OffensiveCloudDistributionLeverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Stars: ✭ 86 (-73.12%)
DumbDumain Bruteforcer - a fast and flexible domain bruteforcer
Stars: ✭ 54 (-83.12%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (-35%)
Pigatpigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具
Stars: ✭ 140 (-56.25%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-81.87%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-85.94%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (-42.19%)
Awesome-HTTPRequestSmugglingA curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
Stars: ✭ 97 (-69.69%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (-52.19%)
mec-ngpentest toolbox
Stars: ✭ 28 (-91.25%)
spellbookFramework for rapid development and reusable of security tools
Stars: ✭ 67 (-79.06%)
BugBountyHuntingScriptsI built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.
Stars: ✭ 160 (-50%)
instagram-hacking-toolInstagram Hacking Tool is a phishing tool, it will help you to hack Instagram Accounts using fake login page.
Stars: ✭ 350 (+9.38%)
Laravel-Tongue🎉 Finally a subdomain localization that works how you want it to work. 🌐
Stars: ✭ 28 (-91.25%)
Bugs-feedBug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (-71.87%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-61.56%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (-67.19%)
nozakiHTTP fuzzer engine security oriented
Stars: ✭ 37 (-88.44%)
dnstakeDNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
Stars: ✭ 723 (+125.94%)
Jasmin-RansomwareJasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Stars: ✭ 84 (-73.75%)
gosintGosint is a distributed asset information collection and vulnerability scanning platform
Stars: ✭ 344 (+7.5%)
webapp-wordlistsThis repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
Stars: ✭ 306 (-4.37%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+391.25%)
SubcertSubcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (-81.87%)
ScanApiSubdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
Stars: ✭ 34 (-89.37%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (-83.12%)
koa-subdomainSimple and lightweight Koa middleware to handle multilevel and wildcard subdomains
Stars: ✭ 23 (-92.81%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+31.56%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-81.87%)
fdnssearchSwiftly search FDNS datasets from Rapid7 Open Data
Stars: ✭ 19 (-94.06%)
crtfinderFast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques
Stars: ✭ 96 (-70%)
Find-HardcodedYou can find hardcoded Api-Key,Secret,Token Etc..
Stars: ✭ 63 (-80.31%)
project-blackPentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (-12.81%)
recceDomain availbility checker
Stars: ✭ 30 (-90.62%)
HostPanicFind host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Stars: ✭ 23 (-92.81%)
centCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (-1.56%)
AspnetcoresubdomainSimple usage lib for subdomain routing in ASP.NET Core/Framework MVC
Stars: ✭ 157 (-50.94%)
allsafeIntentionally vulnerable Android application.
Stars: ✭ 135 (-57.81%)
MassdnsA high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Stars: ✭ 2,093 (+554.06%)
VulWebajuVulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.
Stars: ✭ 53 (-83.44%)
AmassIn-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 1,693 (+429.06%)
ShadowCloneUnleash the power of cloud
Stars: ✭ 224 (-30%)
bug-bountyMy personal bug bounty toolkit.
Stars: ✭ 127 (-60.31%)
WhoEnumMass querying whois records
Stars: ✭ 24 (-92.5%)
SubtakeAutomatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Stars: ✭ 104 (-67.5%)
dontgo403Tool to bypass 40X response codes.
Stars: ✭ 457 (+42.81%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+110.63%)
PassivehunterSubdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Stars: ✭ 83 (-74.06%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-90.31%)
SpoodleA mass subdomain (Subbrute) + poodle vulnerability scanner
Stars: ✭ 66 (-79.37%)
FierceA DNS reconnaissance tool for locating non-contiguous IP space.
Stars: ✭ 1,072 (+235%)
DeadDNSDNS hijacking via dead records automation tool
Stars: ✭ 44 (-86.25%)
bhedakA replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
Stars: ✭ 77 (-75.94%)