814 Open source projects that are alternatives of or similar to Contact.sh

internet monitoring osint telegram bot for windows

A collection of some of my scripts

Extracting URLs of a specific target based on the results of "commoncrawl.org"

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Scan for open AWS S3 buckets and dump the contents

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Pentest: Subdomains enumeration tool for penetration testers.

Find leaked emails with your passwords

Gosint is a distributed asset information collection and vulnerability scanning platform

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Turn your VPS into an attack box

This challenge is Inon Shkedy's 31 days API Security Tips.

Subdomain Takeover tool written in Go

Secret and/ credential patterns used for gf.

Astra is a tool to find URLs and secrets inside a webpage/files

goverview - Get an overview of the list of URLs

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Little Bug Bounty & Hacking Tools⚔️

Offensive tools as Dockerfiles. Lightweight & Ready to go

sub domain wild card filtering tool

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Misc. Public Reports of Penetration Testing and Security Audits.

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Selenium powered Python script to automate searching for vulnerable web apps.

Port scanning and domain utility.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

A MongoDB importer and API for Project Sonars DNS datasets

The fastest dork scanner written in Go.

A list of interesting payloads, tips and tricks for bug bounty hunters.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

OneForAll是一款功能强大的子域收集工具

An advanced tool for email reconnaissance

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Making Favicon.ico based Recon Great again !

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Web path scanner

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Maintained collection of OSINT related resources. (All Free & Actionable)

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

List of Awesome Asset Discovery Resources

Awesome cloud enumerator

a recon tool that allows searching on URLs that are exposed via shortener services

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

A toolkit for Security Researchers

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Agile Threat Modeling Toolkit

OWASP Honeypot, Automated Deception Framework.

CVE-2017-9506 - SSRF

Modules for expansion services, import and export in MISP

Twitter Intelligence OSINT project performs tracking and analysis of the Twitter

Monitoring your Slack workspaces for sensitive information

👀 Some of my favorite OSINT tools.

Awesome Vulnerable Applications

A python script that finds endpoints in JavaScript files