Take it like a gift

Crack hashes in seconds.

Authentication Token Obtain and Replace Extender.

An extension that auto extracts URLs from the current webpage and JS files.

Checks if a list of domains can be spoofed based on SPF and DMARC records.

A CLI tool to extract server certificates.

Script to steal passwords from ssh.

A Burp Suite content discovery plugin that add the smart into the Buster.

Take screenshots of websites, provide server header info and identify default credentials.

Just a quick inventory, reminder and launcher for pentest commands.

Java decompiler, assembler, and disassembler.

DOM XSS scanner for Single Page Applications.

Monitor AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

A golang utility to spider through a website searching for additional links.

Subdomains enumeration tool for penetration testers.

Extracts cookies from Chrome.