| XSSTRON |
Electron JS Browser To Find XSS Vulnerabilities Automatically |
| Burpsuite Sharpener |
Extension should add a number of UI and functional features to Burp Suite to make working with it easie |
| Automate to find IP address |
Automate and finds the IP address of a website behind Cloudflare |
| Taser |
Python3 resource library for creating security related tooling |
| Uro |
Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that. |
| Fire |
This is a simple tool meant to work in a pipeline of other scripts. It takes domains on stdin and outputs them on stdout if they resolve |
| PASTIS |
The PASTIS project is a fuzzing framework aiming at combining various software testing techniques within the same workflow to perform collaborative fuzzing also called ensemble fuzzing. |
| MCVA |
MetaMask Clickjacking Vulnerability Analysis |
| Burp Automator |
A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST) |
| GoWhois |
Whois command implemented by golang with awesome whois servers list |
| Relateddomains |
Find related domains of a given domain |
| Ciphey |
Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes. |
| CSPRecon |
Discover new target domains using Content Security Policy |
| CookieMonster |
This helps you detect and abuse vulnerable implementations of stateless sessions |
| DNSSEC |
Subdomain Enumeration with DNSSEC |
| ReconNG |
OSINT Research |
| Katana |
A nextgeneration crawling and spidering framework. |
| BurpText4Shell |
Test4shell scanner for Burp Suite. |
| RUSTSCAN |
THE MODERN PORT SCANNER |
| Holy FFUF! |
A Beginner Guide to Fuzz with FFUF |
| GraphQLmap |
This is a scripting engine to interact with a graphql endpoint for pentesting purposes |
| VAmPI |
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing |
| Clif |
This is a commandline interface (CLI) application fuzzer, pretty much what wfuzz or ffuf are for web. |
| Ghauri |
This is an advanced crossplatform tool that automates the process of detecting and exploiting SQL injection security flaws |
| DOM Invader |
Introducing DOM Invader, DOM XSS just got a whole lot easier to find |
| JiraLens |
Fast and customizable vulnerability scanner For JIRA written in Python |
| Urls deduplication |
Urls deduplication tool for better recon. |
| ZKar |
This is a Java serialization protocol analysis tool implement in Go. |
| Smap |
This is a dropin replacement for Nmap powered by shodan.io |
| DumpXSS |
A scanner tool For XSS Vulnerability |
| x8 |
Hidden parameters discovery suite written in Rust |
| Nginxpwner |
This is a simple tool to look for common Nginx misconfigurations and vulnerabilities. |
| BurpGPT |
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running trafficbased analysis of any type. |
| Caido |
Lightweight Web Security Auditing Toolkit |
| AssetFinder |
A Handy Subdomain and Domain Discovery Tool |
| Secret Magpie |
Secret Detection Tool |
| Designing sockfuzzer |
A network syscall fuzzer for XNU. |
| Proto Find |
Check if your target is vulnerable for client side prototype pollution |
| Protoscan |
Prototype Pollution Scanner made in Golang. |
| BufferPwn |
RCE vulnerability in the common network code of several first party Nintendo games since the Nintendo 3DS |
| CRLFuzz |
Hacker Tools: Injecting CRLF for bounties |
| NFT |
New differential fuzzing tool reveals novel HTTP request smuggling techniques. |
| S3Scanner |
Scan for open S3 buckets and dump the contents. |
| Kurl |
HTTP Requests for security researchers |
| UDON |
A simple tool that helps to find assets/domains based on the Google Analytics ID. |
| roxify |
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go |
| revshells |
Online Reverse Shell Generator |
| S3cret Scanner |
Hunting For Secrets Uploaded To Public S3 Buckets |
| HTTPLoot |
An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the clientfacing code of sites |
| Cewl |
A Detailed Guide on Cewl |
| hakoriginfinder |
A tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies |
| PurplePanda |
Identify privilege escalation paths within and across different clouds |
| TProxer |
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF |
| STEWS |
This is a tool suite for security testing of WebSockets |
| Webrecon |
Automated Web Recon Shell Scripts |
| ffuf Primer |
More on FFUF |
| Wafme0w |
A fast and lightweight Web Application Firewall fingerprinting tool. |
| Ghauri |
An advanced crossplatform tool that automates the process of detecting and exploiting SQL injection security flaws |
| Leakos |
Search with gitleaks and trufflehog in the responses of the given URLs or in all the repos of an organization and its members. |
| Pycript |
This is a Burp Suite extension that enables users to encrypt and decrypt requests for manual and automated application penetration testing. |
| Gotator |
This is a tool to generate DNS wordlists through permutations. |
| ChopChop |
This is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders |
| Baserunner |
This is a tool for exploring and exploiting Firebase datastores |
| Oralyzer |
This a simple python script that probes for Open Redirection vulnerability in a website. It does that by fuzzing the URL that is provided in the input |
| vAPI |
This is Vulnerable Adversely Programmed Interface which is SelfHostable API that mimics OWASP API Top 10 scenarios in the means of Exercises. |
| FIVERECON |
Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services. |
| Turbo Intruder |
This Hacker Tool is Going faster than ever! |
| nrich |
A commandline tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities. Can also be fed data from stdin to be used in a data pipeline. |
| Meg |
Endpoint scan the masses! |
| PureDNS |
Subdomain bruteforcing tool that improves massdns to accurately handle wildcard subdomains and DNS poisoning. |
| JWTReauth |
A new tool for JWT Reauth issues |
| S3Sec |
Check AWS S3 instances for read/write/delete access |
| Uniscan |
An RFI, LFI, and RCE Vulnerability Scanner |
| Jira Scan |
This is a simple remote scanner for Atlassian Jira. |
| Webpack Exploder |
Unpack the source code of React and other Webpacked Javascript apps! Check out Expanding the Attack Surface. |
| Raider |
Web authentication testing framework |
| Reconator |
Automated Recon for Pentesting & Bug Bounty |
| Log4j2Scan |
Log4j2 RCE Passive Scanner plugin for BurpSuite |
| WARF |
This is a Web Application Reconnaissance Framework that helps to gather information about the target. |
| GooFuzz |
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking). |
| GradeJS |
This tool analyzes production Webpack bundles without having access to the source code of a website. |
| Waymore |
Find way more from the Wayback Machine! |
| Pastos |
Search pastes in tens of webs in seconds with GCSE. |
| gitlabsubdomains |
Find subdomains on GitLab |
| Cero |
Scrape domain names from SSL certificates of arbitrary hosts |
| Smap |
Passive Nmap like scanner built with shodan.io |
| CSRF Generator |
This html file creates a csrf poc form to any http request. |
| Trivy |
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI |
| Lepus |
This is a tool for enumerating subdomains, checking for subdomain takeovers and perform port scans and boy, is it fast! |
| subzuf |
subzuf is a subdomain bruteforce fuzzer coupled with an immensly simple but effective DNS reponseguided algorithm. |
| csprecon |
Discover new target domains using Content Security Policy |
| Frogy |
Using the combination of different subdomain enumeration tools and logic this script tries to identify more subdomains and TLDs in recon. |
| xnLinkFinder |
A python tool used to discover endpoints for a given target |
| BLH |
BrokenLinkHijacker is a Fast Broken Link Hijacker Tool written in Python |
| netlas.io |
A new search engine for discover, research and monitor any asset. It is so useful for your #bugbounty recon automation. |
| SecretMagpie |
A secret detection tool that hunts out all the secrets hiding in all your repositories. |
| bbr |
It is an open source tool to aid in command line driven generation of bug bounty reports based on user provided templates. |
| PacketStreamer |
This is a tool for distributed packet capture for cloudnative platforms |
| JSpector |
It is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs and endpoints found on the JS files |
| Uncover |
Quickly discover exposed hosts using multiple search engines |
| ASNMap |
A Golang CLI tool for speedy reconnaissance using ASN data |
| Go Dork |
The fastest dork scanner written in Go |
| uro |
Declutters url lists for crawling/pentesting |
| ClusterFuzzLite |
Simple continuous fuzzing that runs in CI |
| Gorks |
Google Dorks finally made easy to run without hiding. |
| dnsmonster |
Passive DNS Capture/Monitoring Framework |
| fail2ban |
Remote Code Execution |
| ppfuzz |
Prototype Pollution Fuzzer |
| userefuzz |
UserAgent , XForwardedFor and Referer SQLI Fuzzer |
| Astra |
Astra finds urls, endpoints, aws buckets, api keys, tokens, etc from a given url/s |
| Cloudlist |
This is a tool for listing Assets from multiple Cloud Providers |
| r2flutch |
A tool to decrypt iOS apps using r2frida |
| Shodan Dorks |
The H4CK3R God’s Eye |
| Gouge |
Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp Suite |
| mxtakeover |
This tool focuses DNS MX records and detects misconfigured MX records. |
