403 Open source projects that are alternatives of or similar to Priest

Amazon S3 bucket finder and crawler.

Find emails of Github users

DNS-Discovery is a multithreaded subdomain bruteforcer.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Collection of Facebook Bug Bounty Writeups

🖖 Fast, modern, easy-to-use network scanner

A curated list of various bug bounty tools

Hacking tools

Docker image for osint

Security tool to quickly audit Public Box files and folders.

Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.

Command line tool for testing CRLF injection on a list of domains.

CTF programs and writeups

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

You can find hardcoded Api-Key,Secret,Token Etc..

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

A collection of some of my scripts

Extract API keys from file or url using by magic of python and regex.

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

differer finds how URLs are parsed by different languages in order to help bug hunters break filters

Enumerate information from NTLM authentication enabled web endpoints 🔎

Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated using Sublist3r.

Find endpoints on GitHub.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

This challenge is Inon Shkedy's 31 days API Security Tips.

Network footprint scanner platform. Discover domains and run your custom checks periodically.

One-click installer for Frida and Burp certs for SSL Pinning bypass

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Offensive Security recon tool

Next generation web scanner

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

HashExpoit is Great Tool For Cracking Hash

websocket-connection-smuggler

HTTP parameter discovery suite.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

XSS Payload without Anything.

Dump exposed HTTP .git fast

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

This document proposes a way of standardising the structure, language, and grammar used in security policies.

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

WIFI Client Detection - Identify people by assigning a name to a device performing a wireless probe request.

All about bug bounty (bypasses, payloads, and etc)

🐰 Managing command snippets for hackers/bug bounty hunters. with pet.

Flutter Reverse Engineering Framework

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Infosec Wordlists

An overpower wordlist generator, splitter, merger, finder, permutator, encoder, decoder.. Frustration killer. Customizable. The Wordlist Framework.

Framework for rapid development and reusable of security tools

aquatone results for sites with bug bountys

Extracting URLs of a specific target based on the results of "commoncrawl.org"