ScanApiSubdomains-enumeration, subdomain-takeover monitoring api and S3 bucket scanner.
Stars: ✭ 34 (-59.04%)
AshokAshok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
Stars: ✭ 109 (+31.33%)
Blind-SSRFNuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (+33.73%)
dontgo403Tool to bypass 40X response codes.
Stars: ✭ 457 (+450.6%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-39.76%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-72.29%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-81.93%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (+110.84%)
rbac-toolRapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+557.83%)
Bugbounty Scansaquatone results for sites with bug bountys
Stars: ✭ 249 (+200%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-27.71%)
CommandGenInterfaceSimple vueJS based command generator which I developed in order to learn vueJS a little bit more.
Stars: ✭ 17 (-79.52%)
Public Bugbounty ProgramsCommunity curated list of public bug bounty and responsible disclosure programs.
Stars: ✭ 233 (+180.72%)
apkizerapkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-51.81%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+3248.19%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (-34.94%)
SitedorksSearch Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+166.27%)
InventusInventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.
Stars: ✭ 80 (-3.61%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-30.12%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (+48.19%)
BurpSQLTruncSannerMessy BurpSuite plugin for SQL Truncation vulnerabilities.
Stars: ✭ 53 (-36.14%)
Bugs-feedBug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+8.43%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (+106.02%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (+122.89%)
Mad MetasploitMetasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (+140.96%)
bulkssrfTests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
Stars: ✭ 35 (-57.83%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (+136.14%)
Awesome-HTTPRequestSmugglingA curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
Stars: ✭ 97 (+16.87%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (+128.92%)
one-scan多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息
Stars: ✭ 44 (-46.99%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (+127.71%)
rejigTurn your VPS into an attack box
Stars: ✭ 33 (-60.24%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (+120.48%)
AstraAstra is a tool to find URLs and secrets inside a webpage/files
Stars: ✭ 187 (+125.3%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-65.06%)
Jwt Hack🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Stars: ✭ 172 (+107.23%)
pbscan基于burpsuite headless 的代理式被动扫描系统
Stars: ✭ 98 (+18.07%)
TuktukTool for catching and logging different types of requests.
Stars: ✭ 174 (+109.64%)
Bug-HuntingA Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.
Stars: ✭ 110 (+32.53%)
Url TrackerChange monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (+106.02%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-48.19%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (+104.82%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-51.81%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+103.61%)
Bountystrike ShPoor (rich?) man's bug bounty pipeline
Stars: ✭ 168 (+102.41%)
xssfinderToolset for detecting reflected xss in websites
Stars: ✭ 105 (+26.51%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (+96.39%)
SourceWolfAmazingly fast response crawler to find juicy stuff in the source code! 😎🔥
Stars: ✭ 132 (+59.04%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+95.18%)
request smugglerHttp request smuggling vulnerability scanner
Stars: ✭ 203 (+144.58%)
Jira ScanCVE-2017-9506 - SSRF
Stars: ✭ 159 (+91.57%)