Take it like a gift

nexfil
featured
nexfil

OSINT tool for finding profiles by username.

Cross-site scripting cheat sheet
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

SecurityTrails
SecurityTrails

Data for Security companies, researchers and teams.

DivideAndScan
DivideAndScan

Divide full port scan results and use it for targeted Nmap runs.

netdiscover
netdiscover

Network address discovering tool.

phpsploit
phpsploit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.

CRLF-Injection-Scanner
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

sonarqube
sonarqube

Continuous inspection.

vhosts-sieve
vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

pivotnacci
pivotnacci

A tool to make socks connections through HTTP agents.

crowdsec
crowdsec

Offers crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

codeql
codeql

Power security researchers around the world as well as code scanning.

Hackability
Hackability

Probe a rendering engine for vulnerabilities and other features.

HardHat C2
HardHat C2

A cross-platform, collaborative, Command & Control framework.

Security Monkey
Security Monkey

Monitor AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.