304 Open source projects that are alternatives of or similar to Ssrf Sheriff

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Scan for open AWS S3 buckets and dump the contents

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Penetration tests guide based on OWASP including test cases, resources and examples.

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

A Python3 based single-file subdomain enumerator

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Random Tools for Bug Bounty

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Subdomain Takeover tool written in Go

🎯 Server Side Template Injection Payloads

Find exploits in local and online databases instantly

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The format of various s3 buckets is convert in one format. for bugbounty and security testing.

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

RFD Checker - security CLI tool to test Reflected File Download issues

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

The Swiss Army knife for automated Web Application Testing

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

A fast http and https prober, to check which URLs are alive

A tool to automate the boring process of APK recon

A collection of response templates for invalid bug bounty reports.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

A fast HTTP Response status checker implemented in Python3

挖掘国内外漏洞平台必备的自动化捡钱赏金技巧，看了并去做了捡钱如喝水。

Security Tool to Look For Interesting Files in S3 Buckets

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

#legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs. Authored by Amit Elazari.

An OSINT tool to find contacts in order to report security vulnerabilities.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

Default signature for Jaeles Scanner

Dump exposed HTTP .git fast

Cross-site scripting labs for web application security enthusiasts

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Tutorials and Things to Do while Hunting Vulnerability.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Mining parameters from dark corners of Web Archives

Cross Origin Resource Sharing MisConfiguration Scanner

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

Automating XSS using Bash

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Python library and CLI for the Bug Bounty Recon API

Web path scanner

DNS-Discovery is a multithreaded subdomain bruteforcer.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A tool to fastly get all javascript sources/files

Collection of Facebook Bug Bounty Writeups

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Rockyou for web fuzzing

🎯 RFI/LFI Payload List

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

🔺 Red Team Hardware Toolkit 🔺

Community curated list of templates for the nuclei engine to find security vulnerabilities.