935 Open source projects that are alternatives of or similar to goverview

all manner of wordlists

Related subdomains finder

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Pentest: Subdomains enumeration tool for penetration testers.

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

An advanced tool for email reconnaissance

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Multi Tool Subdomain Enumeration

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

A big list of Android Hackerone disclosed reports and other resources.

Intelligence tool but without API key

RFD Checker - security CLI tool to test Reflected File Download issues

The Swiss Army knife for automated Web Application Testing

Little Bug Bounty & Hacking Tools⚔️

A permutation generation tool written in golang

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

Subdomain Takeover tool written in Go

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A tool to hunt for publicly accessible DigitalOcean Spaces

OSINT Project

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automates PWA asset generation and image declaration. Automatically generates icon and splash screen images, favicons and mstile images. Updates manifest.json and index.html files with the generated images according to Web App Manifest specs and Apple Human Interface guidelines.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Hetty is an HTTP toolkit for security research.

Links for the OSINT Team

A list of interesting payloads, tips and tricks for bug bounty hunters.

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Web path scanner

🎯 XML External Entity (XXE) Injection Payload List

This challenge is Inon Shkedy's 31 days API Security Tips.

A collection of response templates for invalid bug bounty reports.

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

List of Awesome Asset Discovery Resources

Secret and/ credential patterns used for gf.

Scan for open AWS S3 buckets and dump the contents

The fastest dork scanner written in Go.

🖖 Fast, modern, easy-to-use network scanner

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Decode All Bases - Base Scheme Decoder

An OSINT tool to find contacts in order to report security vulnerabilities.

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

A collection of some of my scripts

Information Security Library

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Turn your VPS into an attack box

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

An Extended, Modulair, Host Discovery Framework

Unleash the power of cloud

Mass querying whois records

Infosec Wordlists

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)