BbrAn open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-84.48%)
GitgrabergitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+27.21%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-84.48%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-79.23%)
Bucket-FlawsBucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-95.3%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-44.37%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+275.85%)
Git HoundReconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (-34.21%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-86.56%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-73.55%)
SecretscannerFind secrets and passwords in container images and file systems
Stars: ✭ 895 (-2.19%)
Bypass Firewalls By Dns HistoryFirewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (-19.23%)
shaniaScan secrets from Continuous Integration Build Logs
Stars: ✭ 54 (-94.1%)
recceDomain availbility checker
Stars: ✭ 30 (-96.72%)
frida setupOne-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-94.86%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (-70.71%)
MqueryYARA malware query accelerator (web frontend)
Stars: ✭ 264 (-71.15%)
EsdEnumeration sub domains(枚举子域名)
Stars: ✭ 785 (-14.21%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (-22.73%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-95.3%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (-69.62%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-68.52%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-68.09%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-62.84%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (-62.3%)
s3cr3tA supercharged S3 reverse proxy
Stars: ✭ 55 (-93.99%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-92.35%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (-95.19%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-86.99%)
PassivehunterSubdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Stars: ✭ 83 (-90.93%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-96.83%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-59.89%)
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
Stars: ✭ 36 (-96.07%)
sub404A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-77.6%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-70.38%)
swiss-bugbounty-programsList of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
Stars: ✭ 25 (-97.27%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+270.6%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-69.51%)
HardeningHardening Ubuntu. Systemd edition.
Stars: ✭ 705 (-22.95%)
Bug-HuntingA Collection of Notes, Methodologies, POCs and everything else related to Bug Hunting.
Stars: ✭ 110 (-87.98%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (-64.15%)
OneforallOneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+359.23%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+691.91%)
WhalerProgram to reverse Docker images into Dockerfiles
Stars: ✭ 670 (-26.78%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-60.33%)
SwiftnessxA cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (-26.45%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (-60.77%)
Fwanalyzera tool to analyze filesystem images for security
Stars: ✭ 382 (-58.25%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-16.17%)
GosecGolang security checker
Stars: ✭ 5,694 (+522.3%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-53.33%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (-16.94%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-53.33%)
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-43.5%)
MonkeyInfection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+508.96%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-95.63%)