Take it like a gift

FlowMate
FlowMate

A Burp Suite extension that brings taint analysis to web applications, by tracking all parameters.

Knockpy
Knockpy

Knock Subdomain Scan.

JWTweak
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

Bypass URL Parser
Bypass URL Parser

Tool that tests MANY url bypasses to reach a 40X protected page.

Google Recaptcha Solver
Google Recaptcha Solver

Solve Google reCAPTCHA in less than 5 seconds!

DNSRecon
DNSRecon

DNS Enumeration Script.

Arjun
Arjun

HTTP parameter discovery suite.

Hydra
Hydra

Very fast password cracking tool.

Csper
Csper

The most advance set of Content Security Policy tools.

jsluice
jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

HackTricks
HackTricks

Find trick/technique/whatever learnt from CTFs, real life apps, reading researches, and news.

Femida
Femida

Automated blind-xss search for Burp Suite.

CMSmap
CMSmap

CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

gitlab-subdomains
gitlab-subdomains

Find subdomains on GitLab.

HTSHELLS
HTSHELLS

Self contained web shells and other attacks via .htaccess files.