1060 Open source projects that are alternatives of or similar to Go Dork

Secret and/ credential patterns used for gf.

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

A collection of some of my scripts

all manner of wordlists

The Swiss Army knife for automated Web Application Testing

Scan for open AWS S3 buckets and dump the contents

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An OSINT tool to find contacts in order to report security vulnerabilities.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

A collection of response templates for invalid bug bounty reports.

Subdomain Takeover tool written in Go

RFD Checker - security CLI tool to test Reflected File Download issues

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Decode All Bases - Base Scheme Decoder

Gospider - Fast web spider written in Go

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Fast and customizable vulnerability scanner For JIRA written in Python

Information Security Library

Astra is a tool to find URLs and secrets inside a webpage/files

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

XSS in pastebin.com and reddit.com via unsanitized markdown output

Misc. Public Reports of Penetration Testing and Security Audits.

Awesome cloud enumerator

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

This challenge is Inon Shkedy's 31 days API Security Tips.

Multi Tool Subdomain Enumeration

All-in-one tool for managing vulnerability reports from AppSec pipelines

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Web path scanner

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

OSINT Swiss Army Knife

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Turn your VPS into an attack box

Related subdomains finder

Pentest: Subdomains enumeration tool for penetration testers.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

goverview - Get an overview of the list of URLs

Little Bug Bounty & Hacking Tools⚔️

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Backend logic implementation for Vulnerability Management System

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

sub domain wild card filtering tool

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

A big list of Android Hackerone disclosed reports and other resources.

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

SEC分布式资产扫描系统

A Tool for Domain Flyovers

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]