29 open-source projects similar to cujanovic/ssrf-testing, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best SSRF Testing alternative.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
tplmap is a security tool designed for the detection and exploitation of server-side template injection vulnerabilities. It functions as an automated scanner to identify vulnerable template engine contexts and provides a framework for achieving remote code execution. The tool focuses on translating high-level requests into engine-specific syntax to execute operating system commands and bypass application sandboxes. It further enables remote file system access, allowing users to read, write, and transfer files between a local machine and a target server. Additional capabilities include the ab
A high performance offensive security tool for reconnaissance and vulnerability scanning
Astra is a security analysis system and scanner designed to identify vulnerabilities and security flaws in REST API endpoints. It functions as a security testing tool that automatically detects common API weaknesses during development and deployment cycles. The project provides a graphical interface for triggering and monitoring security scanning processes, removing the requirement for manual command line execution. This management UI allows for the oversight of scanning workflows and the retrieval of vulnerability reports. The system supports the import of collection files to map endpoints
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.
ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java app
fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
GitTools is a collection of security utilities designed to identify, scan, and exploit exposed version control directories on web servers. The project provides tools to locate publicly accessible Git directories and extract their contents to identify information leaks. The suite includes capabilities for downloading files and folder structures from remote repositories even when directory listing is disabled. It also features a recovery system that iterates through commit objects to restore content from incomplete or corrupted version control data.
IIS Short Name Scanner - 2012-2023 & Still Giving...
🔪 :octocat: Leak git repositories from misconfigured websites
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
Gobuster is a command-line security utility designed for brute-force discovery of hidden infrastructure and content. It operates by systematically testing wordlists against target network services to identify files, directories, subdomains, and cloud storage buckets. The tool utilizes a concurrent worker pool to execute these requests in parallel, ensuring efficient scanning across various network environments. The project distinguishes itself through a modular plugin architecture that supports multiple discovery modes, including HTTP, DNS, and TFTP. This design allows for protocol-agnostic r
Deserialization payload generator for a variety of .NET formatters
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best tu upload web shells or any malicious file…