BxssbXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (+1082.14%)
Bugbounty CheatsheetA list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+12914.29%)
Top25 ParameterFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Stars: ✭ 388 (+1285.71%)
LazyreconAn automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (+907.14%)
Security whitepapersCollection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: ✭ 644 (+2200%)
InterlaceEasily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+2614.29%)
H2csmugglerHTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (+942.86%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+117432.14%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+1425%)
MegplusAutomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (+857.14%)
DirsearchWeb path scanner
Stars: ✭ 7,246 (+25778.57%)
WatchdogWatchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: ✭ 345 (+1132.14%)
ParamspiderMining parameters from dark corners of Web Archives
Stars: ✭ 781 (+2689.29%)
OneforallOneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+14907.14%)
Assessment MindsetSecurity Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (+2071.43%)
Findom XssA fast DOM based XSS vulnerability scanner with simplicity.
Stars: ✭ 310 (+1007.14%)
SubdomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+3167.86%)
SonarsearchA MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (+960.71%)
FavfreakMaking Favicon.ico based Recon Great again !
Stars: ✭ 564 (+1914.29%)
SubzySubdomain takeover vulnerability checker
Stars: ✭ 287 (+925%)
Bypass Firewalls By Dns HistoryFirewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (+2539.29%)
CloudscraperCloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Stars: ✭ 276 (+885.71%)
Learn365This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection
Stars: ✭ 525 (+1775%)
CloudbruteAwesome cloud enumerator
Stars: ✭ 268 (+857.14%)
DomainedMulti Tool Subdomain Enumeration
Stars: ✭ 688 (+2357.14%)
MetabigorIntelligence tool but without API key
Stars: ✭ 424 (+1414.29%)
GospiderGospider - Fast web spider written in Go
Stars: ✭ 785 (+2703.57%)
DnsgenGenerates combination of domain names from the provided input.
Stars: ✭ 389 (+1289.29%)
BugbountyguideBug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Stars: ✭ 338 (+1107.14%)
Urlhuntera recon tool that allows searching on URLs that are exposed via shortener services
Stars: ✭ 934 (+3235.71%)
Offensive DockerOffensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (+1071.43%)
SuboverA Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+2067.86%)
Bruteforce ListsSome files for bruteforcing certain things.
Stars: ✭ 320 (+1042.86%)
VhostscanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+2639.29%)
HettyHetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+12742.86%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+3067.86%)
XspearPowerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (+1982.14%)
Go DorkThe fastest dork scanner written in Go.
Stars: ✭ 274 (+878.57%)
AllaboutbugbountyAll about bug bounty (bypasses, payloads, and etc)
Stars: ✭ 758 (+2607.14%)
Jsfscan.shAutomation for javascript recon in bug bounty.
Stars: ✭ 287 (+925%)
RedcloudAutomated Red Team Infrastructure deployement using Docker
Stars: ✭ 551 (+1867.86%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+12010.71%)
Dalfox🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (+2725%)
Recon PipelineAn automated target reconnaissance pipeline.
Stars: ✭ 278 (+892.86%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+1832.14%)
Recon My WayThis repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (+867.86%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+1717.86%)
GogitdumperDump exposed HTTP .git fast
Stars: ✭ 27 (-3.57%)
SudomySudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+2967.86%)
PrivescA collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (+2707.14%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (+2425%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+1657.14%)