SuperLibraryInformation Security Library
Stars: ✭ 60 (+36.36%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (+22.73%)
apkizerapkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-9.09%)
Cc.pyExtracting URLs of a specific target based on the results of "commoncrawl.org"
Stars: ✭ 250 (+468.18%)
AutoreconSimple shell script for automated domain recognition with some tools
Stars: ✭ 244 (+454.55%)
InventusInventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.
Stars: ✭ 80 (+81.82%)
fdnssearchSwiftly search FDNS datasets from Rapid7 Open Data
Stars: ✭ 19 (-56.82%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (+31.82%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-2.27%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (+286.36%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (+390.91%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (+320.45%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+6281.82%)
project-blackPentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (+534.09%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+8702.27%)
Awesome-HTTPRequestSmugglingA curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
Stars: ✭ 97 (+120.45%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (+356.82%)
gosintGosint is a distributed asset information collection and vulnerability scanning platform
Stars: ✭ 344 (+681.82%)
Bountystrike ShPoor (rich?) man's bug bounty pipeline
Stars: ✭ 168 (+281.82%)
SlicerA tool to automate the boring process of APK recon
Stars: ✭ 199 (+352.27%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-25%)
GetjsA tool to fastly get all javascript sources/files
Stars: ✭ 190 (+331.82%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-34.09%)
CommandGenInterfaceSimple vueJS based command generator which I developed in order to learn vueJS a little bit more.
Stars: ✭ 17 (-61.36%)
gf-patternsCollection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf
Stars: ✭ 27 (-38.64%)
WhoEnumMass querying whois records
Stars: ✭ 24 (-45.45%)
ras-fuzzerRAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-4.55%)
Jira ScanCVE-2017-9506 - SSRF
Stars: ✭ 159 (+261.36%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+313.64%)
Bugs-feedBug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+104.55%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (+297.73%)
allsafeIntentionally vulnerable Android application.
Stars: ✭ 135 (+206.82%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (+138.64%)
Jasmin-RansomwareJasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Stars: ✭ 84 (+90.91%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (+288.64%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+222.73%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+284.09%)
ShadowCloneUnleash the power of cloud
Stars: ✭ 224 (+409.09%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (+270.45%)
gradejsGradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Stars: ✭ 362 (+722.73%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+268.18%)
RescopeRescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (+254.55%)
fleexFleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Stars: ✭ 181 (+311.36%)
Di.we.hRepositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (+254.55%)
dontgo403Tool to bypass 40X response codes.
Stars: ✭ 457 (+938.64%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+3472.73%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+6052.27%)
Ssti Payloads🎯 Server Side Template Injection Payloads
Stars: ✭ 150 (+240.91%)
vafVaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+568.18%)
Xss Payload List🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+5847.73%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (+236.36%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (+59.09%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-29.55%)
ScanApiSubdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
Stars: ✭ 34 (-22.73%)