Take it like a gift

qsfuzz
qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

Wapiti
Wapiti

The web-application vulnerability scanner.

Tamper Dev
Tamper Dev

Allows you to intercept and edit HTTP/HTTPS requests and responses.

sshLooter
sshLooter

Script to steal passwords from ssh.

sub404
sub404

A fast tool to check subdomain takeover vulnerability.

lyncsmash
lyncsmash

Locate and attack Lync and Skype for Business.

MSOLSpray
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

PentesterLand
PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

sslstrip
sslstrip

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

SynapsInt
SynapsInt

Consulting different intelligence services, search engines and datasets for OSINT.

ThievingFox
ThievingFox

Post-exploitation tools to gather credentials from various password managers and Windows utilities.

svn-extractor
svn-extractor

Simple script to extract all web resources by means of .SVN folder exposed over network.

SQLiScanner
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

SSRF Sheriff
SSRF Sheriff

A simple SSRF-testing sheriff written in Go.

subjs
subjs

Fetches javascript file from a list of URLS or subdomains.