Qsfuzzqsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-13.73%)
CorsmeCross Origin Resource Sharing MisConfiguration Scanner
Stars: ✭ 118 (-49.36%)
XrcrossXRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (-24.89%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+727.47%)
Ssrf SheriffA simple SSRF-testing sheriff written in Go
Stars: ✭ 221 (-5.15%)
SeekerAccurately Locate Smartphones using Social Engineering
Stars: ✭ 2,772 (+1089.7%)
Chaos Http ProxyIntroduce failures into HTTP requests via a proxy server
Stars: ✭ 128 (-45.06%)
Mad MetasploitMetasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (-14.16%)
HowtohuntTutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1185.84%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (-26.61%)
Scilla🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-50.21%)
TuktukTool for catching and logging different types of requests.
Stars: ✭ 174 (-25.32%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-46.78%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+1092.7%)
SarenkaOSINT tool - gets data from services like shodan, censys etc. in one app
Stars: ✭ 120 (-48.5%)
GofingerprintGoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Stars: ✭ 120 (-48.5%)
BasecrackDecode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-15.88%)
GreconYour Google Recon is Now Automated
Stars: ✭ 119 (-48.93%)
HackeronedbThe unofficial HackerOne disclosure Timeline
Stars: ✭ 117 (-49.79%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-7.3%)
QuickxssAutomating XSS using Bash
Stars: ✭ 113 (-51.5%)
ChaosThe Chaos Programming Language
Stars: ✭ 171 (-26.61%)
GitmonitorOne way to continuously monitor sensitive information that could be exposed on Github
Stars: ✭ 115 (-50.64%)
GxssA tool to check a bunch of URLs that contain reflecting params.
Stars: ✭ 115 (-50.64%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (-27.04%)
Dns DiscoveryDNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-51.07%)
BulwarkAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-51.5%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-27.47%)
DekstereconWeb Application recon automation
Stars: ✭ 109 (-53.22%)
GaosHTTP mocking to test API services for chaos scenarios
Stars: ✭ 191 (-18.03%)
Bountystrike ShPoor (rich?) man's bug bounty pipeline
Stars: ✭ 168 (-27.9%)
Ntlm challengerParse NTLM challenge messages over HTTP and SMB
Stars: ✭ 106 (-54.51%)
BassBass grabs you those "extra resolvers" you are missing out on when performing Active DNS enumeration. Add anywhere from 100-6k resolvers to your "resolver.txt"
Stars: ✭ 104 (-55.36%)
GitemA Github organization reconnaissance tool.
Stars: ✭ 190 (-18.45%)
Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.
Stars: ✭ 1,354 (+481.12%)
KeyeKeye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Stars: ✭ 101 (-56.65%)
HackvaultA container repository for my public web hacks!
Stars: ✭ 1,364 (+485.41%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+482.4%)
Can I Take Over Xyz"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1105.15%)
Wg ChaosengChaos Engineering Working Group
Stars: ✭ 99 (-57.51%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-30.47%)
Gf SecretsSecret and/ credential patterns used for gf.
Stars: ✭ 96 (-58.8%)
PumbaChaos testing, network emulation, and stress testing tool for containers
Stars: ✭ 2,136 (+816.74%)
Chaoskubechaoskube periodically kills random pods in your Kubernetes cluster.
Stars: ✭ 1,325 (+468.67%)
Jira ScanCVE-2017-9506 - SSRF
Stars: ✭ 159 (-31.76%)
S3scannerScan for open AWS S3 buckets and dump the contents
Stars: ✭ 1,319 (+466.09%)
Aws ScannerScans a list of websites for Cloudfront or S3 Buckets
Stars: ✭ 93 (-60.09%)
Osint Tools👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (-33.48%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+464.81%)
Chaos Ssm DocumentsCollection of AWS SSM Documents to perform Chaos Engineering experiments
Stars: ✭ 225 (-3.43%)