AcamarA Python3 based single-file subdomain enumerator
Stars: ✭ 89 (+584.62%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (+976.92%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (+907.69%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+1300%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+9084.62%)
sherlock🔎 Find usernames across social networks
Stars: ✭ 52 (+300%)
WstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+29692.31%)
QuickScanPort scanning and domain utility.
Stars: ✭ 26 (+100%)
SarenkaOSINT tool - gets data from services like shodan, censys etc. in one app
Stars: ✭ 120 (+823.08%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (+2184.62%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+730.77%)
Burpsuite XkeysA Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (+1007.69%)
Sherlock JsFind usernames across over 170 social networks - Fast & flexible remake of sdushantha/sherlock
Stars: ✭ 153 (+1076.92%)
ReconcatA small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.
Stars: ✭ 66 (+407.69%)
SifterSifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (+3000%)
GitemA Github organization reconnaissance tool.
Stars: ✭ 190 (+1361.54%)
nuubiNuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (+484.62%)
WitnessmeWeb Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Stars: ✭ 436 (+3253.85%)
GoohakAutomatically Launch Google Hacking Queries Against A Target Domain
Stars: ✭ 432 (+3223.08%)
AiodnsbrutePython 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+2746.15%)
mailcatFind existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬
Stars: ✭ 219 (+1584.62%)
TheharvesterE-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+47400%)
Sherlock🔎 Hunt down social media accounts by username across social networks
Stars: ✭ 28,569 (+219661.54%)
Osint Tools👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (+1092.31%)
MosintAn automated e-mail OSINT tool
Stars: ✭ 184 (+1315.38%)
Contact.shAn OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (+1561.54%)
SitedorksSearch Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (+1600%)
Urlhuntera recon tool that allows searching on URLs that are exposed via shortener services
Stars: ✭ 934 (+7084.62%)
ResourcesA Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (+376.92%)
CerteagleWeaponizing Live CT logs for automated monitoring of assets
Stars: ✭ 78 (+500%)
DeadtrapAn OSINT tool to gather information about the real owner of a phone number
Stars: ✭ 73 (+461.54%)
Tidos FrameworkThe Offensive Manual Web Application Penetration Testing Framework.
Stars: ✭ 1,290 (+9823.08%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+8853.85%)
NtlmreconEnumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (+1838.46%)
AutosintTool to automate common OSINT tasks
Stars: ✭ 150 (+1053.85%)
Awesome-CyberSec-ResourcesAn awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)
Stars: ✭ 273 (+2000%)
YarYar is a tool for plunderin' organizations, users and/or repositories.
Stars: ✭ 174 (+1238.46%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (+1200%)
ArgosThis script will automatically set up an OSINT workstation starting from a Ubuntu OS.
Stars: ✭ 73 (+461.54%)
Investigo🔎 Find usernames and download their data across social media.
Stars: ✭ 168 (+1192.31%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+992.31%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (+169.23%)
DiscoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+19500%)
I See YouISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.
Stars: ✭ 246 (+1792.31%)
warfWARF is a Web Application Reconnaissance Framework that helps to gather information about the target.
Stars: ✭ 53 (+307.69%)
XposedOrNotXposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Stars: ✭ 120 (+823.08%)
gosintGosint is a distributed asset information collection and vulnerability scanning platform
Stars: ✭ 344 (+2546.15%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+11992.31%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (+346.15%)
apkizerapkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (+207.69%)
GogitdumperDump exposed HTTP .git fast
Stars: ✭ 27 (+107.69%)
Eyes👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️
Stars: ✭ 38 (+192.31%)
Intrigue CoreDiscover Your Attack Surface!
Stars: ✭ 1,013 (+7692.31%)
LeakscraperLeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Stars: ✭ 227 (+1646.15%)
go-spyseThe official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
Stars: ✭ 25 (+92.31%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (+438.46%)