Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (-60.74%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-58.17%)
Jsfscan.shAutomation for javascript recon in bug bounty.
Stars: ✭ 287 (-58.88%)
SubzySubdomain takeover vulnerability checker
Stars: ✭ 287 (-58.88%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+385.82%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-59.6%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (-60.17%)
CloudscraperCloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Stars: ✭ 276 (-60.46%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-61.17%)
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-61.6%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-61.6%)
Project BlackPentest/BugBounty progress control with scanning modules
Stars: ✭ 257 (-63.18%)
CommixAutomated All-in-One OS Command Injection Exploitation Tool.
Stars: ✭ 3,016 (+332.09%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+938.11%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+392.69%)
WDIRGood resources about web security that I have read.
Stars: ✭ 14 (-97.99%)
PriestExtract server and IP address information from Browser SSRF
Stars: ✭ 13 (-98.14%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-70.63%)
JWTweakDetects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
Stars: ✭ 85 (-87.82%)
Grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
Stars: ✭ 235 (-66.33%)
Vscode FridaUnofficial frida extension for VSCode
Stars: ✭ 221 (-68.34%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (-75.21%)
OvaaOversecured Vulnerable Android App
Stars: ✭ 152 (-78.22%)
IosreextensionA fast and elegant extension for VSCode used for iOSre projects.
Stars: ✭ 139 (-80.09%)
Gda Android Reversing ToolGDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…
Stars: ✭ 2,332 (+234.1%)
Rms Runtime Mobile SecurityRuntime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+71.06%)
VyapiVyAPI - A cloud based vulnerable hybrid Android App
Stars: ✭ 75 (-89.26%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+1363.04%)
PivaaCreated by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
Stars: ✭ 71 (-89.83%)
AppmonDocumentation:
Stars: ✭ 1,157 (+65.76%)
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (+30.09%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (-9.31%)
Dexcalibur[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (-26.65%)
AdhritAndroid Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (-42.84%)
BadintentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 303 (-56.59%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+1654.44%)
Ssl Kill Switch2Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Stars: ✭ 2,420 (+246.7%)
TrustkitEasy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
Stars: ✭ 1,678 (+140.4%)