SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+200.5%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-75.25%)
AllaboutbugbountyAll about bug bounty (bypasses, payloads, and etc)
Stars: ✭ 758 (+275.25%)
Tiny Xss PayloadsA collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Stars: ✭ 975 (+382.67%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+352.97%)
BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-29.7%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+407.92%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (-29.7%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+551.49%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (+62.38%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+405.94%)
SubjackSubdomain Takeover tool written in Go
Stars: ✭ 1,194 (+491.09%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-5.94%)
QuiverQuiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-30.69%)
Tools TbhmTools of "The Bug Hunters Methodology V2 by @jhaddix"
Stars: ✭ 171 (-15.35%)
RelayerSMB Relay Attack Script
Stars: ✭ 136 (-32.67%)
GarudAn automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-9.41%)
MobilehackersweaponsMobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (-15.84%)
HuntrVulnerability Database | huntr.dev
Stars: ✭ 136 (-32.67%)
Nist Data MirrorA simple Java command-line utility to mirror the CVE JSON data from NIST.
Stars: ✭ 135 (-33.17%)
Attiny85RubberDucky like payloads for DigiSpark Attiny85
Stars: ✭ 169 (-16.34%)
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+854.46%)
KurukshetraKurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Stars: ✭ 131 (-35.15%)
GetjsA tool to fastly get all javascript sources/files
Stars: ✭ 190 (-5.94%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-9.9%)
KaitenA Undetectable Payload Generation
Stars: ✭ 169 (-16.34%)
ReconnessReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Stars: ✭ 131 (-35.15%)
ArcanusARCANUS is a customized payload generator/handler.
Stars: ✭ 130 (-35.64%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-16.34%)
JwtxploiterA tool to test security of json web token
Stars: ✭ 130 (-35.64%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-36.63%)
YawastYAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Stars: ✭ 181 (-10.4%)
Bountystrike ShPoor (rich?) man's bug bounty pipeline
Stars: ✭ 168 (-16.83%)
Oob ServerA Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Stars: ✭ 125 (-38.12%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+809.41%)
AboutsecurityA list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-17.82%)
EntropyEntropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.
Stars: ✭ 126 (-37.62%)
SlicerA tool to automate the boring process of APK recon
Stars: ✭ 199 (-1.49%)
Awesome DevsecopsCurating the best DevSecOps resources and tooling.
Stars: ✭ 188 (-6.93%)
Hack ToolsThe all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+1261.39%)
AsnipASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-37.62%)
SwiftnessA note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-38.61%)
AsnlookupLeverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-19.31%)
RatelRAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-40.1%)
Horn3tPowerful Visual Subdomain Enumeration at the Click of a Mouse
Stars: ✭ 120 (-40.59%)
EnigmaMultiplatform payload dropper
Stars: ✭ 180 (-10.89%)
0l4bsCross-site scripting labs for web application security enthusiasts
Stars: ✭ 119 (-41.09%)
GofingerprintGoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
Stars: ✭ 120 (-40.59%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-19.8%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+864.85%)
GoaltdnsA permutation generation tool written in golang
Stars: ✭ 119 (-41.09%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-6.44%)
HackapkAn Advanced Tool For Complete Apk-Modding In Termux ...
Stars: ✭ 180 (-10.89%)
Threat Model CookbookThis project is about creating and publishing threat model examples.
Stars: ✭ 159 (-21.29%)
GreconYour Google Recon is Now Automated
Stars: ✭ 119 (-41.09%)