304 Open source projects that are alternatives of or similar to Takeover

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

A list of interesting payloads, tips and tricks for bug bounty hunters.

A big list of Android Hackerone disclosed reports and other resources.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

An automated approach to performing recon for bug bounty hunting and penetration testing.

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

OSINT

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Web path scanner

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Mining parameters from dark corners of Web Archives

OneForAll是一款功能强大的子域收集工具

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

A fast DOM based XSS vulnerability scanner with simplicity.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

A MongoDB importer and API for Project Sonars DNS datasets

Making Favicon.ico based Recon Great again !

Subdomain takeover vulnerability checker

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Top disclosed reports from HackerOne

Awesome cloud enumerator

Multi Tool Subdomain Enumeration

Intelligence tool but without API key

Gospider - Fast web spider written in Go

Generates combination of domain names from the provided input.

🎯 Command Injection Payload List

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

a recon tool that allows searching on URLs that are exposed via shortener services

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

A Powerful Subdomain Takeover Tool

Some files for bruteforcing certain things.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

平常看到好的渗透hacking工具和多领域效率工具的集合

A collection of awesome one-liner scripts especially for bug bounty tips.

Hetty is an HTTP toolkit for security research.

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

🎯 XML External Entity (XXE) Injection Payload List

Powerfull XSS Scanning and Parameter analysis tool&gem

The fastest dork scanner written in Go.

All about bug bounty (bypasses, payloads, and etc)

Automation for javascript recon in bug bounty.

Automated Red Team Infrastructure deployement using Docker

Fully automated offensive security framework for reconnaissance and vulnerability scanning

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

An automated target reconnaissance pipeline.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

This repository created for personal use and added tools from my latest blog post.

🎯 SQL Injection Payload List

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Dump exposed HTTP .git fast

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。