SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+1793.98%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (-46.99%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (+146.99%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+934.94%)
HostPanicFind host header injections and perform Host Header attacks with other kind of bugs like web cache poissoning
Stars: ✭ 23 (-72.29%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+475.9%)
fdnssearchSwiftly search FDNS datasets from Rapid7 Open Data
Stars: ✭ 19 (-77.11%)
recceDomain availbility checker
Stars: ✭ 30 (-63.86%)
PriestExtract server and IP address information from Browser SSRF
Stars: ✭ 13 (-84.34%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+407.23%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (+101.2%)
OneforallOneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+4962.65%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+1002.41%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-15.66%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-45.78%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+71.08%)
cf-checkCloudFlare Checker written in Go
Stars: ✭ 147 (+77.11%)
DeadDNSDNS hijacking via dead records automation tool
Stars: ✭ 44 (-46.99%)
WhoEnumMass querying whois records
Stars: ✭ 24 (-71.08%)
gf-patternsCollection grep patterns for Tom Hudson a.k.a Tomnomnom tools namely gf
Stars: ✭ 27 (-67.47%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-62.65%)
bhedakA replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
Stars: ✭ 77 (-7.23%)
nerdbugFull Nuclei automation script with logic explanation.
Stars: ✭ 153 (+84.34%)
goverviewgoverview - Get an overview of the list of URLs
Stars: ✭ 93 (+12.05%)
micro-sentryTiny Sentry client with idiomatic wrapper for Angular
Stars: ✭ 100 (+20.48%)
ShadowCloneUnleash the power of cloud
Stars: ✭ 224 (+169.88%)
AshokAshok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
Stars: ✭ 109 (+31.33%)
dontgo403Tool to bypass 40X response codes.
Stars: ✭ 457 (+450.6%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-81.93%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-27.71%)
CommandGenInterfaceSimple vueJS based command generator which I developed in order to learn vueJS a little bit more.
Stars: ✭ 17 (-79.52%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (-34.94%)
apkizerapkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-51.81%)
InventusInventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.
Stars: ✭ 80 (-3.61%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-30.12%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (+122.89%)
bulkssrfTests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
Stars: ✭ 35 (-57.83%)
Virtual-HostModified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-54.22%)
doraFind exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+175.9%)
EmissarySend notifications on different channels such as Slack, Telegram, Discord etc.
Stars: ✭ 33 (-60.24%)
Awesome-HTTPRequestSmugglingA curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
Stars: ✭ 97 (+16.87%)
one-scan多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息
Stars: ✭ 44 (-46.99%)
ICUAn Extended, Modulair, Host Discovery Framework
Stars: ✭ 40 (-51.81%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-60.24%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (+125.3%)
project-blackPentest/BugBounty progress control with scanning modules
Stars: ✭ 279 (+236.14%)
BugBountyHuntingScriptsI built some bash functions to help me while doing mundane and repetitive tasks using BBRF, Nuclei or other Bug bounty tool.
Stars: ✭ 160 (+92.77%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-65.06%)
pbscan基于burpsuite headless 的代理式被动扫描系统
Stars: ✭ 98 (+18.07%)
rbac-toolRapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+557.83%)
Bug-HuntingA Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.
Stars: ✭ 110 (+32.53%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-48.19%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (+48.19%)