InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (-25.56%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-82.17%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-83.64%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+609.7%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+88.83%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-70.91%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+3123.21%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-81.39%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+279.33%)
S3ScanScript to spider a website and find publicly open S3 buckets
Stars: ✭ 21 (-97.94%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (-10.38%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-86.29%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-81.49%)
FdsploitFile Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-80.51%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-86.09%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-96.08%)
Aws ScannerScans a list of websites for Cloudfront or S3 Buckets
Stars: ✭ 93 (-90.89%)
WhoEnumMass querying whois records
Stars: ✭ 24 (-97.65%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-98.53%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-24.88%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (-15.87%)
ggtfobinsGet GTFOBins info about a given exploit from the command line
Stars: ✭ 27 (-97.36%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-88.34%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (-58.77%)
ReconnoitreA security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+78.65%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-96.57%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-95.79%)
PandorasBoxSecurity tool to quickly audit Public Box files and folders.
Stars: ✭ 56 (-94.52%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-84.13%)
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-88.25%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-81.68%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-82.08%)
Oscp AutomationA collection of personal scripts used in hacking excercises.
Stars: ✭ 118 (-88.44%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+53.97%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-71.2%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-94.32%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-90.6%)
Rapidscan🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (-24.09%)
graphw00fgraphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Stars: ✭ 260 (-74.53%)
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-88.64%)
auto-recon-ngAutomated script to run all modules for a specified list of domains, netblocks or company name
Stars: ✭ 17 (-98.33%)
bug-bountyMy personal bug bounty toolkit.
Stars: ✭ 127 (-87.56%)
centCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (-69.15%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-95.79%)
hinjectHost Header Injection Checker
Stars: ✭ 64 (-93.73%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✭ 53 (-94.81%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-95.59%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (-32.62%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+232.13%)
Ctf NotesEverything needed for doing CTFs
Stars: ✭ 304 (-70.23%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-62.59%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-73.75%)
ErodirA fast web directory/file enumeration tool written in Rust
Stars: ✭ 94 (-90.79%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (-79.63%)
WriteupsThis repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-94.03%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-58.18%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+0.1%)