AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (-72.19%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-78.12%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+273.13%)
OneforallOneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+1213.13%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+959.69%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-35.94%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+204.38%)
ras-fuzzerRAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-86.87%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+89.69%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+53.75%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+777.5%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-7.19%)
DnsprobeDNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (-30.94%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+49.38%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-86.56%)
ldap2jsonThe ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Stars: ✭ 56 (-82.5%)
multi-tenancy-devisemtdevise adds basecamp style user logins to your ruby on rails application.
Stars: ✭ 27 (-91.56%)
SubWalkerSimultaneously execute various subdomain enumeration tools and aggregate results.
Stars: ✭ 26 (-91.87%)
BugHunterIDPara pencari bug / celah kemanan bisa bergabung.
Stars: ✭ 72 (-77.5%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (-41.56%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (-78.44%)
gf-patternsCollection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf
Stars: ✭ 27 (-91.56%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (-70.94%)
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-88.12%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+0.94%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-85.94%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (-52.19%)
spellbookFramework for rapid development and reusable of security tools
Stars: ✭ 67 (-79.06%)
Laravel-Tongue🎉 Finally a subdomain localization that works how you want it to work. 🌐
Stars: ✭ 28 (-91.25%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-61.56%)
nozakiHTTP fuzzer engine security oriented
Stars: ✭ 37 (-88.44%)
Jasmin-RansomwareJasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Stars: ✭ 84 (-73.75%)
webapp-wordlistsThis repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
Stars: ✭ 306 (-4.37%)
hinjectHost Header Injection Checker
Stars: ✭ 64 (-80%)
gwdomainssub domain wild card filtering tool
Stars: ✭ 38 (-88.12%)
kube-scanKubernetes Scanner
Stars: ✭ 32 (-90%)
SubcertSubcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (-81.87%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (-83.12%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+31.56%)
fdnssearchSwiftly search FDNS datasets from Rapid7 Open Data
Stars: ✭ 19 (-94.06%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (-28.44%)
project-blackPentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (-12.81%)
recceDomain availbility checker
Stars: ✭ 30 (-90.62%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-62.81%)
BurpSQLTruncSannerMessy BurpSuite plugin for SQL Truncation vulnerabilities.
Stars: ✭ 53 (-83.44%)
HostPanicFind host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Stars: ✭ 23 (-92.81%)
centCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (-1.56%)
request smugglerHttp request smuggling vulnerability scanner
Stars: ✭ 203 (-36.56%)
allsafeIntentionally vulnerable Android application.
Stars: ✭ 135 (-57.81%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✭ 53 (-83.44%)
OffensiveCloudDistributionLeverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Stars: ✭ 86 (-73.12%)
DumbDumain Bruteforcer - a fast and flexible domain bruteforcer
Stars: ✭ 54 (-83.12%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (-35%)