817 Open source projects that are alternatives of or similar to cf-check

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

DNS hijacking via dead records automation tool

Good resources about web security that I have read.

Running nuclei Continuously

A python tool to check subdomain takeover vulnerability

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Pentest: Subdomains enumeration tool for penetration testers.

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

多合一网站指纹扫描器，轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息

a Go code to detect leaks in JS files via regex patterns

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

Powerfull XSS Scanning and Parameter analysis tool&gem

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

No description or website provided.

Unique wordlist generator of unique wordlists.

Fast and customizable vulnerability scanner For JIRA written in Python

Http request smuggling vulnerability scanner

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Full Nuclei automation script with logic explanation.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

BugBounty_CheatSheet

Nuubi Tools (Information-ghatering|Scanner|Recon.)

Automated NoSQL database enumeration and web application exploitation tool.

Cross Origin Resource Sharing MisConfiguration Scanner

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Extract server and IP address information from Browser SSRF

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

An automated target reconnaissance pipeline.

Web path scanner

Tutorials and Things to Do while Hunting Vulnerability.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

The Swiss Army knife for automated Web Application Testing

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

A Tool for Domain Flyovers

☁✨ A handy set of tools for creating a Cloudflare Worker app.

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

Log4j Vulnerability Scanner for Windows

Make telegraf (a telegram bot framework) useable in Cloudflare Workers

Misc. Public Reports of Penetration Testing and Security Audits.

🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

A repository containing research from CloudFlare's Anti-DDoS challenges.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Cloudflare DNS for Let's Encrypt / ACME dns-01 challenges with Greenlock.js and ACME.js

Command line tool that allows you to explore IoT devices by using Shodan API.

🐱‍💻 Just simple login mechanism using QR Code Scanner with Webcam in PHP

Just Simple Code To Play With Android Payloads (;