814 Open source projects that are alternatives of or similar to Contact.sh

Intelligence tool but without API key

Related subdomains finder

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

A Tool for Domain Flyovers

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

OSINT Project

Maintained collection of OSINT related resources. (All Free & Actionable)

a recon tool that allows searching on URLs that are exposed via shortener services

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

A passive subdomain finder

Links for the OSINT Team

An advanced tool for email reconnaissance

Decode All Bases - Base Scheme Decoder

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Web path scanner

Multi Tool Subdomain Enumeration

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Making Favicon.ico based Recon Great again !

A curated list of awesome social engineering resources.

RFD Checker - security CLI tool to test Reflected File Download issues

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Scan for open AWS S3 buckets and dump the contents

An OSINT Metadata analyzing tool that filters through tags and creates reports

Secret and/ credential patterns used for gf.

Python library and CLI for the Bug Bounty Recon API

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

OSINT Swiss Army Knife

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

OneForAll是一款功能强大的子域收集工具

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Mining parameters from dark corners of Web Archives

A big list of Android Hackerone disclosed reports and other resources.

Yar is a tool for plunderin' organizations, users and/or repositories.

Snoop — инструмент разведки на основе открытых данных (OSINT world)

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

OSINT

The Swiss Army knife for automated Web Application Testing

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

This challenge is Inon Shkedy's 31 days API Security Tips.

Subdomain Takeover tool written in Go

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

A toolkit for Security Researchers

A collection of response templates for invalid bug bounty reports.

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

internet monitoring osint telegram bot for windows

A tool to hunt for publicly accessible DigitalOcean Spaces

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.

Offensive tools as Dockerfiles. Lightweight & Ready to go

Find leaked emails with your passwords

A list of interesting payloads, tips and tricks for bug bounty hunters.

Hetty is an HTTP toolkit for security research.

List of Awesome Asset Discovery Resources