Take it like a gift

pwning IPv4 via IPv6.

Open-source penetration testing tool that automates the process of exploiting XSS.

Point-and-click tool for producing advanced clickjacking and frame-slicing attacks.

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

Search Bug Bounty writeups easily.

Find vulnerabilities, compliance issues and infrastructure misconfigurations in your IAC.

Performs buckets checks from a given list of subdomains.

Analyze Content-Security-Policy header of a given URL.

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.

Find secrets, paths or links in the source code.

A CLI tool to extract server certificates.

Self contained web shells and other attacks via .htaccess files.

A self-hosted WAF to protect web applications from cyber attacks.

Displays stats and graphs about your Bug Bounty activity.