Take it like a gift

smbmap
smbmap

A handy SMB enumeration tool.

DefaultPassword
DefaultPassword

Default passwords database sorted by manufacturers.

pingcastle
pingcastle

Get Active Directory security at 80% in 20% of the time.

GitGot
GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

Cross-site scripting cheat sheet
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

SUID3NUM
SUID3NUM

Standalone script to enumerate SUID binaries, separate default binaries from customs.

J2EEScan
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

parameth
parameth

Brute discover GET and POST parameters.

EagleEye
EagleEye

Stalk your friends on social media using image recognition and reverse image search.

Tamper Dev
Tamper Dev

Allows you to intercept and edit HTTP/HTTPS requests and responses.

XSRFProbe
XSRFProbe

The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.

CORStest
CORStest

A simple CORS misconfiguration scanner.

Metabigor
Metabigor

Intelligence tool to do OSINT tasks and more but without any API key.

Certificate Ripper
Certificate Ripper

A CLI tool to extract server certificates.

timesketch
timesketch

Collaborative forensic timeline analysis.