magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+225.17%)
DeadDNSDNS hijacking via dead records automation tool
Stars: ✭ 44 (-70.07%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-90.48%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (+39.46%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+438.1%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+421.77%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+562.59%)
Webhackersweapons⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 1,205 (+719.73%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-3.4%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (-70.07%)
one-scan多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息
Stars: ✭ 44 (-70.07%)
jsleaka Go code to detect leaks in JS files via regex patterns
Stars: ✭ 111 (-24.49%)
PassivehunterSubdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Stars: ✭ 83 (-43.54%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+296.6%)
BlazyBlazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
Stars: ✭ 637 (+333.33%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+503.4%)
Awesome Bugbounty WriteupsA curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Stars: ✭ 2,429 (+1552.38%)
ResourcesNo description or website provided.
Stars: ✭ 38 (-74.15%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (+25.85%)
request smugglerHttp request smuggling vulnerability scanner
Stars: ✭ 203 (+38.1%)
HostPanicFind host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Stars: ✭ 23 (-84.35%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (+4.08%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+13.61%)
nuubiNuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-48.3%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1211.56%)
CorsmeCross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-19.73%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+969.39%)
hack-pet🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Stars: ✭ 77 (-47.62%)
PriestExtract server and IP address information from Browser SSRF
Stars: ✭ 13 (-91.16%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (+15.65%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+246.26%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (+89.12%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+4829.25%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1938.1%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+484.35%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+476.19%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+629.93%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+2239.46%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+742.86%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-69.39%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+186.39%)
HolyTipsA Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+723.13%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-70.75%)
AndroidSecNotesAn actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.
Stars: ✭ 140 (-4.76%)
log4shell-finderFastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (-85.03%)
log4jscanwinLog4j Vulnerability Scanner for Windows
Stars: ✭ 142 (-3.4%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-83.67%)
authz0🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: ✭ 248 (+68.71%)
cfresearchA repository containing research from CloudFlare's Anti-DDoS challenges.
Stars: ✭ 154 (+4.76%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+244.9%)
acme-dns-01-cloudflareCloudflare DNS for Let's Encrypt / ACME dns-01 challenges with Greenlock.js and ACME.js
Stars: ✭ 13 (-91.16%)
Deep-InsideCommand line tool that allows you to explore IoT devices by using Shodan API.
Stars: ✭ 22 (-85.03%)
Horus-EyeJust Simple Code To Play With Android Payloads (;
Stars: ✭ 54 (-63.27%)