dwisiswant0 / hinject

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Awesome Vulnerable Applications

My personal bug bounty toolkit.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Pentest: Subdomains enumeration tool for penetration testers.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

It's a Docker Environment for pentesting which having all the required tool for VAPT.