S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+685.12%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+610.71%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1060.12%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+707.74%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+538.69%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-25%)
AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-47.02%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-11.9%)
S3reverseThe format of various s3 buckets is convert in one format. for bugbounty and security testing.
Stars: ✭ 61 (-63.69%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-32.74%)
UddupUrls de-duplication tool for better recon.
Stars: ✭ 103 (-38.69%)
Bug Bounty ResponsesA collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-72.62%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-22.02%)
Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-42.86%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-10.71%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+683.33%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-29.17%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-7.14%)
FindsploitFind exploits in local and online databases instantly
Stars: ✭ 1,160 (+590.48%)
CorsmeCross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-29.76%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-66.67%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-15.48%)
HaliveA fast http and https prober, to check which URLs are alive
Stars: ✭ 47 (-72.02%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-32.14%)
DekstereconWeb Application recon automation
Stars: ✭ 109 (-35.12%)
Pcwt Stars: ✭ 46 (-72.62%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1047.62%)
Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.
Stars: ✭ 1,354 (+705.95%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+1511.31%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+993.45%)
Jira ScanCVE-2017-9506 - SSRF
Stars: ✭ 159 (-5.36%)
Aws ScannerScans a list of websites for Cloudfront or S3 Buckets
Stars: ✭ 93 (-44.64%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-26.19%)
Crlf Injection ScannerCommand line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (-45.83%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+1457.74%)
CspGiven a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Stars: ✭ 89 (-47.02%)
GofingerprintGoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Stars: ✭ 120 (-28.57%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (+617.26%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+592.86%)
GreconYour Google Recon is Now Automated
Stars: ✭ 119 (-29.17%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-63.1%)
ZileExtract API keys from file or url using by magic of python and regex.
Stars: ✭ 61 (-63.69%)
HackeronedbThe unofficial HackerOne disclosure Timeline
Stars: ✭ 117 (-30.36%)
Differerdifferer finds how URLs are parsed by different languages in order to help bug hunters break filters
Stars: ✭ 56 (-66.67%)
Di.we.hRepositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-7.14%)
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+5245.83%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (-31.55%)
AutosetupAuto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-16.67%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-32.74%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-2.98%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-3.57%)
Awesome Bugbounty WriteupsA curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Stars: ✭ 2,429 (+1345.83%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-16.67%)