Take it like a gift

JS Recon Buddy
featured
JS Recon Buddy

A passive browser extension to find secrets, endpoints and XSS sinks in JS and HTML.

Invoke-TmpDavFS
Invoke-TmpDavFS

Memory Backed Powershell WebDav Server.

Knoxnl
Knoxnl

This is a python wrapper around the amazing KNOXSS.

JPEXS
JPEXS

Free Flash decompiler.

TugaRecon
TugaRecon

Subdomains enumeration tool for penetration testers.

jsfinder
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

JNDI-Injection-Exploit
JNDI-Injection-Exploit

Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.

kicks3
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

Klyda
Klyda

Highly configurable script for dictionary/spray attacks against online web applications.

jSQL Injection
jSQL Injection

Java application for automatic SQL database injection.

Built With
Built With

Find out what websites are Built With.

c{api}tal
c{api}tal

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

KICS
KICS

Find vulnerabilities, compliance issues and infrastructure misconfigurations in your IAC.

Kerbeus-BOF
Kerbeus-BOF

Beacon Object Files for Kerberos abuse.

John Hammond
John Hammond

John Hammond YouTube channel.