992 Open source projects that are alternatives of or similar to Can I Take Over Xyz

Subdomain Takeover tool written in Go

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Misc. Public Reports of Penetration Testing and Security Audits.

Extract subdomains from SSL certificates in HTTPS sites.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

BugBounty Tool

The fastest dork scanner written in Go.

A MongoDB importer and API for Project Sonars DNS datasets

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

A collection of response templates for invalid bug bounty reports.

The Swiss Army knife for automated Web Application Testing

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Decode All Bases - Base Scheme Decoder

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Hetty is an HTTP toolkit for security research.

A Tool for Domain Flyovers

A big list of Android Hackerone disclosed reports and other resources.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Web path scanner

Scan for open AWS S3 buckets and dump the contents

Secret and/ credential patterns used for gf.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Astra is a tool to find URLs and secrets inside a webpage/files

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

sub domain wild card filtering tool

goverview - Get an overview of the list of URLs

XSS in pastebin.com and reddit.com via unsanitized markdown output

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Little Bug Bounty & Hacking Tools⚔️

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Awesome cloud enumerator

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A python tool to check subdomain takeover vulnerability

A list of interesting payloads, tips and tricks for bug bounty hunters.

🎯 XML External Entity (XXE) Injection Payload List

OneForAll是一款功能强大的子域收集工具

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

A Powerful Subdomain Takeover Tool

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Multi Tool Subdomain Enumeration

This challenge is Inon Shkedy's 31 days API Security Tips.

Intelligence tool but without API key

A Python3 based single-file subdomain enumerator

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Information Security Library

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

RFD Checker - security CLI tool to test Reflected File Download issues

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.