Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (-88.55%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-91.56%)
GogitdumperDump exposed HTTP .git fast
Stars: ✭ 27 (-98.89%)
reFlutterFlutter Reverse Engineering Framework
Stars: ✭ 698 (-71.26%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (-45.7%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (-64.64%)
CloudscraperCloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Stars: ✭ 276 (-88.64%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (-19.76%)
ORtesterOpen Redirect scanner - (out of date)
Stars: ✭ 24 (-99.01%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (-62.33%)
SecurityExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.
Stars: ✭ 301 (-87.61%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (-45.82%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-98.56%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (-67.64%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-98.23%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-94.24%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-99.01%)
ParamspiderMining parameters from dark corners of Web Archives
Stars: ✭ 781 (-67.85%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (-79.13%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-96.34%)
EagleMultithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-96.5%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (-68.71%)
aneweranewer appends lines from stdin to a file if they don't already exist in the file. This is a rust version of https://github.com/tomnomnom/anew
Stars: ✭ 46 (-98.11%)
CorsmeCross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-95.14%)
frida setupOne-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-98.07%)
Bypass Firewalls By Dns HistoryFirewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (-69.58%)
fresh.pyAn efficient multi-threaded DNS resolver validator
Stars: ✭ 80 (-96.71%)
BugHunterNo description or website provided.
Stars: ✭ 23 (-99.05%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (-70.89%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-93.91%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-59.9%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-88.84%)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-98.93%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+198.31%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (-50.84%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (-73.49%)
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-88.97%)
hinjectHost Header Injection Checker
Stars: ✭ 64 (-97.37%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-95.35%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (-74.97%)
Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-96.05%)
BrutexAutomatically brute force all services running on a target.
Stars: ✭ 974 (-59.9%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-88.97%)
SubWalkerSimultaneously execute various subdomain enumeration tools and aggregate results.
Stars: ✭ 26 (-98.93%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (-52.24%)
recceDomain availbility checker
Stars: ✭ 30 (-98.76%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-94.61%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (-72.25%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (-76.78%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (-86.7%)
S3reverseThe format of various s3 buckets is convert in one format. for bugbounty and security testing.
Stars: ✭ 61 (-97.49%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (-59.86%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: ✭ 257 (-89.42%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+1254.84%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+11.45%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+7.74%)
AutosetupAuto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-94.24%)