Take it like a gift

HackTricks
HackTricks

Find trick/technique/whatever learnt from CTFs, real life apps, reading researches, and news.

Findomain
Findomain

The complete solution for domain recognition.

leakScraper
leakScraper

Set of tools to process and visualize huge text files containing credentials.

open-sesame
open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

graftcp
graftcp

A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.

HostileSubBruteforcer
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

HasMySecretLeaked
HasMySecretLeaked

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.

FOCA
FOCA

Tool to find metadata and hidden information in the documents.

Ground control
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

hardCIDR
hardCIDR

Discover the netblocks or ranges (in CIDR notation) owned by the target organization.

DNSCewl
DNSCewl

A DNS bruteforcing wordlist generator.

Headless Burp
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

Gorsair
Gorsair

Gives root access on remote docker containers that expose their APIs.

caido
caido

A lightweight web security auditing toolkit.

Burp-Encode-IP
Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.