349 Open source projects that are alternatives of or similar to ksubdomain

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Dumain Bruteforcer - a fast and flexible domain bruteforcer

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Fast and customizable vulnerability scanner For JIRA written in Python

Tips and Tutorials for Bug Bounty and also Penetration Tests.

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

Full Nuclei automation script with logic explanation.

pentest toolbox

Framework for rapid development and reusable of security tools

I built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Instagram Hacking Tool is a phishing tool, it will help you to hack Instagram Accounts using fake login page.

🎉 Finally a subdomain localization that works how you want it to work. 🌐

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Toolset for detecting reflected xss in websites

HTTP fuzzer engine security oriented

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Gosint is a distributed asset information collection and vulnerability scanning platform

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Scan secrets from Continuous Integration Build Logs

Simple and lightweight Koa middleware to handle multilevel and wildcard subdomains

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Swiftly search FDNS datasets from Rapid7 Open Data

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Running nuclei Continuously

You can find hardcoded Api-Key,Secret,Token Etc..

Pentest/BugBounty progress control with scanning modules

A collection of some of my scripts

Domain availbility checker

Find host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning

Network Security Vulnerability Manage

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Simple usage lib for subdomain routing in ASP.NET Core/Framework MVC

Intentionally vulnerable Android application.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

In-depth Attack Surface Mapping and Asset Discovery

Unleash the power of cloud

My personal bug bounty toolkit.

Mass querying whois records

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Tool to bypass 40X response codes.

互联网公司子域名收集

.NET publicsuffix domain parser

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A mass subdomain (Subbrute) + poodle vulnerability scanner

A DNS reconnaissance tool for locating non-contiguous IP space.

DNS hijacking via dead records automation tool

A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.