ODAT Oracle Database Attacking Tool
smuggler An HTTP Request Smuggling / Desync testing tool written in Python
h2cSmuggler HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Chankro Herramienta para evadir disable_functions y open_basedir
TPscan 一键ThinkPHP漏洞检测
dedecmscan 织梦全版本漏洞扫描
ShiroScan Shiro<=1.2.4反序列化检测工具
fastjson rce tool fastjson命令执行利用工具
dnsReaper dnsReaper - subdomain takeover tool
singularity A DNS rebinding attack framework by NGC Group
DTD Finder List DTDs and generate XXE payloads using those local DTDs
Java Serialization Dumper A tool to dump Java serialization streams in a more human readable form
marshalsec Java Unmarshaller Security - Turning your data into code execution
gadgetinspector A byte code analyzer for finding deserialization gadget chains in Java applications
fastjsonScan fastjson漏洞burp插件
viewgen ASP.NET ViewState Generator
Rogue JNDI A malicious LDAP server for JNDI injection attacks
Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
toxy Hackable HTTP proxy for resiliency testing and simulated network conditions
bettercap The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks
Regexploit Find regular expressions which are vulnerable to ReDoS
go shellcode A repository of Windows Shellcode runners and supporting utilities
thc ipv6 IPv6 attack toolkit
PyWSUS a standalone implementation of a legitimate WSUS server which sends malicious responses to clients