🛡️ Open-source and next-generation Web Application Firewall (WAF)

DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Making Favicon.ico based Recon Great again !

🎯 Fast CORS misconfiguration vulnerabilities scanner

Modern Python library for HTTP security headers (CSP, HSTS, etc.) with secure defaults and presets for Shiny, FastAPI, Django, Flask, and other ASGI/WSGI apps.

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

java source code static code analysis and danger function identify prog

Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

Security Testing Scripts for JWT

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

🔨 A multiple reverse shell session/client manager via terminal

Python library and CLI for the Bug Bounty Recon API

恶意IP全自动封禁平台。支持收集如下安全设备告警：长亭WAF社区版（SafeLine）、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、天融信WAF、科来网络安全分析审计系统、深信服态势感知、启明星辰全网安全态势感知系统。支持如下设备联动封禁：RouterOS、OPNsense、CheckPoint、旁路阻断（无需设备配合）、BGP、奇安信防火墙、天融信防火墙、深信服防火墙。

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A guided mutation-based fuzzer for ML-based Web Application Firewalls