Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-81.71%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-94.48%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-88.95%)
Bug Bounty ResponsesA collection of response templates for invalid bug bounty reports.
Stars: ✭ 46 (-91.24%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-84%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+127.43%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (-19.24%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+434.86%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (-64.38%)
osmedeus-workflowCommunity Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-95.05%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+1280.19%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (+31.05%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-88.19%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-65.33%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-62.67%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-95.62%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+271.24%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (-56.38%)
BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-36.95%)
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-48.95%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-44.38%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (+15.81%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+584.95%)
Legal Bug Bounty#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.
Stars: ✭ 42 (-92%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+555.05%)
Rfd CheckerRFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-89.33%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+104.38%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+151.24%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-95.43%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-68.95%)
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-71.81%)
Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-61.71%)
AutosetupAuto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-73.33%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-58.86%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-72.95%)
Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (-47.81%)
BugbountyguideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (-35.62%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (-60.38%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (-82.29%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-88.57%)
gwdomainssub domain wild card filtering tool
Stars: ✭ 38 (-92.76%)
SubcertSubcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.
Stars: ✭ 58 (-88.95%)
T1tl3A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Stars: ✭ 14 (-97.33%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (-8.95%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-48.95%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-91.81%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-93.71%)
targetsA collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-83.81%)
Bugbounty CheatsheetA list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+594.1%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-3.05%)
Forum Java一款用 Java(spring boot) 实现的现代化社区(论坛/问答/BBS/社交网络/博客)系统平台。A modern community (forum/Q&A/BBS/SNS/blog) system platform implemented in Java(spring boot).
Stars: ✭ 380 (-27.62%)
HershellHershell is a simple TCP reverse shell written in Go.
Stars: ✭ 442 (-15.81%)
Cs7038 Malware AnalysisCourse Repository for University of Cincinnati Malware Analysis Class (CS[567]038)
Stars: ✭ 378 (-28%)