SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (-64.64%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-19.76%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (-62.33%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (-45.82%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (-67.64%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-94.24%)
ParamspiderMining parameters from dark corners of Web Archives
Stars: ✭ 781 (-67.85%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-96.34%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (-68.71%)
CorsmeCross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-95.14%)
Bypass Firewalls By Dns HistoryFirewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (-69.58%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (-70.89%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-93.91%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+198.31%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (-50.84%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (-73.49%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-95.35%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (-74.97%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (-52.24%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-94.61%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (-76.78%)
S3reverseThe format of various s3 buckets is convert in one format. for bugbounty and security testing.
Stars: ✭ 61 (-97.49%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+1254.84%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-95.31%)
Learn365This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (-78.39%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-97.69%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-79.74%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-93.82%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-82.42%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (-55.83%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (-84.03%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-85.8%)
HaliveA fast http and https prober, to check which URLs are alive
Stars: ✭ 47 (-98.07%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-86.37%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-94.81%)
OneforallOneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+72.99%)
Bug Bounty ResponsesA collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-98.11%)
UddupUrls de-duplication tool for better recon.
Stars: ✭ 103 (-95.76%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (-87.24%)
DrishtiA fast HTTP Response status checker implemented in Python3
Stars: ✭ 46 (-98.11%)
Bugbounty CheatsheetA list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+50.02%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-94.15%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-87.77%)
AwsbucketdumpSecurity Tool to Look For Interesting Files in S3 Buckets
Stars: ✭ 1,021 (-57.97%)
Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (-88.72%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-87.98%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (-44.13%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (-57.93%)
Jsfscan.shAutomation for javascript recon in bug bounty.
Stars: ✭ 287 (-88.18%)
SubzySubdomain takeover vulnerability checker
Stars: ✭ 287 (-88.18%)
Legal Bug Bounty#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-98.27%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+39.6%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-88.39%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-95.1%)