875 Open source projects that are alternatives of or similar to leaky-paths

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Related subdomains finder

Web path scanner

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Pentest: Subdomains enumeration tool for penetration testers.

An automated approach to performing recon for bug bounty hunting and penetration testing.

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

Hacking tools

Reconness Agents Script

Nuclei Templates to reproduce Cracking the lens's Research

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Infosec Wordlists

Command line tool for testing CRLF injection on a list of domains.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

all manner of wordlists

Aggregated wordlist pulled from commonly used tools for discovery, enumeration, fuzzing, and exploitation.

A list of useful payloads for Web Application Security and Pentest/CTF

RAS(RAndom Subdomain) Fuzzer

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

Extract endpoints marked as disallow in robots files to generate wordlists.

Nuubi Tools (Information-ghatering|Scanner|Recon.)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Unleash the power of cloud

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Simple shell script for automated domain recognition with some tools

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Pentest/BugBounty progress control with scanning modules

goverview - Get an overview of the list of URLs

Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own

Mining parameters from dark corners of Web Archives

A tool to fastly get all javascript sources/files

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

🖖 Fast, modern, easy-to-use network scanner

Rockyou for web fuzzing

Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.

Running nuclei Continuously

HTTP fuzzer engine security oriented

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

apkizer is a mass downloader for android applications for all available versions.

nuclei framework scripts

Mass querying whois records

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.

Simultaneously execute various subdomain enumeration tools and aggregate results.

yet another dirbuster

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

An Extended, Modulair, Host Discovery Framework

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Modified Nuclei Templates Version to FUZZ Host Header

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Intelligence and Reconnaissance Package/Bundle installer.

Turn your VPS into an attack box

Full Nuclei automation script with logic explanation.

Framework for rapid development and reusable of security tools