336 Open source projects that are alternatives of or similar to Passivehunter

Subdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.

Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .

Nuclei Templates to reproduce Cracking the lens's Research

Tool to bypass 40X response codes.

Credentials Checking Framework

all manner of wordlists

Boxer: A fast directory bruteforce tool written in Python with concurrency.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

aquatone results for sites with bug bountys

Information Security Library

Awesome Writeups and POCs

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

Community curated list of public bug bounty and responsible disclosure programs.

apkizer is a mass downloader for android applications for all available versions.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Scan secrets from Continuous Integration Build Logs

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.

XSS Payload without Anything.

Rockyou for web fuzzing

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Default signature for Jaeles Scanner

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

🎯 RFI/LFI Payload List

Fast and customizable vulnerability scanner For JIRA written in Python

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.

Decode All Bases - Base Scheme Decoder

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

多合一网站指纹扫描器，轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Turn your VPS into an attack box

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Astra is a tool to find URLs and secrets inside a webpage/files

Awesome Vulnerable Applications

Related subdomains finder

🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)

基于burpsuite headless 的代理式被动扫描系统

Tool for catching and logging different types of requests.

A Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.

Change monitoring app that checks the content of web pages in different periods.

Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Extract endpoints marked as disallow in robots files to generate wordlists.

Python library and CLI for the Bug Bounty Recon API

Poor (rich?) man's bug bounty pipeline

Toolset for detecting reflected xss in websites

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

🔺 Red Team Hardware Toolkit 🔺

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Signatures for jaeles scanner by @j3ssie

Http request smuggling vulnerability scanner

CVE-2017-9506 - SSRF