312 Open source projects that are alternatives of or similar to DeadDNS

CloudFlare Checker written in Go

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A python tool to check subdomain takeover vulnerability

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

BugBounty_CheatSheet

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Extract server and IP address information from Browser SSRF

Running nuclei Continuously

Full Nuclei automation script with logic explanation.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Good resources about web security that I have read.

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Tutorials and Things to Do while Hunting Vulnerability.

Unique wordlist generator of unique wordlists.

Tiny Sentry client with idiomatic wrapper for Angular

Little Bug Bounty & Hacking Tools⚔️

Find endpoints on GitHub.

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.

Astra is a tool to find URLs and secrets inside a webpage/files

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Information Security Library

Scan secrets from Continuous Integration Build Logs

apkizer is a mass downloader for android applications for all available versions.

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Swiftly search FDNS datasets from Rapid7 Open Data

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Pentest/BugBounty progress control with scanning modules

Fast and customizable vulnerability scanner For JIRA written in Python

Send notifications on different channels such as Slack, Telegram, Discord etc.

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

An Extended, Modulair, Host Discovery Framework

Turn your VPS into an attack box

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

Related subdomains finder

Signatures for jaeles scanner by @j3ssie

Http request smuggling vulnerability scanner

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Intentionally vulnerable Android application.

Extract endpoints marked as disallow in robots files to generate wordlists.

Toolset for detecting reflected xss in websites

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Pentest: Subdomains enumeration tool for penetration testers.

Unleash the power of cloud

Gosint is a distributed asset information collection and vulnerability scanning platform

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

Collection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf

Mass querying whois records