Take it like a gift

off-by-slash
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

toxssin
toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

pphack
pphack

The most advanced client-side prototype pollution scanner.

mx-takeover
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

XXEinjector
XXEinjector

Exploitation of XXE vulnerability using direct and different out of band methods.

lk_scraper
lk_scraper

A fully configurable LinkedIn scraper: scrape anything within LinkedIn.

Windows Exploit Suggester
Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

PsMapExec
PsMapExec

A PowerShell tool heavily inspired by the popular tool CrackMapExec/NetExec.

WhatRuns
WhatRuns

Discover what runs a website.

MagicRecon
MagicRecon

A powerful shell script to maximize the recon and data collection process.

What CMS
What CMS

Detect which CMS a site is using.

LibAFL
LibAFL

Advanced fuzzing librar. Slot your fuzzers together and extend their features using Rust.

Mass3
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

WhatWeb
WhatWeb

Next generation web scanner.

qira
qira

QEMU Interactive Runtime Analyser.