A vast collection of security tools
0d1n
Tool for automating customized attacks against web applications.
2tearsinabucket
Enumerate s3 buckets for a specific target.
4-ZERO-3
403/401 Bypass Methods.
ActiveScan++
Extends Burp Suite's active and passive scanning capabilities.
Acunetix
Quickly find and fix the vulnerabilities that put your web applications at risk of attack.
ADAPE Script
Active Directory assessment and privilege escalation script.
ADenum
Find misconfiguration through LDAP to exploit weaknesses with Kerberos.
ADReaper
Enumerate an Active Directory environment with LDAP queries.
ADRT
Active Directory Report Tool.
AdvancedKeyHacks
API Key/Token Exploitation Made easy.
Agartha
Burp Suite extension for dynamic payload generation to detect injection flaws.
airbash
Fully automated WPA PSK PMKID and handshake capture script.
aircrack-ng
Complete suite of tools to assess WiFi network security.
AllAboutBugBounty
Bug Bounty notes gathered from various sources.
Altdns
Generates permutations, alterations and mutations of subdomains and then resolves them.
Amass
In-depth Attack Surface Mapping and Asset Discovery.
andor
Blind SQL Injection Tool with Golang.
Angry IP Scanner
Fast and simple-to-use open-source/cross-platform network scanner.
Apidor
Tool for automating the search for IDOR vulnerabilities in web applications and APIs.
APKEnum
Passive enumeration utility For Android applications.
apkurlgrep
Extract endpoints from APK files.
Aquatone
A Tool for Domain Flyovers.
Arachni
Web Application Security Scanner Framework.
archaeologit
Scans the history of GitHub repositories to find sensitive things.
Arjun
HTTP parameter discovery suite.
As3nt
Another Subdomain ENumeration Tool.
ASNLookup
Leverage ASN to look up IP addresses owned by a specific organization.
ASNmap
Quickly maps organization network ranges using ASN information.
assetfinder
Find domains and subdomains related to a given domain.
Async DNS Brute
DNS asynchronous brute force utility.
ATOR
Authentication Token Obtain and Replace Extender.
AttackSurfaceMapper
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Auth Analyzer
The Burp extension helps you to find authorization bugs.
AuthMatrix
Provides a simple way to test authorization in web applications and web services.
authz
Burp Suite plugin to test for authorization flaws.
AutoRecon
Multi-threaded network reconnaissance tool which performs automated enumeration of services.
AutoRepeater
Automated HTTP Request Repeating With Burp Suite.
Autorize
Automatic authorization enforcement detection extension for Burp Suite.
AutoSploit
Automated Mass Exploiter.
autoSubTakeover
A tool used to check if a CNAME resolves to the scope address.
Autowasp
A one-stop pentesting checklist and logger tool.
Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.
Awesome BugBounty Writeups
A curated list of bugbounty writeups (Bug type wise).
AWS Extender CLI
Command-line script to test cloud storage for common misconfiguration issues.
AWS security checks
This Burp Suite provides additional Scanner checks for AWS security issues.
AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets.
B-XSSRF
Toolkit to detect and keep track on Blind XSS, XXE & SSRF.
backslash-powered-scanner
Finds unknown classes of injection vulnerabilities.
barq
The AWS Cloud Post Exploitation framework!
bbscope
Scope gathering tool for multiple Bug Bounty platforms.
BeEF
The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.
BeRoot
Multiplaform privilege escalation project.
bettercap
The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Betterscan
Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.
BFAC
Check for backup artifacts that may disclose the web-application's source code.
BitBlinder
Injects custom XSS payloads on every form/request submitted to detect blind XSS.
BlackWidow
Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
bounty-targets-data
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.
bountyplz
Automated security reporting from markdown templates.
brutesubs
Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.
BruteX
Automatically brute force all services running on a target.
BruteXSS
Tool written in Python simply to find XSS vulnerabilities in web application.
Bug Bounty Guide
Launchpad for bug bounty programs and bug bounty hunters.
Bug Bounty Reference
A list of Bug Bounty writeups that is categorized by the bug nature.
BugBountyHunter
Helping you become a BugBountyHunter.
Bugcrowd VRT
Bugcrowd’s baseline priority ratings for common security vulnerabilities.
Burp Extender API
Burp Extender API.
Burp NTLM Challenge Decoder
Burp extension to decode NTLM SSP headers and extract domain/host information.
Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.
Burp WP
Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.
Burp-AnonymousCloud
Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.
burp-exporter
Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.
Burp-to-SQLMap
Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.
burp-vulners-scanner
Vulnerability scanner based on vulners.com search API.
BurpBeautifier
Burpsuite extension for beautifying request/response body.
BurpBounty
Improve the active and passive Burp Suite scanner by means of custom rules through GUI.
BurpJSLinkFinder
Burp Extension for a passive scanning JS files for endpoint links.
BurpSentinel
GUI Burp Plugin to ease discovering of security holes in web applications.
BurpSmartBuster
A Burp Suite content discovery plugin that add the smart into the Buster.
BurpSuiteHTTPSmuggler
A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.
bXSS
bXSS is a utility which can be used identify Blind Cross-Site Scripting.
bypasswaf
Add headers to all Burp requests to bypass some WAF products.
Can I take over XYZ?
A list of services and how to claim (sub)domains with dangling DNS records.
Canvas
Assessment tool that allows penetration testing and hostile attack simulations.
cariddi
Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.
cc.py
Extracting URLs of a specific target based on the results of commoncrawl.org.
Censys Enumeration
Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
Censys subdomain finder
Perform subdomain enumeration using the certificate transparency logs from Censys.
cero
Scrape domain names from SSL certificates of arbitrary hosts.
CertCrunchy
Uses data from SSL Certificates to find potential host names.
Certificate Ripper
A CLI tool to extract server certificates.
Certificate Search
Get informations about SSL certificates.
CeWL
Custom Word List Generator.
changeme
A default credential scanner.
Chaos
Collect and maintain internet-wide assets data for public Bug Bounty programs.
ChopChop
Scan endpoints and identify exposition of sensitive services/files/folders.
clairvoyance
Obtain GraphQL API Schema even if the introspection is not enabled.
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
CloudBrute
Awesome cloud enumerator.
CloudFail
Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.
cloudflare-origin-ip
Try to find the origin IP of a webapp protected by Cloudflare.
Cloudfox
Automating situational awareness for cloud penetration tests.
cloudlist
Cloudlist is a tool for listing Assets from multiple Cloud Providers.
CloudScraper
Tool to enumerate targets in search of cloud resources.
CMSmap
CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
cnames
Take a list of resolved subdomains and output any corresponding CNAMES en masse.
Coercer
Automatically coerce a Windows server to authenticate on an arbitrary machine.
Collaborator Everywhere
Burp Suite extension which injects non-invasive headers to reveal backend systems.
commit-stream
OSINT tool for finding Github repositories by extracting commit logs in real time.
Commix
Automated All-in-One OS Command Injection Exploitation Tool.
cook
Overpower wordlist generator, words permutation and combinations, encoding/decoding...
CORS Scanner
A multi-threaded scanner that helps identify CORS flaws/misconfigurations.
CorsMe
CORS misconfiguration scanner tool with speed and precision in mind!
CORStest
A simple CORS misconfiguration scanner.
Corsy
CORS Misconfiguration Scanner.
Covenant
Collaborative C2 framework for red teamers.
Cr3dOv3r
Know the dangers of credential reuse attacks.
crackerjack
Hashcat Web Interface.
Crawlergo
A powerful browser crawler for web vulnerability scanners
crawley
The unix-way web crawler.
crithit
Takes a single wordlist item and tests it one by one over a large collection of websites.
CRLF-Injection-Scanner
Command line tool for testing CRLF injection on a list of domains.
CRLFMap
CRLFMap is a tool to find HTTP Splitting vulnerabilities.
CRLFsuite
The most powerful CRLF injection scanner.
CRLFuzz
A fast tool to scan CRLF vulnerability written in Go.
Cross-site scripting cheat sheet
PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.
crtndtry
Yet another subdomain finder.
crunch
Wordlist generator where you can specify a character set or any set of characters to be used.
csp-analyzer
Analyze CSP header of a given URL.
csprecon
Discover new target domains using Content Security Policy.
cstc
Burp Suite extension that allows request/response modification using a GUI.
ctf-tools
Some setup scripts for security research tools.
CTFR
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
curate
A tool for fetching archived URLs.
CyberChef
A web app for encryption, encoding, compression and data analysis.
DalFox
Powerful open source XSS scanning tool and parameter analyzer, utility.
Dangerous Methods
A Burp Suite extension for finding the use of potentially dangerous methods/functions.
Dastardly Scan Action
Runs a scan using Dastardly by Burp Suite against a target site and generates a report.
DataExtractor
A Burp Suite extension to extract data from source code while browsing.
Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.
default-http-login-hunter
Login hunter of default credentials for administrative web interfaces.
DefaultPassword
Default passwords database sorted by manufacturers.
Demiguise
HTA encryption tool for Red Teams.
DependencyCheck
Utility that detects publicly disclosed vulnerabilities in application dependencies.
Depix
Recovers passwords from pixelized screenshots.
detectify-cves
Find CVEs that don't have a Detectify modules.
differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters.
Dirb
Web Fuzzer.
DirBuster
Multi threaded application to brute force directories and files names on web/application servers.
dirhunt
Find web directories without bruteforce.
dirlstr
Finds Directory Listings or open S3 buckets from a list of URLs.
dirsearch
Web path scanner.
DirSearch
A Go implementation of dirsearch.
Dirstalk
Multi threaded application designed to brute force paths on web servers.
Distribute Damage
Evenly distributes scanner load across targets.
dnscan
Python wordlist-based DNS subdomain scanner.
dnsenum
Enumerates DNS information of a domain and to discover non-contiguous ip blocks.
dnsgen
Generates combination of domain names from the provided input.
DNSProbe
Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
dnsReaper
Subdomain takeover tool for attackers, bug bounty hunters and the blue team!
DNSRecon
DNS Enumeration Script.
DNSTake
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.
dnsX
Fast and multi-purpose DNS toolkit designed for running DNS queries.
docem
Utility to embed XXE and XSS payloads in docx, odt, pptx...
DOM based XSS finder
Chrome extension that finds DOM based XSS vulnerabilities.
DOM XSS Scanner
A tool to scan source code for DOM based XSS vulnerabilities.
dom-red
Small script to check a list of domains against open redirect vulnerability.
Domain Analyzer
Analyze the security of any domain by finding all the information possible. Made in python.
Domain Hunter
Try to find all subdomains, similar-domains and related-domains of an organization.
domained
Multi Tool Subdomain Enumeration.
DOMDig
DOM XSS scanner for Single Page Applications.
DotDotPwn
The Directory Traversal Fuzzer.
DotGit
An extension for checking if .git is exposed in visited websites.
DroneSploit
Drone pentesting framework console.
Drupwn
Drupal enumeration & exploitation tool.
dsieve
Filter and enrich a list of subdomains by level.
DTD Finder
List DTDs and generate XXE payloads using those local DTDs.
dufflebag
Search exposed EBS volumes for secrets.
DumpsterDiver
Tool to search secrets in various filetypes.
dvcs-ripper
Rip web accessible version control systems: svn, git...
Eagle
Vulnerability scanner for mass detection of web-based applications vulnerabilities.
EDD
Ultimate domain enumeration tool.
eLdap-Ldap-Search-and-Filter
A tool that helps users searching and filtering queries in Ldap environment.
EMBA
The security analyzer for firmware of embedded devices.
eos
Enemies Of Symfony - debug mode Symfony looter.
espionage
Collects informations related to domains whois, history, dns records and more.
Evil SQL Client
Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.
evil SSDP
Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.
exfilkit
Data exfiltration utility for testing detection capabilities.
ExifTool
ExifTool meta information reader/writer.
Exploitalert
Exploits found on the INTERNET.
Extended SSRF search
Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.
Extended XSS Searcher and Finder
Scans for different types of XSS on a list of urls.
extract-endpoints
Extract endpoints from source files.
Eyeballer
Convolutional neural network for analyzing pentest screenshots.
EyeWitness
Take screenshots of websites, provide server header info and identify default credentials.
ezXSS
An easy way for penetration testers and bug bounty hunters to test (blind) XSS.
Faraday security
Open source sulnerability management and orchestration platform.
favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
fcrackzip
Zip password cracker.
FDsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Femida
Automated blind-xss search for Burp Suite.
Feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
FestIN
The powered S3 bucket finder and content discover.
ffuf
Fast web fuzzer written in Go.
Fierce
A DNS reconnaissance tool for locating non-contiguous IP space.
Filebuster
An extremely fast and flexible web fuzzer.
FinDOM-XSS
A fast DOM based XSS vulnerability scanner with simplicity.
Findomain
The complete solution for domain recognition.
findsecuritycontacts.com
Scans the top 500 sites daily for their security.txt file or DNS records.
Findsploit
Find exploits in local and online databases instantly.
Fingerprinter
CMS/LMS/Library etc Versions Fingerprinter.
fingerprintx
Standalone utility for service discovery on open ports!
Firebase-Extractor
A tool written in python for scraping firebase data.
FireShodanMap
Realtime map that integrates Firebase, Google Maps and Shodan.
flan
A pretty sweet vulnerability scanner.
Flow
Provides view with filtering capabilities for all requests from all Burp Suite tools.
Fluxion
Fluxion is the future of MITM WPA attacks.
FOCA
Tool to find metadata and hidden information in the documents.
fprobe
Take a list of domains/subdomains and probe for working http/https server.
Freddy Deserialization Bug Finder
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.
FridaAndroidTracer
Android application tracer powered by Frida.
fuzzagotchi
A fuzzing tool written in Go. It helps your pentesting journey.
Fuzzapi
Used for REST API pentesting and provide UI solution for gem.
FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.
fuzzuli
Find critical backup files by creating a dynamic wordlist based on the domain.
GadgetProbe
Probe endpoints consuming Java serialized objects for fingerprinting.
GAP
A Burp Suite extension to find potential endpoints and parameters.
gau
Fetch known URLs from several sources.
gaussrf
Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.
GET-ACQ
Gather all companies acquired by a given company domain name.
getJS
A tool to fastly get all javascript sources/files.
getsploit
Command line utility for searching and downloading exploits.
gf
A wrapper around grep to avoid typing common patterns.
Ghauri
Automates the process of detecting and exploiting SQL injection security flaws.
GHunt
Offensive Google framework.
git-all-secrets
Capture all the git secrets by leveraging multiple open source git searching tools.
git-dumper
A tool to dump a git repository from a website.
git-vuln-finder
Find potential software vulnerabilities from git commit messages.
git-wild-hunt
A tool to hunt for credentials in GitHub wild AKA git*hunt.
GitFive
An OSINT tool to investigate GitHub profiles.
GitGot
Rapidly search through troves of public data on GitHub for sensitive secrets.
gitGraber
Monitor GitHub to search and find sensitive data in real time.
github-subdomains
Find subdomains on GitHub.
GitHunter
A tool for searching a Git repository for interesting content.
gitjacker
Leak git repositories from misconfigured websites.
gitlab-subdomains
Find subdomains on GitLab.
GitMiner
Tool for advanced mining for content on Github.
gitpillage
Extract data from a .git directory.
Gitrob
Reconnaissance tool for GitHub organizations.
gitscraper
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.
GitTools
A repository with 3 tools for pwn'ing websites with .git repositories available.
go-dork
The fastest dork scanner written in Go.
GoAltdns
A permutation generation tool written in golang.
Gobuster
Directory/File, DNS and VHost busting tool written in Go.
GoCloud
Checks whether a domain is hosted on a cloud service.
GoLinkFinder
A fast and minimal JS endpoint extractor.
Gopherus
Generates gopher link for exploiting SSRF and gaining RCE in various servers.
gospider
Fast web spider written in Go.
gotator
Generates DNS wordlists through permutations.
gowitness
A golang, web screenshot utility using Chrome Headless.
grafana-ssrf
Authenticated SSRF in Grafana.
GraphQL Beautifier
Burp Suite extension to help make Graphql request more readable.
GraphQL Threat Matrix
Threat framework to research security gaps in GraphQL implementations.
graphql-introspection-analyzer
Graphql introspection query analyzer.
graphql-path-enum
Lists the different ways of reaching a given type in a GraphQL schema.
GraphQLmap
Scripting engine to interact with a graphql endpoint for pentesting purposes.
graphw00f
GraphQL Server Engine Fingerprinting utility for software security professionals.
GrayhatWarfare
Search for buckets and URL shorteners.
GRecon
Run a Google based passive recon against your scope.
grep.app
Searches code from over a half million public repositories on GitHub.
Ground control
A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
GSAN
Extract subdomains from SSL certificates in HTTPS sites.
gwdomains
Sub domain wild card filtering tool.
GyoiThon
Growing penetration test tool using Machine Learning.
H1 Report Finder
A burpsuite extension to find security reports published on HackerOne based on the selected host.
h1-search
Request the public disclosures on a specific HackerOne program.
h2cSmuggler
HTTP Request Smuggling over HTTP/2 Cleartext.
Hackability
Probe a rendering engine for vulnerabilities and other features.
Hacker101
A free class for web security.
Hackingtool
ALL IN ONE Hacking Tool For Hackers.
Hackvertor
Tag based conversion tool written in Java implemented as a Burp Suite extension.
Hakrawler
Simple, fast web crawler designed for discovery of endpoints and assets within a web application.
hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
haktldextract
Extract domains/subdomains from URLs en masse.
Hamburglar
Collect useful information from urls, directories, and files.
Hash Buster
Crack hashes in seconds.
Hashcat
World's fastest and most advanced password recovery utility
Have i been pwned?
Check if your email or phone is in a data breach.
Hawkeye
Filesystem analysis tool/directory looking for interesting stuff.
headi
Customisable and automated HTTP header injection.
Headless Burp
Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.
Highlighter and Extractor
Collect, categorize and highlight requests and/or responses according to their content.
HostileSubBruteforcer
Bruteforce existing subdomains and provide informations about them.
House
A runtime mobile application analysis toolkit with a Web GUI.
HTTP Request Smuggler
Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.
http-request-smuggling
HTTP Request Smuggling Detection Tool.
HTTPoxy Scanner
A Burp Suite extension that checks for the HTTPoxy vulnerability.
httprebind
Automatic tool for DNS rebinding-based SSRF attacks.
httprobe
Take a list of domains and probe for working HTTP and HTTPS servers.
httpscreenshot
Grabs screenshots and HTML of large numbers of websites.
httpx
HTTP toolkit that allows running multiple probes using the retryablehttp library.
Hydra
Very fast password cracking tool.
IDontSpeakSSL
Simple tool to scan large scope and provide SSL/TLS vulnerabilities.
Injectify
Perform advanced MiTM attacks on websites with ease.
Injectus
CRLF and open redirect fuzzer.
InQL
Burp Extension for GraphQL Security Testing.
IntelSpy
Perform automated network reconnaissance scans to gather network intelligence.
interactsh
An OOB interaction gathering server and client library
Interlace
Turn single threaded command line applications into a fast, multi-threaded application.
IntruderPayloads
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
IPRotate
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
J2EEScan
Improve the test coverage during web application penetration tests on J2EE applications.
Jaeles
The Swiss Army knife for automated Web Application Testing
Java Deserialization Scanner
All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.
John The Ripper
Password cracker tool.
jok3r
Network and Web Pentest Automation Framework.
JoomScan
OWASP Joomla Vulnerability Scanner Project.
JOSEPH
JavaScript Object Signing and Encryption Pentesting Helper.
JS-Scan
A .js scanner, built in PHP, designed to scrape urls and other info.
JSgen
Generate javascript code to be injected in case you find a Server Side Javascript Injection.
JSONBeautifier
JSON Beautifier for Burp written in Java.
JSONBee
A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.
JSParser
Python script to parse relative URLs from JavaScript files.
jSQL Injection
Java application for automatic SQL database injection.
JSShell
An interactive multi-user web JS shell.
JWT cracker
JWT brute force cracker written in C.
JWT Key ID Injector
Simple python script to check against hypothetical JWT vulnerability.
JWT Tool
A toolkit for testing, tweaking and cracking JSON Web Tokens.
jwt-hack
JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.
jwt-heartbreaker
Burp Suite extension to check JWT for using keys from known from public sources.
JWT4B
JWT Support for Burp Suite.
jwtear
Modular command-line tool to parse, create and manipulate JWT tokens.
JWTweak
Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.
Kadimus
Check for and exploit LFI vulnerabilities with a focus on PHP systems.
katana
A next-generation crawling and spidering framework.
Keyfinder
Find and analyze private/public key files and Android APK files.
kicks3
S3 bucket finder from html,js and bucket misconfiguration testing tool.
Knockpy
Knock Subdomain Scan.
Knoxnl
This is a python wrapper around the amazing KNOXSS.
KNOXSS
Online XSS tool with demonstration of vulnerability.
kxss
Adaption of tomnomnom's kxss tool with a different output format.
LazyHunter
A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.
lazys3
Ruby script to bruteforce for AWS s3 buckets using different permutations.
LeakLooker-X
Discover, browse and monitor database/source code leaks.
leakScraper
Set of tools to process and visualize huge text files containing credentials.
Legion
Aids in discovery, reconnaissance and exploitation of information systems.
LFI Suite
Totally Automatic LFI Exploiter and Scanner.
LFI-Enum
Scripts to execute enumeration via LFI