DeadDNSDNS hijacking via dead records automation tool
Stars: ✭ 44 (-98.19%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (-50.19%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-99.42%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+23.34%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (-93.7%)
hack-pet🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Stars: ✭ 77 (-96.83%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-94.94%)
cf-checkCloudFlare Checker written in Go
Stars: ✭ 147 (-93.95%)
Aws ScannerScans a list of websites for Cloudfront or S3 Buckets
Stars: ✭ 93 (-96.17%)
GreconYour Google Recon is Now Automated
Stars: ✭ 119 (-95.1%)
Crlf Injection ScannerCommand line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (-96.25%)
CspGiven a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Stars: ✭ 89 (-96.34%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (-20.63%)
HackeronedbThe unofficial HackerOne disclosure Timeline
Stars: ✭ 117 (-95.18%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (-50.39%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (-52.08%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (-95.27%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-97.45%)
ZileExtract API keys from file or url using by magic of python and regex.
Stars: ✭ 61 (-97.49%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (-24.37%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-95.35%)
Differerdifferer finds how URLs are parsed by different languages in order to help bug hunters break filters
Stars: ✭ 56 (-97.69%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (-45.7%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-19.76%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (-45.82%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-94.24%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-96.34%)
CorsmeCross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-95.14%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-93.91%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (-50.84%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-95.35%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (-52.24%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-94.61%)
S3reverseThe format of various s3 buckets is convert in one format. for bugbounty and security testing.
Stars: ✭ 61 (-97.49%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-95.31%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-97.69%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-93.82%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (-55.83%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+269.74%)
HaliveA fast http and https prober, to check which URLs are alive
Stars: ✭ 47 (-98.07%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-94.81%)
DekstereconWeb Application recon automation
Stars: ✭ 109 (-95.51%)
Bug Bounty ResponsesA collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-98.11%)
UddupUrls de-duplication tool for better recon.
Stars: ✭ 103 (-95.76%)
Pcwt Stars: ✭ 46 (-98.11%)
DrishtiA fast HTTP Response status checker implemented in Python3
Stars: ✭ 46 (-98.11%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-94.15%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-94.9%)
Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.
Stars: ✭ 1,354 (-44.26%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (-57.76%)
AwsbucketdumpSecurity Tool to Look For Interesting Files in S3 Buckets
Stars: ✭ 1,021 (-57.97%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (-44.13%)