30 open-source projects similar to codingo/nosqlmap, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best NoSQLMap alternative.
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
tplmap is a security tool designed for the detection and exploitation of server-side template injection vulnerabilities. It functions as an automated scanner to identify vulnerable template engine contexts and provides a framework for achieving remote code execution. The tool focuses on translating high-level requests into engine-specific syntax to execute operating system commands and bypass application sandboxes. It further enables remote file system access, allowing users to read, write, and transfer files between a local machine and a target server. Additional capabilities include the ab
Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str
WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the
XSStrike is an automated security scanning engine designed for web application discovery, input
🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
XSS spider - 66/66 wavsep XSS detected
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
RouterSploit is an embedded device exploitation framework and vulnerability scanner designed to identify and exploit security flaws in networked embedded hardware and firmware. It provides a centralized toolkit for scanning for known weaknesses and common misconfigurations to gain unauthorized system access. The framework includes an architecture-specific payload generator to create custom binary payloads tailored to the target hardware. It also features an automated brute force tool that uses dictionary-based credential guessing to bypass authentication on hardware devices. The tool covers
AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.
HTTP Request Smuggling Detection Tool
Burp extension to passively scan for applications revealing software version numbers
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
WRecon, is a tool for the recognition of vulnerabilities and blackbox information for wordpress.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing