Take it like a gift

Chaos
sponsor
Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

clairvoyance
clairvoyance

Obtain GraphQL API Schema even if the introspection is not enabled.

codeql
codeql

Power security researchers around the world as well as code scanning.

GadgetProbe
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

dnsgen
dnsgen

Generates combination of domain names from the provided input.

Certipy
Certipy

Active Directory Certificate Services enumeration and abuse.

DNSTracer
DNSTracer

Trace the path of a DNS query.

detect-secrets
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

CloudFail
CloudFail

Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.

DependencyCheck
DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

Dradis
Dradis

Collaboration and reporting for infosec teams made simple.

nodejsscan
nodejsscan

A static security code scanner for Node.js applications.

vcsmap
vcsmap

Plugin-based tool to scan public version control systems for sensitive information.

OneFuzz
OneFuzz

A self-hosted fuzzing-as-a-service platform.

owasp MASVS
owasp MASVS

The industry standard for mobile application security.