320 Open source projects that are alternatives of or similar to continuous-nuclei

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

A python tool to check subdomain takeover vulnerability

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Modified Nuclei Templates Version to FUZZ Host Header

Unique wordlist generator of unique wordlists.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Full Nuclei automation script with logic explanation.

DNS hijacking via dead records automation tool

CloudFlare Checker written in Go

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

Extract server and IP address information from Browser SSRF

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Nuclei Templates to reproduce Cracking the lens's Research

Unleash the power of cloud

Signatures for jaeles scanner by @j3ssie

Tool to bypass 40X response codes.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Information Security Library

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Mass querying whois records

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

My personal bug bounty toolkit.

apkizer is a mass downloader for android applications for all available versions.

Tiny Sentry client with idiomatic wrapper for Angular

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

nuclei framework scripts

goverview - Get an overview of the list of URLs

Find endpoints on GitHub.

Scan secrets from Continuous Integration Build Logs

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.

Cross platform community web fingerprint identification tool

Little Bug Bounty & Hacking Tools⚔️

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Nuclei RISC-V Software Development Kit

Fast and customizable vulnerability scanner For JIRA written in Python

Send notifications on different channels such as Slack, Telegram, Discord etc.

Swiftly search FDNS datasets from Rapid7 Open Data

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

An Extended, Modulair, Host Discovery Framework

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Turn your VPS into an attack box

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

XSS Payload without Anything.

Pentest/BugBounty progress control with scanning modules

Related subdomains finder

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...