leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+1167.5%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+15337.5%)
DekstereconWeb Application recon automation
Stars: ✭ 109 (+172.5%)
Git HoundReconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (+1405%)
Spaces FinderA tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (+205%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (+227.5%)
Osint Tools👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (+287.5%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+322.5%)
Intrec PackIntelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (+342.5%)
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (+190%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (+332.5%)
DiscoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+6270%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+8377.5%)
HaliveA fast http and https prober, to check which URLs are alive
Stars: ✭ 47 (+17.5%)
CloudscraperCloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Stars: ✭ 276 (+590%)
PdlistA passive subdomain finder
Stars: ✭ 204 (+410%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (+357.5%)
webreconAutomated Web Recon Shell Scripts
Stars: ✭ 48 (+20%)
quick-recon.pyDo some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-67.5%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (+132.5%)
easyreconTool to automate recon
Stars: ✭ 37 (-7.5%)
SitedorksSearch Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+452.5%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-42.5%)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-35%)
SubWalkerSimultaneously execute various subdomain enumeration tools and aggregate results.
Stars: ✭ 26 (-35%)
GitmonitorOne way to continuously monitor sensitive information that could be exposed on Github
Stars: ✭ 115 (+187.5%)
apkpure getapkpure.com apk downloader
Stars: ✭ 42 (+5%)
NtlmreconEnumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (+530%)
XposedOrNotXposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Stars: ✭ 120 (+200%)
myplanet🌕 myPlanet android app reads data from 🌎 for offline use as well as it collect usage data and sends them back to the Planet.
Stars: ✭ 17 (-57.5%)
Git-SecretGo scripts for finding sensitive data like API key / some keywords in the github repository
Stars: ✭ 156 (+290%)
KivyMLAppThe repository host the API for the ML model via FastAPI, Flask and contains android app development files using KivyMD.
Stars: ✭ 54 (+35%)
Bugs-feedBug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+125%)
Awesome-CyberSec-ResourcesAn awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)
Stars: ✭ 273 (+582.5%)
Node Google PlayGet details and download apps from https://play.google.com by emulating an Android (Nexus 5X) device by default. For a rust version of this library check out https://github.com/dweinstein/rs-google-play
Stars: ✭ 247 (+517.5%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (+0%)
PrismPrism is a beautiful open-source wallpapers app for Android. It is built with Dart on top of Google's Flutter Framework.
Stars: ✭ 241 (+502.5%)
ApkmodApkmod can decompile, recompile, sign APK, and bind the payload with any legit APP
Stars: ✭ 235 (+487.5%)
rest-apiREST API backend for Reconmap
Stars: ✭ 48 (+20%)
hunter🐺 Command-line application and golang client library for hunter.io
Stars: ✭ 28 (-30%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (+162.5%)
PlaymakerFdroid repository manager fetching apps from Play Store
Stars: ✭ 236 (+490%)
APK-InstallerAn Android Application Installer for Windows
Stars: ✭ 1,076 (+2590%)
EmissarySend notifications on different channels such as Slack, Telegram, Discord etc.
Stars: ✭ 33 (-17.5%)
Frida Skeleton基于frida的安卓hook框架,提供了很多frida自身不支持的功能,将hook安卓变成简单便捷,人人都会的事情
Stars: ✭ 222 (+455%)
BuildapksReally quickly build APKs on handheld device (smartphone or tablet) in Amazon, Android, Chromebook and Windows📲 See https://buildapks.github.io/docsBuildAPKs/setup to start building APKs.
Stars: ✭ 218 (+445%)
o365chkSimple Python tool to check if there is an Office 365 instance linked to a domain.
Stars: ✭ 37 (-7.5%)
XapkdetectorAPK/DEX detector for Windows, Linux and MacOS.
Stars: ✭ 208 (+420%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+1095%)
Awesome-HTTPRequestSmugglingA curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
Stars: ✭ 97 (+142.5%)
Apk Editor StudioPowerful yet easy to use APK editor for PC and Mac.
Stars: ✭ 197 (+392.5%)