999 Open source projects that are alternatives of or similar to 3klcon

Pentest: Subdomains enumeration tool for penetration testers.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

This repository created for personal use and added tools from my latest blog post.

🆕 The Multi-Tool Web Vulnerability Scanner.

Automated Web Recon Shell Scripts

A tool to fastly get all javascript sources/files

A Tool for Domain Flyovers

Making Favicon.ico based Recon Great again !

Change monitoring app that checks the content of web pages in different periods.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

An automated approach to performing recon for bug bounty hunting and penetration testing.

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Related subdomains finder

apkizer is a mass downloader for android applications for all available versions.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Urls de-duplication tool for better recon.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

An automated target reconnaissance pipeline.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Simple shell script for automated domain recognition with some tools

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion

A collection of awesome one-liner scripts especially for bug bounty tips.

Web path scanner

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Intelligence and Reconnaissance Package/Bundle installer.

Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.

All about bug bounty (bypasses, payloads, and etc)

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Python library and CLI for the Bug Bounty Recon API

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Tools for Hacking

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Automated Penetration Testing Framework

a recon tool that allows searching on URLs that are exposed via shortener services

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

List of Awesome Asset Discovery Resources

Discover Your Attack Surface!

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Semi-automatic OSINT framework and package manager

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.