thelikes / fuzzmost

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Pentest: Subdomains enumeration tool for penetration testers.

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

goverview - Get an overview of the list of URLs

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Related subdomains finder

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Web path scanner

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Rockyou for web fuzzing

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Decode All Bases - Base Scheme Decoder

A tool to hunt for publicly accessible DigitalOcean Spaces

OSINT Project

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Unique wordlist generator of unique wordlists.