Take it like a gift

httpscreenshot
httpscreenshot

Grabs screenshots and HTML of large numbers of websites.

Damn Vulnerable Bank
Damn Vulnerable Bank

A vulnerable Android application with an interface to test your mobile hacking skills.

EndPointer
EndPointer

An extension that auto extracts URLs from the current webpage and JS files.

Femida
Femida

Automated blind-xss search for Burp Suite.

favicon-hashtrick
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

evil-winrm
evil-winrm

The ultimate WinRM shell for hacking/pentesting.

EagleEye
EagleEye

Stalk your friends on social media using image recognition and reverse image search.

ggshield
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

BaRMIe
BaRMIe

Enumerating and attacking Java Remote Method Invocation services.

DNSTake
DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

Censys subdomain finder
Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

gitjacker
gitjacker

Leak git repositories from misconfigured websites.

cheat.sh
cheat.sh

The only cheat sheet you need.

FDsploit
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

gitpillage
gitpillage

Extract data from a .git directory.