A vast collection of security tools for bug bounty, pentest and red teaming
#all


Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.






proxify
Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.




mapcidr
Small utility program to perform multiple operations for a given subnet/CIDR ranges.




DNSProbe
Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.










Java Deserialization Scanner
All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.




ffufPostprocessing
Golang tool which helps dropping the irrelevant entries from your ffuf result file.














CarbonCopy
Creates a spoofed certificate of any online website and signs an executable for AV evasion.




Invoke-PSImage
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.




SSRFPwned
Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

























securityonion
Free and open platform for threat hunting, enterprise security monitoring, and log management.


GCPBucketBrute
Enumerate Google Storage buckets, check the access and if they can be privilege escalated.






EAPHammer
Targeted attacks against WPA2-Enterprise networks, wireless pivots using hostile portal attacks.

jsfinder
Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.





















WebInspect
An automated dynamic testing solution that provides comprehensive vulnerability detection.




















RedTeam_toolkit
Open source Django offensive webapp which is keeping the best tools used in the redteaming.





















Vajra
UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

TrevorC2
A legitimate website that tunnels client/server communications for covert command execution.









Pentest Mapper
Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.














SpoolSploit
Collection of Windows print spooler exploits and other utilities for practical exploitation.






undetected-chromedriver
Optimized Selenium Chromedriver patch which does not trigger anti-bot services.







ggshield
Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.







Qualys Cloud Platform
The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.


























GitHacker
A Git source leak exploit tool that restores the entire Git repository, including data from stash.



Nosey Parker
Command-line tool that finds secrets and sensitive information in textual data and Git history.



Offensive-Azure
Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.


















Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.


Oculus
OSINT tool used to discover environments, directories, and subdomains of a particular domain.










DirBuster
Multi threaded application to brute force directories and files names on web/application servers.

Highlighter and Extractor
Collect, categorize and highlight requests and/or responses according to their content.


















Windows Exploit Suggester
Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.





padding-oracle-attacker
Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

Runtime Mobile Security
A powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.








Nessus database export
Export Nessus results to a relational database for use in reports, analysis, or whatever else.



SweetPotato
A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.





burp-exporter
Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.



eLdap-Ldap-Search-and-Filter
A tool that helps users searching and filtering queries in Ldap environment.
















Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.




Yet Another Sniffer
A network analyzer that make easy to extract informations about network traffic.




differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

