Take it like a gift

Extract endpoints from source files.

Collects subdomains and analyzes domains performing automated reconnaissance.

Small, fast tool for performing reverse DNS lookups en masse.

An interactive shell to perform analysis on Instagram account of any users by its nickname.

Infect an existing Android application with a Meterpreter payload.

Improve the test coverage during web application penetration tests on J2EE applications.

An interactive TLS-capable intercepting HTTP proxy.

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

Extract domains/subdomains from URLs en masse.

Tool for automating customized attacks against web applications.

Search the entire internet by data in TLS certificates.

A Windows/Samba enumeration tool with additional features like JSON/YAML export.

VM that is built from the ground up with a large amount of security vulnerabilities.

The world's most widely used web app scanner.

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.