825 Open source projects that are alternatives of or similar to 31 Days Of Api Security Tips

Related subdomains finder

Pentest: Subdomains enumeration tool for penetration testers.

A Tool for Domain Flyovers

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Subdomain Takeover tool written in Go

🎯 XML External Entity (XXE) Injection Payload List

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Web path scanner

RFD Checker - security CLI tool to test Reflected File Download issues

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Misc. Public Reports of Penetration Testing and Security Audits.

Turn your VPS into an attack box

Little Bug Bounty & Hacking Tools⚔️

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Yet Another PHP Shell - The most complete PHP reverse shell

A python tool to check subdomain takeover vulnerability

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Pentest/BugBounty progress control with scanning modules

An automated approach to performing recon for bug bounty hunting and penetration testing.

The fastest dork scanner written in Go.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

平常看到好的渗透hacking工具和多领域效率工具的集合

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

One-click installer for Frida and Burp certs for SSL Pinning bypass

Vulnerability Dashboard

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Awesome cloud enumerator

Selenium powered Python script to automate searching for vulnerable web apps.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

XSS in pastebin.com and reddit.com via unsanitized markdown output

A fast DOM based XSS vulnerability scanner with simplicity.

Hetty is an HTTP toolkit for security research.

Extract subdomains from SSL certificates in HTTPS sites.

A list of interesting payloads, tips and tricks for bug bounty hunters.

A curated list of awesome infosec courses and training resources.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Intelligence tool but without API key

Hershell is a simple TCP reverse shell written in Go.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Pentest Report Generator

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Powerfull XSS Scanning and Parameter analysis tool&gem

Most usable tools for iOS penetration testing

A big list of Android Hackerone disclosed reports and other resources.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

OSINT Swiss Army Knife

Automated Red Team Infrastructure deployement using Docker

A collection of awesome one-liner scripts especially for bug bounty tips.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Multi Tool Subdomain Enumeration

A collection of various GitHub gists for hackers, pentesters and security researchers

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.