crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-44.19%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-86.63%)
Find-HardcodedYou can find hardcoded Api-Key,Secret,Token Etc..
Stars: ✭ 63 (-63.37%)
Icg AutoexploiterbotWordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+40.7%)
KillshotA Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (+37.79%)
HexraystoolboxHexrays Toolbox - Find code patterns within the Hexrays AST
Stars: ✭ 202 (+17.44%)
Biu FrameworkBiu-framework🚀 Security Scan Framework For Enterprise Intranet Based Services(企业内网基础服务安全扫描框架)
Stars: ✭ 183 (+6.4%)
Bugbounty Scansaquatone results for sites with bug bountys
Stars: ✭ 249 (+44.77%)
Cc.pyExtracting URLs of a specific target based on the results of "commoncrawl.org"
Stars: ✭ 250 (+45.35%)
AutoreconSimple shell script for automated domain recognition with some tools
Stars: ✭ 244 (+41.86%)
Public Bugbounty ProgramsCommunity curated list of public bug bounty and responsible disclosure programs.
Stars: ✭ 233 (+35.47%)
BugbountyscannerA Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
Stars: ✭ 229 (+33.14%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+1515.7%)
SitedorksSearch Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+28.49%)
Ssrf SheriffA simple SSRF-testing sheriff written in Go
Stars: ✭ 221 (+28.49%)
DnsprobeDNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (+28.49%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (+25.58%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1532.56%)
PdlistA passive subdomain finder
Stars: ✭ 204 (+18.6%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+2151.74%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (+16.86%)
Mad MetasploitMetasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (+16.28%)
SlicerA tool to automate the boring process of APK recon
Stars: ✭ 199 (+15.7%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (+13.95%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1641.86%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+10.47%)
GetjsA tool to fastly get all javascript sources/files
Stars: ✭ 190 (+10.47%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (+9.88%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (+8.72%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (+6.4%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+5.81%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (+1.74%)
Jwt Hack🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Stars: ✭ 172 (+0%)
TuktukTool for catching and logging different types of requests.
Stars: ✭ 174 (+1.16%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1899.42%)