Take it like a gift

toxssin
toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

See-SURF
See-SURF

Detect Vulnerable SSRF parameters.

Findsploit
Findsploit

Find exploits in local and online databases instantly.

Sublert
Sublert

Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

GraphQL Threat Matrix
GraphQL Threat Matrix

Threat framework to research security gaps in GraphQL implementations.

Slack Watchman
Slack Watchman

Monitoring your Slack workspaces for sensitive informations.

SiteBroker
SiteBroker

Utility for information gathering and penetration testing automation.

favicon-hashtrick
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

Arachni
Arachni

Web Application Security Scanner Framework.

adPEAS
adPEAS

Powershell tool to automate Active Directory enumeration.

theHarvester
theHarvester

E-mails, subdomains and names Harvester.

GraphQL Beautifier
GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

B-XSSRF
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

barq
barq

The AWS Cloud Post Exploitation framework!

Vajra
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.