Take it like a gift

PCredz
PCredz

This tool extracts secrets from a pcap file or from a live interface.

falco
falco

Cloud native runtime security.

cheat.sh
cheat.sh

The only cheat sheet you need.

Arjun
Arjun

HTTP parameter discovery suite.

Dome
Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

SSTImap
SSTImap

Automatic SSTI detection tool with interactive interface.

dnstwist
dnstwist

Domain name permutation engine for detecting several types of attacks.

mass-s3-bucket-tester
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

mentalist
mentalist

Graphical tool for custom wordlist generation.

Csper
Csper

The most advance set of Content Security Policy tools.

testssl.sh
testssl.sh

Testing TLS/SSL encryption anywhere on any port.

DNSMORPH
DNSMORPH

Domain name permutation engine written in Go.

SSRFire
SSRFire

An automated SSRF finder. Just give the domain name and your server and chill!

Argus-SAF
Argus-SAF

Static analysis framework built in house to do security vetting for Android applications.

backslash-powered-scanner
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.