tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-42.97%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+256.22%)
Jwt Hack🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Stars: ✭ 172 (-30.92%)
Mad MetasploitMetasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (-19.68%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-32.13%)
Php Antimalware ScannerAMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
Stars: ✭ 181 (-27.31%)
SitedorksSearch Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (-11.24%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-34.94%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1103.21%)
Di.we.hRepositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-37.35%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-26.51%)
Pi.alertWIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices
Stars: ✭ 209 (-16.06%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+1016.06%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (-31.33%)
Public Bugbounty ProgramsCommunity curated list of public bug bounty and responsible disclosure programs.
Stars: ✭ 233 (-6.43%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-34.54%)
Flutter barcode scannerBarcode scanner plugin for flutter. Supports barcode scanning for Android and iOS
Stars: ✭ 194 (-22.09%)
SiemSIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (-36.95%)
DnsprobeDNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (-11.24%)
Pyicp SlamFull-python LiDAR SLAM using ICP and Scan Context
Stars: ✭ 155 (-37.75%)
GetjsA tool to fastly get all javascript sources/files
Stars: ✭ 190 (-23.69%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (-39.76%)
Nbzxing🔥 2020年最好用的开源扫码,全方位优化,强烈推荐!! 支持多种常规zxing无法扫出的码,用就完了!! 🔥
Stars: ✭ 184 (-26.1%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1027.71%)
Biu FrameworkBiu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)
Stars: ✭ 183 (-26.51%)
BugbountyscannerA Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Stars: ✭ 229 (-8.03%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-26.91%)
PdlistA passive subdomain finder
Stars: ✭ 204 (-18.07%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (-29.72%)
AutoreconSimple shell script for automated domain recognition with some tools
Stars: ✭ 244 (-2.01%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1455.42%)
TuktukTool for catching and logging different types of requests.
Stars: ✭ 174 (-30.12%)
Url TrackerChange monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (-31.33%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-19.28%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (-31.73%)
Bountystrike ShPoor (rich?) man's bug bounty pipeline
Stars: ✭ 168 (-32.53%)
SlicerA tool to automate the boring process of APK recon
Stars: ✭ 199 (-20.08%)
Ssrf SheriffA simple SSRF-testing sheriff written in Go
Stars: ✭ 221 (-11.24%)
Jira ScanCVE-2017-9506 - SSRF
Stars: ✭ 159 (-36.14%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-21.29%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-37.35%)
CommixAutomated All-in-One OS Command Injection Exploitation Tool.
Stars: ✭ 3,016 (+1111.24%)
Awesome Bugbounty WriteupsA curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Stars: ✭ 2,429 (+875.5%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-23.69%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+987.15%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-13.25%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+951%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-24.1%)
Cc.pyExtracting URLs of a specific target based on the results of "commoncrawl.org"
Stars: ✭ 250 (+0.4%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1281.12%)
ChameleonCustomizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
Stars: ✭ 230 (-7.63%)