MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+68.75%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-85.42%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1908.33%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+3482.29%)
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-60.42%)
Vxscanpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+1195.83%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (+29.17%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (+1155.21%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+97.92%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (+282.29%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+430.21%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+487.5%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (+77.08%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+76.04%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (+18.75%)
Hacker ContainerContainer with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (+9.38%)
RecsechRecsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (+80.21%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+89.58%)
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+2932.29%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (+47.92%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (+204.17%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+259.38%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+344.79%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+297.92%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+698.96%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+853.13%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+1017.71%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (+36.46%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (+636.46%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+1313.54%)
Golang TlsSimple Golang HTTPS/TLS Examples
Stars: ✭ 857 (+792.71%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (+17.71%)
DekstereconWeb Application recon automation
Stars: ✭ 109 (+13.54%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+1813.54%)
Bypass Firewalls By Dns HistoryFirewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (+669.79%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (+78.13%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (+94.79%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (+62.5%)
Zbn安全编排与自动化响应平台
Stars: ✭ 201 (+109.38%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+107.29%)
Blind-SSRFNuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (+15.63%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+691.67%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+3432.29%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (+189.58%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (+273.96%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (+182.29%)
Appinfoscanner一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (+341.67%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+344.79%)
IosMost usable tools for iOS penetration testing
Stars: ✭ 563 (+486.46%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+236.46%)
Articles Translator📚Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Stars: ✭ 606 (+531.25%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-35.42%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+1112.5%)
Aws Securitygroup GrapherThis ansible role gets information from an AWS VPC and generate a graphical representation of security groups
Stars: ✭ 93 (-3.12%)
Envkey AppSecure, human-friendly, cross-platform secrets and config.
Stars: ✭ 83 (-13.54%)