DirsearchWeb path scanner
Stars: ✭ 7,246 (+2364.63%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-59.52%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+231.29%)
Awesome BbhtA bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-35.37%)
RenginereNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1069.73%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-51.7%)
Awesome HackingA collection of various awesome lists for hackers, pentesters and security researchers
Stars: ✭ 48,038 (+16239.46%)
ras-fuzzerRAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-85.71%)
GoaltdnsA permutation generation tool written in golang
Stars: ✭ 119 (-59.52%)
flydnsRelated subdomains finder
Stars: ✭ 29 (-90.14%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (-85.03%)
frida setupOne-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-84.01%)
MinesweeperA Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-44.9%)
Sn1perAttack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+1565.65%)
OneforallOneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+1329.25%)
credcheckCredentials Checking Framework
Stars: ✭ 50 (-82.99%)
roboxtractorExtract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-86.39%)
SQLi-Query-TamperingSQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-58.16%)
leaky-pathsA collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+72.45%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-43.2%)
aquatoneA Tool for Domain Flyovers
Stars: ✭ 43 (-85.37%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+201.7%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+247.62%)
BurpbountyBurp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+248.98%)
WhatwebNext generation web scanner
Stars: ✭ 3,503 (+1091.5%)
KnaryA simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-36.39%)
3klconAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-35.71%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-94.9%)
ArlARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+361.56%)
BigbountyreconBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+84.01%)
nozakiHTTP fuzzer engine security oriented
Stars: ✭ 37 (-87.41%)
OsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1053.4%)
IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+845.24%)
Crlf Injection ScannerCommand line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (-69.05%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-9.18%)
Burpsuite CollectionsBurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+267.69%)
Sub-DrillA very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-76.19%)
VajraVajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-8.5%)
Dictionary Of PentestingDictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+67.35%)
AttackSurfaceManagementDiscover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-84.69%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-88.1%)
HosthunterHostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+45.24%)
WebspoiltThis script will you help to find the information about the website and to help in penetrating testing
Stars: ✭ 34 (-88.44%)
0d1nTool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
Stars: ✭ 506 (+72.11%)
Flask UnsignCommand line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
Stars: ✭ 90 (-69.39%)
CloudfailUtilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+321.43%)
h1-searchTool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-80.27%)
afl-dyninstAmerican Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (-77.89%)
NettackerAutomated Penetration Testing Framework
Stars: ✭ 982 (+234.01%)
Yotteryotter - bash script that performs recon and then uses dirb to discover directories that might lead to information leakage
Stars: ✭ 118 (-59.86%)
fuzzmostall manner of wordlists
Stars: ✭ 23 (-92.18%)
WebmapA Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-36.05%)
BrutexAutomatically brute force all services running on a target.
Stars: ✭ 974 (+231.29%)