lfi xss sqli injection attack blacklist express socket security firewall

vandium-node - AWS Lambda framework for building functions using Node

•    Javascript

---

AWS Lambda framework for building functions using Node.js for API Gateway, IoT applications, and other AWS events. Install via npm.

aws-lambda aws-lambda-framework jwt aws lambda framework validation wrapper api gateway sql sql-injection sqli injection attack iot serverless

albatar - Albatar is a SQLi exploitation framework in Python

•    Python

---

I wrote Albatar to have a neat and tidy tool to exploit SQL Injection vulnerabilities. Unlike sqlmap, Albatar will not detect SQL Injection vulnerabilities, it was primarily designed to help me exploit not-so-straightforward SQLIs where sqlmap would need tweaking and patching to work.

sqli

sqli - A Laravel Artisan SQL Interactive Interface

•    PHP

---

A Laravel 4 & 5 Artisan SQL Interactive Interface, plus a handful of Artisan commands to execute SQL queries.

sqli sqlite laravel databases

libinjection-rs - Rust bindings for libinjection

•    Rust

---

Rust bindings for libinjection. Fingerprints: Please refer to fingerprints.txt.

libinjection rust-bindings sqli xss rust-crate

Offensive-Dockerfiles - Personal implementation of offensive tools as Dockerfiles

•    Python

---

Personal implementation of offensive tools as Dockerfiles. Uses either alpine or python-slim base

docker pentest sqli osint offensive-security infosec hacking