Take it like a gift

goreplay
featured
goreplay

Capture and replay live HTTP traffic in order to continuously test your system with real data.

Corsy
featured
Corsy

CORS Misconfiguration Scanner.

Turbolist3r
Turbolist3r

Subdomain enumeration tool with analysis features for discovered domains.

dvcs-ripper
dvcs-ripper

Rip web accessible version control systems: svn, git...

certSniff
certSniff

A certificate transparency log keyword sniffer written in Python.

LanGuard
LanGuard

Patch management, vulnerability scanning, and network auditing.

Fuzzilli
Fuzzilli

A JavaScript Engine Fuzzer.

bypasswaf
bypasswaf

Add headers to all Burp requests to bypass some WAF products.

attack_range
attack_range

Create vulnerable instrumented local or cloud environments to simulate attacks.

docem
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

GAP
GAP

A Burp Suite extension to find potential endpoints and parameters.

GPT_Vuln-Analyzer
GPT_Vuln-Analyzer

A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.

Acunetix
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

JSgen
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

JS-Tap
JS-Tap

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.