Take it like a gift

The offensive manual web application penetration testing framework.

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

The unix-way web crawler.

OSINT tool to find usernames across 80+ social media and social networking sites.

Gather and update all available and newest CVEs with their PoC.

Customisable and automated HTTP header injection.

Blazing-fast tool to grab screenshots of your domain list right from terminal.

Go shellcode loader that combines multiple evasion techniques.

Generates permutations, alterations and mutations of subdomains and then resolves them.

Auto Scanning to SSL Vulnerability.

Discover the netblocks or ranges (in CIDR notation) owned by the target organization.

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.

Automate your application security orchestration and correlation (ASOC).

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.