#all

sponsor

alterx

Fast and customizable subdomain wordlist generator using DSL.

sponsor

nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

sponsor

Villain

Backdoor generator and multi-session handler for sessions sharing among connected sibling servers.

sponsor

hoaxshell

Windows reverse shell payload generator and handler that abuses the http(s) protocol.

sponsor

Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

sponsor

psudohash

Password list generator for orchestrating brute force attacks.

sponsor

Shells

A script for generating common revshells fast and easily.

sponsor

Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

sponsor

dnsX

Fast and multi-purpose DNS toolkit designed for running DNS queries.

sponsor

tlsx

Fast and configurable TLS grabber focused on TLS based data collection.

sponsor

ASNmap

Quickly maps organization network ranges using ASN information.

sponsor

cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

sponsor

httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

sponsor

mapcidr

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

sponsor

uncover

Quickly discover exposed hosts on the internet using multiple search engines.

sponsor

katana

A next-generation crawling and spidering framework.

sponsor

interactsh

An OOB interaction gathering server and client library

sponsor

proxify

Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.

sponsor

DNSProbe

Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

sponsor

shuffleDNS

Enumerate valid subdomains using active bruteforce and DNS resolution.

sponsor

Subfinder

Discovery tool that discovers valid subdomains for websites.

sponsor

Naabu

A fast port scanner written in go with a focus on reliability and simplicity.

sponsor

Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

featured

zmap

Fast single packet network scanner designed for Internet-wide network surveys.

featured

Locksmith

Detect and fix common misconfigurations in Active Directory Certificate Services.

featured

GeoWordlists

Generate wordlists of passwords containing cities at a defined distance around the client city.

featured

GodPotato

Privilege escalation tool for Windows.

featured

Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services.

featured

pwncat

Netcat on steroids with many extra features.

featured

Web Crawler Security Tool

A web crawler oriented to infosec.

featured

Certificate Ripper

A CLI tool to extract server certificates.

featured

SleuthQL

Burp History parsing tool to discover potential SQL injection points.

featured

CRLFMap

CRLFMap is a tool to find HTTP Splitting vulnerabilities.

Arsenal

Just a quick inventory, reminder and launcher for pentest commands.

brutas

Wordlists handcrafted and automated with <3

fscan

Kscan is an asset mapping tool.

Supernova

Real fucking shellcode encryptor & obfuscator tool.

PsMapExec

A PowerShell tool heavily inspired by the popular tool CrackMapExec/NetExec.

onedrive_user_enum

Enumerate valid o365 users.

SysWhispers

AV/EDR evasion via direct system calls.

icmpdoor

An ICMP reverse shell written in Python3 and scapy.

creepyCrawler

Crawl a site and extract useful informations for recon.

Amnesiac

Post-exploitation framework designed to assist with lateral movement within Active Directory.

Pop

Send emails from your terminal.

MultiDump

Post-exploitation tool for dumping and extracting LSASS memory discreetly.

Certify

Active Directory certificate abuse.

ThievingFox

Post-exploitation tools to gather credentials from various password managers and Windows utilities.

hauditor

Analyze the security headers returned by a web page and report dangerous configurations.

De4py

toolkit for python reverse engineering.

CVEMap

Navigate the CVE jungle with ease using CLI tool designed to provide a structured interface.

WhatRuns

Discover what runs a website.

ScrapedIn

Scrape LinkedIn without API restrictions for data reconnaissance.

Template INJection Analyzer

CLI tool for testing web pages for template injection vulnerabilities.

Watson

Enumerate missing KBs and suggest exploits for useful privilege escalation vulnerabilities.

linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels.

Ligolo-ng

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files.

spoofcheck

Simple script that checks a domain for email protection.

SmuggleFuzz

A rapid HTTP downgrade smuggling scanner written in Go.

Damn Vulnerable RESTaurant

An intentionally vulnerable web API game for learning and training purposes.

Seatbelt

Performs security oriented safety checks relevant from offensive/defensive security perspectives.

Valid8Proxy

Tool designed for fetching, validating, and storing working proxies.

NetProbe

A tool you can use to scan for devices on your network.

SiCat

Advanced exploit search tool designed to identify and gather information about exploits.

Powermad

PowerShell MachineAccountQuota and DNS exploit tools.

Kekeo

A little toolbox to play with Microsoft Kerberos in C.

Invoke-ACLPwn

Automates the discovery and pwnage of ACLs in Active Directory that are unsafe configure.

Genzai

Helps to identify IoT related dashboards and scan them for default passwords.

endoflife.date

Informative site with EoL dates of everything.

WebCopilot

Automation tool designed to enumerate subdomains and detect bugs using different open-source tools.

D3m0n1z3dShell

An advanced tool for persistence in Linux.

JS-Tap

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant.

Gsec

Web security scanner.

LocalPotato

Another local Windows privilege escalation using a new potato technique.

LEAKEY

Bash script which checks and validates for leaked credentials.

DVenom

Helps to bypass antiviruses by providing an encryption wrapper and loader for your shellcode.

MetaDetective

Unleash metadata intelligence, bridging the chasm in metadata extraction and analysis.

HARpwn

Designed to streamline the extraction and sanitization of HARTokens from HTTP archives.

Moriarty

Designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential.

GTFONow

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

moonwalk-back

Cover your tracks during Linux exploitation by leaving zero traces on the exploited system.

secbutler

The perfect butler for pentesters, bug-bounty hunters and security researchers.

Porch-Pirate

The most comprehensive Postman recon / OSINT client and framework.

DeepSecrets

Secrets scanner that understands code.

Mosint

An automated e-mail OSINT tool.

ShuckNT

Dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard.

WinFiHack

Windows WiFi brute forcing utility without the requirement of external dependencies.

b374k

PHP Webshell with handy features.

cheat.sh

The only cheat sheet you need.

FinalRecon

All In One Web Recon.

Kubesploit

Cross-platform command & control server and agent focused on containerized environments.

Lookyloo

Allows users to capture a website page and then display a tree of domains that call each other.

whonow

A malicious DNS server for executing DNS Rebinding attacks on the fly.

FruityWifi

Wireless network auditing tool.

postleaks

Search for sensitive data in Postman public library.

HackTricks

Find trick/technique/whatever learnt from CTFs, real life apps, reading researches, and news.

Rootkit Hunter

Scans for rootkits, backdoors and possible local exploits.

Kage

Graphical user interface for Metasploit Meterpreter and session handler.

zsteg

Detect stegano-hidden data in PNG & BMP.

chkrootkit

Locally checks for signs of a rootkit.

gittyleaks

Find sensitive information for a git repo.

BlueHound

Pinpoint the security issues that actually matter.

pingcastle

Get Active Directory security at 80% in 20% of the time.

harpoon

CLI tool for open source and threat intelligence.

sulley

A pure-python fully automated and unattended fuzzing framework.

OSINT-Framework

OSINT Framework.

RedEye

RedEye is a visual analytic tool supporting Red & Blue Team operations.

boofuzz

Network protocol fuzzing for humans.

ThreatMapper

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

MITRE ATT&CK

Knowledge base of adversary tactics and techniques based on real-world observations.

DSStoreView

DS_Store file parser/viewer.

RedELK

Tool for Red Teams used for tracking and alarming about Blue Team activities.

kerbrute

Bruteforce and enumerate Active Directory accounts through Kerberos pre-authentication.

JPEXS

Free Flash decompiler.

nexfil

OSINT tool for finding profiles by username.

IVRE

Network recon framework.

OpenCTI

Open Cyber Threat Intelligence Platform.

driftctl

Detect, track and alert on infrastructure drift.

cve-search

A tool to perform local searches for known vulnerabilities.

Quasar

Remote administration tool for Windows.

rekall

Rekall Memory Forensic Framework.

Velociraptor

Endpoint visibility and collection tool.

CUPP

Common User Passwords Profiler.

The HTTP Garden

Differential testing and fuzzing of HTTP servers and proxies.

pipedream

Collect HTTP or webhook requests and inspect them in a human-friendly way.

webhook.site

Easily test HTTP webhooks with this handy tool that displays requests instantly.

hetty

An HTTP toolkit for security research.

ImHex

Hex editor for reverse engineers, programmers and people who value their retinas when working at 3am.

django-DefectDojo

DevSecOps, ASPM, Vulnerability Management.

tfsec

Security scanner for your Terraform code.

trape

People tracker on the Internet: OSINT analysis and research tool.

zdns

Fast CLI DNS lookup tool.

zgrab

Fast Go application scanner.

holehe

Check if the mail is used on different sites and retrieve informations on sites.

sandsifter

The x86 processor fuzzer.

androguard

Reverse engineering and pentesting for Android applications.

pphack

The most advanced client-side prototype pollution scanner.

tsunami-security-scanner

Network security scanner with an extensible plugin system.

sonarqube

Continuous inspection.

objection

Runtime mobile exploration.

EagleEye

Stalk your friends on social media using image recognition and reverse image search.

peda

Python Exploit Development Assistance for GDB.

axiom

Distribute the workload of many different scanning tools with ease.

wifijammer

Continuously jam all wifi clients/routers.

Modlishka

A powerful and flexible HTTP reverse proxy.

PhoneSploit-Pro

Remotely exploit Android devices using ADB and Metasploit.

nodejsscan

A static security code scanner for Node.js applications.

SocialFish

Phishing tool & information collector.

Semgrep

Lightweight static analysis for many languages.

mvt

Helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Havoc

Modern and malleable post-exploitation command and control framework.

metasploitable

VM that is built from the ground up with a large amount of security vulnerabilities.

GOAD

Game of Active Directory.

merlin

Cross-platform post-exploitation HTTP/2 Command & Control server and agent.

Zphisher

An automated phishing tool with 30+ templates.

CMSScan

Scan Wordpress, Drupal, Joomla, vBulletin websites for security issues.

vbscan

A black box vBulletin vulnerability scanner.

UglifyJS

A JavaScript parser, minifier, compressor and beautifier toolkit.

changedetection.io

Page change monitoring with alerts a breezem, the best way to monitor website changes.

x64dbg

An open-source user mode debugger for Windows for reverse engineering and malware analysis.

Apktool

A tool for reverse engineering Android APK files.

lynis

Security auditing tool for Linux, macOS, and UNIX-based systems.

pwntools

CTF framework and exploit development library.

twint

Twitter scraping & OSINT tool allowing you to scrape a user's followers, following, tweets and more.

tinfoleak

The most complete open-source tool for Twitter intelligence analysis.

bore

A simple CLI tool for making tunnels to localhost.

pupy

Opensource, cross-platform C2 and post-exploitation framework written in python and C.

honggfuzz

A security oriented software fuzzer.

Osintgram

An interactive shell to perform analysis on Instagram account of any users by its nickname.

mana

Wifi rogue AP attacks and MitM.

osintname

Generate emails and usernames.

exiv2

Image metadata library and tools.

Parsero

Robots.txt audit tool.

qemu

A generic and open source machine emulator and virtualizer.

mfoc

Mifare classic offline cracker.

terraform

Enables you to safely and predictably create, change, and improve infrastructure.

jadx

Dex to Java decompiler.

nasm

A cross-platform x86 assembler with an Intel-like syntax.

Xenotix

An advanced Cross Site Scripting vulnerability detection and exploitation framework.

DOMPurify

A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

wazuh

The open source security platform.

MapperPlus

An advanced source map extractor based on headless browser.

wtfis

Passive hostname, domain and IP lookup tool for non-robots.

infer

A static analyzer for Java, C, C++, and Objective-C.

qark

Look for several security related Android application vulnerabilities.

pmd

An extensible multilanguage static code analyzer.

writehat

A pentest reporting tool.

mentalist

Graphical tool for custom wordlist generation.

wacker

A WPA3 dictionary cracker.

ParrotSec

The ultimate framework for your cyber security operations.

LibAFL

Advanced fuzzing librar. Slot your fuzzers together and extend their features using Rust.

graphql-armor

The missing GraphQL security security layer.

Linpmem

The Linux memory acquisition tool.

WinPmem

The Windows memory acquisition tool.

BBstats

Displays stats and graphs about your Bug Bounty activity.

Swagger Jacker

Designed to assist with auditing of exposed Swagger/OpenAPI) definition files.

Kerbeus-BOF

Beacon Object Files for Kerberos abuse.

sliver

Adversary emulation framework.

bounty-targets

Crawls bug bounty platform scopes.

BountyDash

Combine your rewards from platforms giving you insights about your bug hunting progress.

brakeman

Static analysis security vulnerability scanner for Ruby on Rails applications.

codeql

Power security researchers around the world as well as code scanning.

Sort++

The next generation Snort Intrusion Prevention System.

Acra

Database protection suite with field level encryption and intrusion detection.

Astra

Automated Security Testing For REST API's.

GSIL

GitHub Sensitive Information Leakage.

a2sv

Auto Scanning to SSL Vulnerability.

Csper

The most advance set of Content Security Policy tools.

Charles

HTTP proxy / monitor / reverse proxy that allows to view all of the HTTP(S) traffic.

OSS-Fuzz

Continuous Fuzzing for Open Source Software.

CRYPTOHACK

A fun, free platform for learning modern cryptography.

Argus-SAF

Static analysis framework built in house to do security vetting for Android applications.

oyente

An analysis tool for smart contracts.

king-phisher

Phishing Campaign Toolkit.

DVRF

The Damn Vulnerable Router Firmware project.

mythril

Security analysis tool for EVM bytecode that supports smart contracts builds.

FireBounty

The ultimate Vulnerability Disclosure Policy and Bug Bounty list!

Canarytokens

Track activity and actions on your network.

ipsourcebypass

Bypass IP source restrictions using HTTP headers.

Social Mapper

A social media enumeration & correlation tool.

Infection Monkey

Test a data center's resiliency to perimeter breaches and internal server infection.

LFIDump

Dump remote files through a local file read or Local File Inclusion web vulnerability.

CLZero

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling attack vectors.

avet

AntiVirus Evasion Tool.

crowbar

Brute forcing tool that support several uncommon protocols.

msfpc

A quick way to generate various basic Meterpreter payloads via MSFvenom.

mitm6

pwning IPv4 via IPv6.

SharPersist

Windows persistence toolkit written in C#.

Commando VM

Fully customizable Windows-based pentesting virtual machine distribution.

HEKATOMB

Connects to LDAP directory to retrieve all computers and users informations.

tun2socks

Handle all network traffic of any internet programs sent by the device through a proxy.

NetExec

Network service exploitation tool that helps automate assessing the security of large networks.

MANSPIDER

Spider entire networks for juicy files sitting on SMB shares.

Certipy

Active Directory Certificate Services enumeration and abuse.

OpenBuckets

Online platform for finding open buckets in cloud storage systems effortlessly.

BucketLoot

An automated S3-compatible bucket inspector.

volatility

The volatile memory extraction framework.

netdiscover

Network address discovering tool.

dnswalk

A DNS database debugger.

evil-winrm

The ultimate WinRM shell for hacking/pentesting.

macchanger

Makes the maniputation of MAC addresses of network interfaces easier.

bxss.net

Web service that allows for detection Blind XSS vulnerabilities within web applications.

BounceBack

Stealth redirector for your red team operation security.

PrivacyNet

Allow users to route Internet traffic through Tor and hide their real IP address.

cvecrowd.com

Lists CVEs that are currently being discussed on the social network Mastodon.

certs.io

Search the entire internet by data in TLS certificates.

HackingHub

Join the front line of the internet, learn applicable cyber security skills.

TrafficWatch

A packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files.

DNSWatch

DNS traffic sniffer and analyzer.

ppfuzz

A fast tool to scan client-side prototype pollution vulnerability written in Rust.

graphql-voyager

Represent any GraphQL API as an interactive graph.

sourcemapper

Extract JavaScript source trees from source map files.

XnlReveal

A Chrome browser extension to show alerts for several hidden elements.

IPFuscator

A tool to automatically generate alternative IP representations.

HardeningKitty

Checks and hardens your Windows configuration.

Built With

Find out what websites are Built With.

Tool WPXStrike

Escalate a Cross-Site Scripting vulnerability to Remote Code Execution in WordPress.

CyberSec Quizzes

Test your knowledge on cyber security and practice for industry recognised certifications.

Bypass-403

A simple script just made for self use for bypassing 403.

CloudFlair

Find origin servers of websites behind Cloudflare by using Internet-wide scan data from Censys.

octosuite

An all-in-one GitHub open-source intelligence framework.

msLDAPDump

LDAP enumeration tool implemented in Python3.

Sirius

Truly open-source general purpose vulnerability scanner.

gcp_scanner

A comprehensive scanner for Google Cloud.

ILSpy

NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!.

HasMySecretLeaked

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.

dmut

Perform permutations, mutations and alteration of subdomains.

cve-collector

Simple latest CVE collector written in Python.

Free Certifications

A curated list of free courses & certifications.

certmitm

A tool for testing for certificate validation vulnerabilities of TLS connections.

Tool capa

The FLARE team's open-source tool to identify capabilities in executable files.

TEx

Telegram Explorer created to help researchers, investigators and law enforcement agent.

PersistenceSniper

Hunt persistences implanted in Windows machines.

Inspeckage

Android package inspector.

bbradar.io

Fetches latest bug bounty programs from many platforms and consolidates them in one place.

DivideAndScan

Divide full port scan results and use it for targeted Nmap runs.

HAITI

Hash type identifier.

RustHound

Active Directory data collector for BloodHound written in Rust.

Redacted Request

Enhance the security and confidentiality of HTTP request handling within the Burp Suite.

ScriptSentry

ScriptSentry finds misconfigured and dangerous logon scripts.

Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.

SBOMb

SBOM parser that performs cursory vulnerability assessment.

SynapsInt

Consulting different intelligence services, search engines and datasets for OSINT.

dot

The Deepfake Offensive Toolkit.

PurpleOps

An open-source self-hosted purple team management web application.

waf-bypass

Check your WAF before an attacker does.

slither

Static analyzer for Solidity.

cerbrutus

Network brute force tool, faster than other existing solutions.

pwnagotchi

Deep reinforcement learning instrumenting bettercap for WiFi pwning.

wifi-bruteforcer-fsecurify

Android application to brute force WiFi passwords without requiring a rooted device.

droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs.

ufonet

Denial of Service Toolkit.

WhatBreach

OSINT tool to find breached emails, databases, pastes, and relevant information.

Hijacker

GUI for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver.

trackerjacker

Like nmap for mapping wifi networks you're not connected to, plus device tracking.

SharpC2

Command and Control Framework written in C#.

NimPlant

A light-weight first-stage C2 implant written in Nim.

jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

WeakestLink

Browser extension that extracts users from LinkedIn company pages.

brute ratel

A customized command and control center for red team and adversary simulation.

jswzl

Improve your web application aecurity testing with rich data from static analysis.

subzy

Subdomain takeover vulnerability checker.

BackupKiller

Generate wordlist based on the URLs to check for backup, installation, etc files.

Pspy

Unprivileged Linux process snooping.

wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths.

Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...

Scavenger

Burp Suite extension to create target specific and tailored wordlist from burp history.

GatherContacts

Burp Suite extension to pull employee names from Google and Bing LinkedIn search results.

WhoisXMLAPI

Domain & IP data intelligence for greater enterprise security.

DeHashed

DeHashed provides free deep-web scans and protection against credential leaks.

xurlfind3r

A cli utility to find domain's known URLs from curated passive online sources.

Cake Fuzzer

Cutting-edge project designed to automate the continuous discovery of vulnerabilities in webapps.

resolvers

The most exhaustive list of reliable DNS resolvers.

Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

caido

A lightweight web security auditing toolkit.

ripgen

Rust-based high performance domain permutation generator.

karma v2

Passive open source intelligence automated reconnaissance.

shosubgo

Small tool to grab subdomains using Shodan API.

BurpGPT

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan.

go-stare

A fast & light web screenshot without headless browser but Chrome DevTools protocol.

bbot

OSINT automation for hackers.

FavFreak

Making favicon.ico based recon great again.

evilgophish

Combination of evilginx3 and GoPhish.

GoPhish

Open-source phishing toolkit.

Pyscan

A dependency vulnerability scanner for your python projects, straight from the terminal.

BugProve

Automated firmware analysis tool for composition analysis and vulnerability scanning.

SMBAT

Find secrets in file and secret files among the SMB target shares.

Rapidscan

The multi tool web vulnerability scanner.

plution

Prototype pollution scanner using headless chrome.

PwnDoc

Pentest report generator.

Jira-Lens

Fast and customizable vulnerability scanner for Jira.

al-khaser

Public malware techniques used in the wild: virtual machine, emulation, debuggers.

traitor

Automatic Linux privilege escalation via exploitation of low-hanging fruit.

pydictor

A powerful and useful hacker dictionary builder for a brute-force attack.

spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

WINspect

Powershell-based Windows security auditing toolbox.

fuxploider

File upload vulnerability scanner and exploitation tool.

hping

Network tool able to send custom TCP/IP packets.

AhMyth Android RAT

Android remote administration tool.

AttifyOS

Distribution for pentesting IoT devices.

Empire

Post-exploitation and adversary emulation framework that is used to aid Red Teams and pentesters.

Starkiller

Starkiller is a frontend for Empire.

Caldera

Automated adversary emulation platform.

BloodHound

Six Degrees of Domain Admin.

CrackMapExec

A swiss army knife for pentesting networks.

CrossLinked

LinkedIn enumeration tool to get employee names from an organization using scraping.

Infoga

Email OSINT.

SharpCookieMonster

Extracts cookies from Chrome.

cookie_crimes

Read local Chrome cookies without root or decrypting.

TokenTactics

Azure JWT token manipulation toolset.

Mr.SIP

SIP-based audit and attack tool.

MobSF

All-in-one mobile application pentesting, malware analysis and security assessment framework.

cve

Gather and update all available and newest CVEs with their PoC.

Offensive Security

Offensive Security Youtube channel.

Damn Vulnerable Bank

A vulnerable Android application with an interface to test your mobile hacking skills.

Synergy-httpx

Http(s) server designed to host resources dynamically or act as a receiver for POST data intercepts.

P4wnP1 A.L.O.A.

Turn a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming or PE.

binwalk

Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

proxmark3

RFID tool designed to snoop, listen and emulate everything from Low to High Frequency tags.

HTSHELLS

Self contained web shells and other attacks via .htaccess files.

pwnat

Punch holes through firewalls/NATs where both clients and servers can be behind separate NATs.

egressbuster

Check egress filtering and identify if ports are allowed to automatically spawn a shell.

ctftool

Interactive CTF exploration tool.

LDAP Relay Scan

Check for LDAP protections regarding the relay of NTLM authentication.

demovfuscator

A work-in-progress deobfuscator for movfuscated binaries.

M/o/Vfuscator

The single instruction C compiler.

OSINT-SPY

Perform OSINT scan on email/domain/ip address/organization.

pywerview

A (partial) Python rewriting of PowerSploit's PowerView.

AndroSet

Manage Burp Suite certificate in Android to redirect all traffic to Burp Suite.

Prenum

The perils of the pre-Windows 2000 compatible access group in a Windows domain.

smbcrawler

No-nonsense tool that takes credentials and a list of hosts and crawls through those shares.

PS2

A port scanner written purely in PowerShell.

passiveDNS

A network sniffer that logs all DNS server replies for use in a passive DNS setup.

BugBountyHunting

Search Bug Bounty writeups easily.

DEFCON

The world’s most prominent and well-known computer security conferences.

Frida

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

APKLeaks

Scanning APK file for URIs, endpoints & secrets.

GTFOBins

Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

GTFOArgs

Unix binaries that can be manipulated for argument injection.

LOOBins

Living Off the Orchard: macOS Binaries.

RegStrike

RegStrike is a .reg payload generator.

subjs

Fetches javascript file from a list of URLS or subdomains.

HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser.

Shellcrypt

A QoL tool to obfuscate shellcode.

SubScraper

Perform subdomain enumeration through various techniques and retrieve detailed output.

Sshimpanzee

Reverse shell based on sshd supporting DNS and ICMP tunnelling as well as HTTP and Socks proxies.

SQLiDetector

Helps you to detect SQL injection "Error based" by sending multiple requests.

TLDHunt

Domain availability checker.

Seela

Boost the cybersecurity skills of your teams with the cyber knowledge library.

co2

A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

json-web-tokens

JSON Web Tokens Support for Burp Suite.

403-bypasser

A Burp Suite extension made to automate the process of bypassing 403 pages.

additional-scanner-checks

Collection of scanner checks missing in Burp.

csrf-scanner

CSRF Scanner Extension for Burp Suite Pro.

DNSExfiltrator

Data exfiltration over DNS request covert channel.

archerysec

Automate your application security orchestration and correlation (ASOC).

LaZagne

Credentials recovery project.

cloudsploit

Cloud Security Posture Management (CSPM).

HTTP-revshell

Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware.

toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

SysReptor

Easy and customisable pentest report creator based on simple web technologies.

murphysec

An open source tool focused on software supply chain security.

hcxdumptool

Small tool to capture packets from wlan devices.

JNDI-Injection-Exploit

Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.

morphHTA

Morphing Cobalt Strike's evil.HTA.

repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets.

appmon

Framework for monitoring and tampering system API calls of native macOS, iOS and android apps.

talisman

Validate the outgoing changeset for things that look suspicious such as tokens, passwords and keys.

Pyrit

The famous WPA precomputed cracker.

zarp

Network attack tool.

git-secrets

Prevents you from committing secrets and credentials into git repositories.

enum4linux-ng

A Windows/Samba enumeration tool with additional features like JSON/YAML export.

HardHat C2

A cross-platform, collaborative, Command & Control framework.

SUID3NUM

Standalone script to enumerate SUID binaries, separate default binaries from customs.

adPEAS

Powershell tool to automate Active Directory enumeration.

Fresh Resolvers

List of fresh DNS resolvers updated every 12h.

wgen.io

Generate rich wordlists for targeted attacks online.

web2shell

Automate converting webshells into reverse shells.

postmaniac

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.

deser-node

NodeJS deserialization payload generator.

HTTP-traceroute

HTTP-traceroute in Go.

CSRFT

A lightweight CSRF Toolkit for easy Proof of Concept.

orpheus

Bypass Kerberoast detections with modified KDC options and encryption types.

CypherDog

PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.

DripLoader

Evasive shellcode loader for bypassing injection detection.

Blacklist3r

Identify usage of pre-shared Machine Keys in a application for encryption and decryption.

badsecrets

A library for detecting known secrets across many web frameworks.

Poastal

The Email OSINT tool.

Nishang

Offensive PowerShell for red team, penetration testing and offensive security.

c{api}tal

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

XXElixir

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

The PenTesters Framework

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

unicorn

Simple tool for using a PowerShell downgrade attack and inject shellcode into memory.

Hades

Go shellcode loader that combines multiple evasion techniques.

DorkGPT

Generate Google dorks with AI.

wpfinger

wpfinger is a red-team WordPress scanning tool.

cadaver

Command-line WebDAV client.

google-authenticator-exporter

Get the TOTP secrets exported by Google Authenticator.

HBSQLI

Automated tool for testing header based blind SQL injection.

Nimbo-C2

Yet another (simple and lightweight) C2 framework.

Freeze-rs

Payload toolkit for bypassing EDRs using suspended processes, direct syscalls written.

Hash Muncher

Grab NetNTLMv2 hashes using ETW with administrative rights on Windows.

Gowhois

Whois command implemented by golang with awesome whois servers list.

Evilginx3

Standalone MITM attack framework allowing for the bypass of 2-factor authentication.

API fuzzer

Fuzz request attributes using common pentesting techniques and lists vulnerabilities.

Invoke-ADEnum

Automate Active Directory Enumeration using PowerView.

BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.

nuclei-wordfence-cve

Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.

octosql

CLI tool which lets you query a plethora of databases and file formats.

John Hammond

John Hammond YouTube channel.

Scopein

A Go tool for scope management.

kiterunner

Contextual content discovery tool.

bbrf

Help you coordinate your reconnaissance workflows across multiple devices.

socialhunter

Crawls the website and finds broken social media links that can be hijacked

Awesome-CobaltStrike

List of awesome CobaltStrike resources.

Haylxon

Blazing-fast tool to grab screenshots of your domain list right from terminal.

NetworkChuck

Network Chuck YouTube channel.

Klyda

Highly configurable script for dictionary/spray attacks against online web applications.

Kscan

Kscan is an all-round scanner developed purely in Go, with functions such as port scanning, protocol.

deps.dev

Better understand the structure, construction, and security of open source software packages.

depsdev

CLI client for deps.dev API.

wstunnel

Tunneling over websocket protocol - Static binary available.

RESTler

A stateful fuzzing tool for automatically testing cloud services through their REST APIs.

Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

UDPX

Fast and lightweight UDP scanner that supports the discovery of many services.

gef

A modern experience for GDB with advanced debugging capabilities.

subnerium

A fast passive subdomain enumeration tool that uses various sources to gather data.

The Wordlists

A collection of wordlists for many different usages.

PowerMeta

Searches for publicly available files hosted on various websites for a particular domain.

Pymeta

Search the web for files on a domain to download and extract metadata.

SpiderSuite

Advanced web spider/crawler for cyber security professionals.

CTFd

A Capture The Flag framework focusing on ease of use and customizability.

NanoDump

A flexible tool that creates a minidump of the LSASS process.

hakip2host

Takes a list of IP addresses then does a series of checks to return associated domain names.

hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal.

hakoriginfinder

Discover the origin host behind a reverse proxy, useful for bypassing cloud WAFs!.

haklistgen

Turns any junk text into a usable wordlist for brute-forcing.

The Time Machine

Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.

PowerMayhem

Powershell payload generator In Bash !

s3cXSSer

This extension will help you to detect GET/POST based XSS vulnerability in any website easily.

certmon

A simple certificate expiration monitor script.

MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

haktrails

Golang client for querying SecurityTrails API data.

Crlfi

CRLF bug scanner for WebPentesters and Bugbounty Hunters.

hrekt

A really fast HTTP prober.

SharpSCCM

A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager.

Go365

Go365 performs user enumeration and password guessing attacks on organizations that use Office365.

webpalm

A tool that traverses a website and generates a tree of all the webpages and their links.

SubGPT

Find subdomains with GPT, for free.

qscan

Quick network scanner library.

WhatWaf

Detect and bypass web application firewalls and protection systems.

CeWLeR

Custom word list generator redefined, based on the Scrapy framework.

dontgo403

Tool to bypass 40X response codes.

ReverseKit

A dynamic reverse engineering toolkit.

dorky

Quickly do keyword searches over GitLab and GitHub for OSINT & bug bounty recon.

KeePwn

A python script to help red teamers discover KeePass instances and extract secrets.

PyShell

Multiplatform Python webshell.

svn-extractor

Simple script to extract all web resources by means of .SVN folder exposed over network.

PowerMeUp

A small library of powershell scripts for post exploitation that you may need or use!

GhostTrack

Useful tool to track location or mobile number.

wildcrawl

Crawls URL to get a better image of what is tied to a website.

Kraken

A modular multi-language webshell.

Kubestroyer

Exploit Kubernetes clusters misconfigurations and be the swiss army knife of your pentests.

IAMagic

Advanced AWS access credentials scanner.

swagroutes

Extract and list API routes from Swagger files in YAML/JSON format.

DomLink

Link a domain with registered organisation names and emails, to other domains.

DNSCewl

A DNS bruteforcing wordlist generator.

fastsub

A DNS bruteforcer with multi-threading, and handling of bad resolvers.

subtake

Extension of sublister tool to check for subdomain takeovers.

Brute Hacking Framework

A framework including all the tools that work on Windows.

XSS Hunter

The fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.

SubdomainFinder

Find subdomains by searching public certificate records.

LDAPNomNom

Anonymously bruteforce Active Directory usernames by abusing LDAP Ping requests.

LinkedInDumper

Script that dumps employee data from the LinkedIn social networking platform.

gorgo

The vertasile multi-threaded password sprayer built on the shoulders of giants.

endext

A tool for extracting all the possible endpoints from the JS files.

autowpscan

An automated tool that automatically scanning a list of multiple websites with wordpress at once.

Comperio

OSINT tool to find usernames across 80+ social media and social networking sites.

Unforce

Salesforce lightning recon and exploitation tool.

Nmap-API

Create a Nmap API that can do scans with a good speed online and is easy to deploy.

Mimicry

A dynamic deception tool that actively deceives an attacker.

GPT_Vuln-Analyzer

A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.

QuadraInspect

A comprehensive approach to the vulnerability analysis of Android application.

MalwareBazaar

Malware sample database.

WebScrape

A web scraper to scrape email's and phone numbers from websites.

MalBuzz

It's a handy tool to help you analyze malware.

wmiexec-RegOut

Modify version of impacket wmiexec.py, get output from registry.

impacket

Collection of Python classes for working with network protocols.

nmapAutomater

Automate the process of enumeration & recon that is run every time.

wmiexec-Pro

The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.

lsassy

Python tool to remotely extract credentials on a set of hosts.

SocialPwned

Allows to get the emails from a target published in social networks to find possible credentials.

autopwn

Specify targets and run sets of tools against them.

sshLooterC

It's the C version of sshLooter.

sshLooter

Script to steal passwords from ssh.

ghidra

Software reverse engineering (SRE) framework.

HackerSploit

HackerSploit YouTube channel.

InsiderPhD

InsiderPhD Youtube channel.

Bug Bounty Reports Explained

Bug Bounty Reports Explained channel.

AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

vcsmap

Plugin-based tool to scan public version control systems for sensitive information.

t14m4t

Automated brute-forcing attack tool.

Reverse Shell Generator

A tool to generate various ways to do a reverse shell.

ssh-auditor

The best way to scan for weak ssh passwords on your network.

dnstwist

Domain name permutation engine for detecting several types of attacks.

DNSMORPH

Domain name permutation engine written in Go.

MicroBurst

A collection of scripts for assessing Microsoft Azure security.

PowerUpSQL

A PowerShell toolkit for attacking SQL Server.

ncrack

Open source tool for network authentication cracking.

phpsploit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.

kerberoast

Series of tools for attacking MS Kerberos implementations.

BaRMIe

Enumerating and attacking Java Remote Method Invocation services.

PoshC2

A proxy aware C2 framework used to aid with post-exploitation and lateral movement.

Invoke-PowerThIEf

An Internet Explorer post exploitation library.

R3C0Nizer

The first ever CLI based menu-driven web application B-Tier recon framework.

OSINTui

OSINT from your favorite services in a friendly terminal user interface.

aem-detector

Discover Adobe Experience Manager (AEM) Content Management System (CMS) websites.

Athena OS

Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

trurl

Command line tool for URL parsing and manipulation.

lyncsmash

Locate and attack Lync and Skype for Business.

LAZYPARIAH

Generate reverse shell payloads on the fly.

o365recon

Retrieve information via O365 and AzureAD with valid credentials.

Storm breaker

Social engineering tool, access eebcam & microphone & location finder.

urless

De-clutter a list of URLs.

GD-Thief

Exfiltrate files from a target's Google Drive that you have access to, via Google's API.

jsleak

Find secrets, paths or links in the source code.

dnscat2

Create an encrypted command-and-control (C&C) channel over the DNS protocol.

PyExfil

Set as many exfiltration, techniques that CAN be used to bypass various.

Dismap

Asset discovery and identification tool.

keyhacks.sh

Automation of tokens/api keys testing.

github-endpoints

Find endpoints on GitHub.

github-regexp

Basically a regexp over a GitHub search.

SecretFinder

SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.

JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

NMapify

Quickly and accurately create a visual representation of their Nmap output.

LDAP Password Hunter

Password Hunter in active directory.

ScareCrow

Payload creation framework designed around EDR bypass.

h8mail

Powerful and user-friendly password hunting tool.

sub404

A fast tool to check subdomain takeover vulnerability.

WiFi-Pumpkin

Framework for rogue Wi-Fi access point attack.

mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

Dumpert

LSASS memory dumper using direct system calls and API unhooking.

FindUncommonShares

Quickly find uncommon shares in vast Windows domains.

Invoke-TmpDavFS

Memory Backed Powershell WebDav Server.

Invoke-SocksProxy

Socks proxy, and reverse socks server using powershell.

PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

CarbonCopy

Creates a spoofed certificate of any online website and signs an executable for AV evasion.

DNSTracer

Trace the path of a DNS query.

Invoke-BSOD

For when you want a computer to be done - without admin!.

Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.

Ciphey

Automates decryptions & decodings with encodings, classical ciphers, hashes, or more.

SDBF

Smart DNS Brute Forcer.

SQLMutant

Searches for automated subdomain enumeration and runs SQLi tests.

ScopeHunter

Command-line tool for finding in-scope targets for bug bounty programs.

SSRFPwned

Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

moniorg

Leverage crt.sh website to monitor domains of a target.

DVCA

Damn vulnerable cloud application.

Vampi

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.

DVWS

Vulnerable application with a web service and an API.

AzureGoat

A damn vulnerable Azure infrastructure.

AWSGoat

A damn vulnerable AWS infrastructure.

unix-privesc-check

Shell script to check for simple privilege escalation vectors on Unix systems.

windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

VBad

VBA obfuscation tools combined with an MS Office document generator .

dumpcreds

May be used to extract various credentials from running processes.

PowerSploit

A PowerShell Post-Exploitation Framework.

SMBeagle

Fileshare auditing tool.

WMEye

Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

NTLMRecon

Enumerate information from NTLM authentication enabled web endpoints.

MSDAT

Microsoft SQL database attacking tool.

SMBetray

Attack clients through file content swapping and compromise any data passed in cleartext.

FakeImageExploiter

Use a Fake image.jpg to exploit targets (hide known file extensions).

radare2

UNIX-like reverse engineering framework and command-line toolset.

FiercePhish

Full-fledged phishing framework to manage all phishing engagements.

Microsploit

Quickly and easily create backdoor Office exploitation using module Metasploit packet.

Vegile

Post exploitation tool to maintain some level of acces.

litefuzz

A multi-platform fuzzer for poking at userland binaries and servers.

securityonion

Free and open platform for threat hunting, enterprise security monitoring, and log management.

RedHunt-OS

Virtual machine for adversary emulation and threat hunting.

EAPHammer

Targeted attacks against WPA2-Enterprise networks, wireless pivots using hostile portal attacks.

katoolin3

Get your favourite Kali Linux tools on Debian/Ubuntu/Linux Mint.

Phishery

An SSL enabled basic auth credential harvester with a Word document template URL injector.

CDN Proxy

Create a copy of a targeted website with CDN and WAF restrictions disabled.

catphish

Generate similar-looking domains for phishing attacks.

WinPwnage

UAC bypass, Elevate, Persistence methods.

GCPBucketBrute

Enumerate Google Storage buckets, check the access and if they can be privilege escalated.

jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

CDK

Make security testing of K8s, Docker, and Containerd easier.

Quickjack

Point-and-click tool for producing advanced clickjacking and frame-slicing attacks.

upload_bypass

File upload restrictions bypass by using different techniques!

PipeViewer

A tool that shows detailed information about named pipes in Windows.

Kali Linux

The most advanced penetration testing distribution.

nbtscan

Scan networks searching for NetBIOS information.

Unicornscan

An asynchronous TCP and UDP port scanner.

ike-scan

Discover and fingerprint IKE hosts.

amap

Identify applications even if they are running on a different port than normal.

Grendel-Scan

A tool for automated security scanning of web applications.

Dradis

Collaboration and reporting for infosec teams made simple.

KisMac

A free, open source wireless stumbling and security tool for Mac OS X.

ratproxy

A semi-automated largely passive web application security audit tool.

Samurai WTF

The best security training environment for developers and AppSec professionals.

Sguil

The analyst console for network security monitoring.

Tamper Data

View and modify HTTP requests before they are sent.

Tamper Dev

Allows you to intercept and edit HTTP/HTTPS requests and responses.

NetworkMiner

Network forensic analysis tool for Windows.

wikto

Nikto for Windows with some extra features.

p0f

Identify the operating system of a target host simply by examining captured packets.

WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

nipper-ng

Network infrastructure configuration parser.

Invicti

Web Application Security For Enterprise.

sslstrip

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

Splunk

The unified security and observability platform.

NetWitness

Rapidly detect and respond to any threat, anywhere. See Everything. Fear Nothing.

Nagios

The industry standard in IT infrastructure monitoring.

hunter.how

Internet search engines for security researchers.

Spy Extension

This Chrome extension will read literally everything it can.

favirecon

Use favicon.ico to improve your target recon phase.

Striker

Offensive information and vulnerability scanner.

sqlmate

A friend of SQLmap which will do what you always expected from SQLmap.

Kwetza

Infect an existing Android application with a Meterpreter payload.

ADRecon

Gather information about the Active Directory and generates a report.

AWSloot

Pull secrets from an AWS environment.

UserEnum

Domain user enumeration tool.

reDuh

Create a TCP circuit through validly formed HTTP requests.

reGeorg

Pwn a bastion webserver and create SOCKS proxies through the DMZ.

Graphicator

Enumerate and extract GraphQL APIs.

celerystalk

An asynchronous enumeration & vulnerability scanner.

Wordsmith

Assist with creating tailored wordlists, mostly based on geolocation.

SimplyEmail

Email recon made fast and easy, with a framework to build on.

Rock-ON

All in one recon tool that just get a single domain name and do all of the work alone.

RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

web-hacking-toolkit

A web hacking toolkit.

smbmap

A handy SMB enumeration tool.

weevely3

Weaponized web shell.

pypykatz

Mimikatz implementation in pure Python.

BetterBackdoor

A backdoor with a multitude of features.

SUDO_KILLER

A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

AzureADLateralMovement

Lateral movement graph for Azure Active Directory.

smb-scanner

Samba scanning tool.

PhoneInfoga

Information gathering framework for phone numbers.

Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

ikeforce

Command line IPSEC VPN brute forcing tool for Linux.

KeyTabExtract

Extracts Key Values from .keytab files.

linuxprivchecker

A Linux privilege escalation check script.

Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

RidRelay

Enumerate usernames on a domain where you have no creds by using SMB relay.

jackdaw

Gather gather gather.

Domain Hunter

Checks expired domains to determine good candidates for phishing and C2 domain names.

CertStealer

A .NET tool for exporting and importing certificates without touching disk.

FastFuzz Chrome Extension

Site fast fuzzing with chorme extension.

Nosql-Exploitation-Framework

A Python Framework For NoSQL Scanning and Exploitation.

Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

TrevorC2

A legitimate website that tunnels client/server communications for covert command execution.

RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Gorsair

Gives root access on remote docker containers that expose their APIs.

SniffAir

A framework for wireless pentesting.

Firefly

Black box fuzzer for web applications.

scanless

Online port scan scraper.

Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

airgeddon

This is a multi-use bash script for Linux systems to audit wireless networks.

APTRS

Automated penetration testing reporting system.

Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

PyCript

Bypass client-side encryption using custom logic for testing with Python and NodeJS.

Vulmap

Online local vulnerability scanners project.

Skanuvaty

Dangerously fast DNS/network/port scanner.

Metabigor

Intelligence tool to do OSINT tasks and more but without any API key.

enum4Linux

Enumerate data from Windows and Samba hosts.

GitHarvester

Tool used for harvesting information from GitHub.

certSniff

A certificate transparency log keyword sniffer written in Python.

WiFi Exploitation Framework

WiFi exploitation framework.

Bypass URL Parser

Tool that tests MANY url bypasses to reach a 40X protected page.

ShadowSpray

Spray shadow credentials across an entire domain.

autoSSRF

Smart context-based SSRF vulnerability scanner.

SpoolSploit

Collection of Windows print spooler exploits and other utilities for practical exploitation.

CMSeek

CMS Detection and Exploitation suite that supports over 180 other CMSs.

wifiphisher

The rogue access point framework.

gateway-finder

Identify routers on the local LAN and paths to the Internet.

gateway-finder-imp

Identify routers on the local LAN and paths to the Internet.

undetected-chromedriver

Optimized Selenium Chromedriver patch which does not trigger anti-bot services.

gitleaks

Protect and discover secrets using Gitleaks.

afrog

A vulnerability scanning tools for penetration testing.

PayGen

Tool to generate stable undetected payload.

mitmAP

A python program to create a fake AP and sniff data.

RDP Scraper

Enumerates users based off RDP Screenshots.

brutespray

Automatically attempts default creds on found services based on Nmap output.

ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

ShellPop

Pop shells like a master.

yersinia

A framework for layer 2 attacks.

Fiddler Everywhere

Web debugging proxy for MacOS, Windows, and Linux.

l0phtcrack

Crack Windows passwords from hashes.

mimikatz

A little tool to play with Windows security.

Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

SSTImap

Automatic SSTI detection tool with interactive interface.

Shodan

Search engine for Internet-connected devices.

Netlas.io

Netlas.io is the network atlas of Internet. IP, DNS, Web, IoT devices, and etc.

dBmonster

A multitool for tracking and locating nearby devices via their RF activities.

AORT

All in one recon tool for bug bounty.

infoooze

User-friendly OSINT tool that allows you to quickly and easily gather informations.

LanGuard

Patch management, vulnerability scanning, and network auditing.

Ophcrack

Windows password cracker based on rainbow tables.

Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

dsniff

Collection of tools for network auditing and penetration testing.

Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

WebScarab

Framework for analysing applications that communicate using the HTTP and HTTPS protocols.

Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

Ettercap

Free and open source network security tool for man-in-the-middle attacks on a LAN.

Kismet

Remote capture for all capture types over TCP sockets or websockets.

Cain and Abel

Password recovery tool for Microsoft Operating Systems.

Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

TryHackMe

Hands-on cyber security training through real-world scenarios.

DVWA

Damn Vulnerable Web Application.

Hack The Box

Massive hacking playground, and infosec community.

OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat

Deliberately insecure application.

bWAPP

An extremely buggy web application!.

PortSwigger WebSecurity Academy

Free, online web security training from the creators of Burp Suite.

OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool.

GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

Ronin

A free and open source Ruby toolkit for security research and development.

RadareEye

Scan nearby devices and execute command when the target device comes in between range.

Vuls

Agent-less vulnerability scanner.

Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

Offensive-Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.

Scapy

Powerful and interactive packet manipulation program and library.

Hawk

Network, recon and offensive-security tool for Linux.

Onex

Hacking tools installer and package manager for hackers.

drek

A static-code-analysis tool for performing security-focused code reviews.

s3recon

Amazon S3 bucket finder and crawler.

bucket_finder

DigiNinja's bucket_finder utility.

detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

PwnFox

A Firefox/Burp Suite extension that provide usefull tools for your security audit.

autochrome

A shiny new copy of Chromium that will bring colors in your hunt.

Mosca

Manual search tool to find bugs like a grep unix command.

dnstwist_

A tool to monitor for potential spear phishing domains and send to Slack.

hardCIDR

Discover the netblocks or ranges (in CIDR notation) owned by the target organization.

CloudFrunt

A tool for identifying misconfigured CloudFront domains.

CloudJack

Route53/CloudFront Vulnerability assessment utility.

CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

Legitify

Detect misconfigurations and security risks across GitHub and GitLab assets.

Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

WifiPass

A simple wireless networks penetration testing toolkit.

Up HTTP Server

Simple HTTP listener for security testing.

Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

Apidor

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

mssqlproxy

Perform lateral movement in restricted environments through a compromised MSSQL Server.

jok3r

Network and Web Pentest Automation Framework.

DirBuster

Multi threaded application to brute force directories and files names on web/application servers.

Highlighter and Extractor

Collect, categorize and highlight requests and/or responses according to their content.

Canvas

Assessment tool that allows penetration testing and hostile attack simulations.

LiveTargetsFinder

Generates lists of live hosts and URLs.

xssor2

Hack with JavaScript.

ScoutSuite

Multi-cloud security auditing tool.

Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer.

Legion

Aids in discovery, reconnaissance and exploitation of information systems.

windows-kernel-exploits

A list of Windows kernel exploits.

Linux Exploit Suggester

Based on operating system release number.

bbscope

Scope gathering tool for multiple Bug Bounty platforms.

go-dork

The fastest dork scanner written in Go.

fprobe

Take a list of domains/subdomains and probe for working http/https server.

AdvancedKeyHacks

API key/token exploitation made easy.

Subra

A Web-UI for subdomain enumeration.

crackerjack

Hashcat Web Interface.

LeakLooker-X

Discover, browse and monitor database/source code leaks.

IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

CyberChef

A web app for encryption, encoding, compression and data analysis.

WES-NG

Windows Exploit Suggester - Next Generation.

Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

WinPwn

Automation for internal Windows pentest / AD-Security.

SharpImpersonation

A User Impersonation tool - via Token or Shellcode injection.

ADRT

Active Directory Report Tool.

s3reverse

The format of various S3 buckets is convert in one format.

Rekono

Execute full pentesting processes combining multiple hacking tools automatically.

Nessus database export

Export Nessus results to a relational database for use in reports, analysis, or whatever else.

grep.app

Searches code from over a half million public repositories on GitHub.

Sourcegraph

Search millions of open source repositories.

DroneSploit

Drone pentesting framework console.

Print-My-Shell

Automate the process of generating various reverse shells.

Async DNS Brute

DNS asynchronous brute force utility.

FridaAndroidTracer

Android application tracer powered by Frida.

Firebase-Extractor

A tool written in python for scraping firebase data.

Runtime Mobile Security

A powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.

padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

SweetPotato

A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.

gwdomains

Sub domain wild card filtering tool.

pown.js

Security testing and exploitation toolkit.

lk_scraper

A fully configurable LinkedIn scraper: scrape anything within LinkedIn.

LazyHunter

A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.

eLdap-Ldap-Search-and-Filter

A tool that helps users searching and filtering queries in Ldap environment.

PCredz

This tool extracts secrets from a pcap file or from a live interface.

qsinject

Allows you to quickly substitute query string values with regex matches, one-at-a-time.

burp-exporter

Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.

default-http-login-hunter

haktldextract

Extract domains/subdomains from URLs en masse.

MagicRecon

A powerful shell script to maximize the recon and data collection process.

exfilkit

Data exfiltration utility for testing detection capabilities.

SonarSearch

A rapid API for the project Sonar dataset.

vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

eos

Enemies Of Symfony - debug mode Symfony looter.

Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

APKEnum

Passive enumeration utility For Android applications.

Nozaki

HTTP fuzzer engine security oriented.

pivotnacci

A tool to make socks connections through HTTP agents.

wifipumpkin3

Powerful framework for rogue access point attack.

LiveOverflow

LiveOverflow YouTube channel.

The XSS rat

The XSS rat YouTube channel.

SharpHose

Asynchronous password spraying tool for Windows environments.

Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

Transformations

Understand how input is transformed on a system, which can help to craft payloads.

differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

Slack Watchman

Monitoring your Slack workspaces for sensitive informations.

NSDetect

Utility to detect AWS NS Takeover.

nmap-query-xml

A simple program to query nmap XML files in the terminal.

Yet Another Sniffer

A network analyzer that make easy to extract informations about network traffic.

GrayhatWarfare

Search for buckets and URL shorteners.

ATOR

Authentication Token Obtain and Replace Extender.

apkurlgrep

Extract endpoints from APK files.

open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

rate-limit-checker

Check whether the domain has a rate limit enabled.

Words Scraper

Selenium based web scraper to generate passwords list.

Wayback Machine

Explore more than 778 billion web pages saved over time.

Certificate Search

Get informations about SSL certificates.

SecurityTrails

Data for Security companies, researchers and teams.

PortBender

A TCP port redirection utility that allows inbound traffic redirection.

AllAboutBugBounty

Bug Bounty notes gathered from various sources.

DotGit

An extension for checking if .git is exposed in visited websites.

windapsearch

Enumerate users, groups and computers from a Windows domain through LDAP queries.

Demiguise

HTA encryption tool for Red Teams.

Covenant

Collaborative C2 framework for red teamers.

EDD

Ultimate domain enumeration tool.

Rubeus

Rubeus is a toolkit for Kerberos interaction and abuses.

WeirdAAL

AWS Attack Library.

safecopy

Burp Extension for copying requests safely.

localdataHog

String-based secret-searching tool, high entropy and regexes.

linWinPwn

Automates a number of Active Directory enumeration and vulnerability.

malicious-pdf

Generates a bunch of malicious pdf files with phone-home functionality.

Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

git-wild-hunt

A tool to hunt for credentials in GitHub wild AKA git*hunt.

cstc

Burp Suite extension that allows request/response modification using a GUI.

Shotlooter

Find sensitive data inside the screenshots uploaded to prnt.sc.

websy

Keep an eye on your targets to get quickly notified for any change they push on their server.

JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

userefuzz

User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.

rush

A cross-platform command-line tool for executing jobs in parallel.

Interlace

Turn single threaded command line applications into a fast, multi-threaded application.

DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

GoAltdns

A permutation generation tool written in golang.

CertCrunchy

Uses data from SSL Certificates to find potential host names.

AutoSploit

Automated Mass Exploiter.

Fluxion

Fluxion is the future of MITM WPA attacks.

GSAN

Extract subdomains from SSL certificates in HTTPS sites.

TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

Cr3dOv3r

Know the dangers of credential reuse attacks.

Request Highlighter

Burp Suite extension that automatically highlights different HTTP requests.

pyBuster

A multi-target URL bruteforcer.

Hamburglar

Collect useful information from urls, directories, and files.

airbash

Fully automated WPA PSK PMKID and handshake capture script.

Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

PEASS-ng

Privilege Escalation Awesome Scripts SUITE.

RsaCtfTool

RSA multi-attacks tool: uncypher data from a weak public key and try to recover a private key.

Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

Keyfinder

Find and analyze private/public key files and Android APK files.

BeRoot

Multiplaform privilege escalation project.

dirhunt

Find web directories without bruteforce.

Photon

Incredibly fast crawler designed for OSINT.

cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

curate

A tool for fetching archived URLs.

BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Sniff-Paste

Pastebin OSINT harvester.

ScreenShooter

Convert your masscan/subdomain-scan results into screenshots for better analysis.

barq

The AWS Cloud Post Exploitation framework!

domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

evil SSDP

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.

Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

h1-search

Request the public disclosures on a specific HackerOne program.

Dangerous Methods

A Burp Suite extension for finding the use of potentially dangerous methods/functions.

RouterSploit

Exploitation framework for embedded devices.

msldap

LDAP library for auditing Microsoft Active Directory.

ssh-audit

SSH server auditing: banner, key exchange, encryption, compatibility, security...

TLD Scanner

Scan all possible TLD's for a given domain name.

House

A runtime mobile application analysis toolkit with a Web GUI.

ADAPE Script

Active Directory assessment and privilege escalation script.

LinEnum

Scripted Local Linux Enumeration & Privilege Escalation Checks.

IDontSpeakSSL

Simple tool to scan large scope and provide SSL/TLS vulnerabilities.

Yoga

Your OSINT Graphical Analyzer.

Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

leakScraper

Set of tools to process and visualize huge text files containing credentials.

JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

archaeologit

Scans the history of GitHub repositories to find sensitive things.

WhatsMyName

Enumerate usernames across many websites.

Namechk

Check usernames on more than 100 websites, forums and social networks.

Hash Buster

Crack hashes in seconds.

GyoiThon

Growing penetration test tool using Machine Learning.

Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

OWASP

A nonprofit foundation that works to improve the security of software.

FireShodanMap

Realtime map that integrates Firebase, Google Maps and Shodan.

CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Injectify

Perform advanced MiTM attacks on websites with ease.

PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

GitFive

An OSINT tool to investigate GitHub profiles.

ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

Scout

Discover a web server's undisclosed files, directories and VHOSTs.

Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

Fingerprinter

CMS/LMS/Library etc Versions Fingerprinter.

Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

0d1n

Tool for automating customized attacks against web applications.

ExifTool

ExifTool meta information reader/writer.

SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

SMBploit

Offensive tool to scan & exploit vulnerabilities in Windows over SMB using Metasploit.

SiteBroker

Utility for information gathering and penetration testing automation.

AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

FOCA

Tool to find metadata and hidden information in the documents.

Maigret

Collect a dossier on a person by username from thousands of sites.

Have i been pwned?

Check if your email or phone is in a data breach.

OpenVAS

This repository contains the scanner component for Greenbone Community Edition.

RevShells

Hosted Reverse Shell generator with a ton of functionality.

ADReaper

Enumerate an Active Directory environment with LDAP queries.

ADenum

Find misconfiguration through LDAP to exploit weaknesses with Kerberos.

SubDomainizer

A tool to find subdomains and interesting things hidden inside.

ASNLookup

Leverage ASN to look up IP addresses owned by a specific organization.

espionage

Collects informations related to domains whois, history, dns records and more.

AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

Smogcloud

Find cloud assets that no one wants exposed.

Pacu

The exploitation framework designed for testing the security of AWS environments.

findsecuritycontacts.com

Scans the top 500 sites daily for their security.txt file or DNS records.

DefaultPassword

Default passwords database sorted by manufacturers.

Bugcrowd VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities.

Hacker101

A free class for web security.

GraphQL Threat Matrix

Threat framework to research security gaps in GraphQL implementations.

Exploitalert

Exploits found on the INTERNET.

ctf-tools

Some setup scripts for security research tools.

The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Spoofy

Checks if a list of domains can be spoofed based on SPF and DMARC records.

SqlmapDnsCollaborator

Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.

bypasswaf

Add headers to all Burp requests to bypass some WAF products.

AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

SprayCannon

Fast multithreaded password spraying tool with backend database.

burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Auth Analyzer

The Burp extension helps you to find authorization bugs.

AuthMatrix

Provides a simple way to test authorization in web applications and web services.

OpenAPI

Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.

Simple Basic Malware Scanner

Simple Malware Scanner based on file hash scan.

STÖK Fredrik

STÖK Fredrik YouTube channel.

NahamSec

NahamSec Twitch channel.

BugBountyHunter

Helping you become a BugBountyHunter.

PentesterLab

Learn Web Penetration Testing: The Right Way.

Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

mitmproxy

An interactive TLS-capable intercepting HTTP proxy.

Hackingtool

ALL IN ONE Hacking Tool For Hackers.

Burp Extender API

Burp Extender API.

Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

sqlipy

Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Stepper

A natural evolution of Burp Suite's Repeater tool.

JWT4B

JWT Support for Burp Suite.

Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

Replicator

Burp Suite extension to help developers replicate findings from pentests.

scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Distribute Damage

Evenly distributes scanner load across targets.

J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

Collaborator Everywhere

Burp Suite extension which injects non-invasive headers to reveal backend systems.

HTTP Request Smuggler

Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.

Hackability

Probe a rendering engine for vulnerabilities and other features.

PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

UploadScanner

HTTP file upload scanner for Burp Proxy.

Autowasp

A one-stop pentesting checklist and logger tool.

OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security.

IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

Shelling

A comprehensive OS command injection payload generator.

authz

Burp Suite plugin to test for authorization flaws.

SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

BurpBeautifier

Burpsuite extension for beautifying request/response body.

Logger++

Log activities of all the tools in Burp Suite.

WSDL Wizard

Burp Suite plugin to detect current and discover new WSDL files.

JSONBeautifier

JSON Beautifier for Burp written in Java.

Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

AutoRepeater

Automated HTTP request repeating with Burp Suite.

Flow

Provides view with filtering capabilities for all requests from all Burp Suite tools.

ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

OneForAll

A powerful subdomain integration tool.

EMBA

The security analyzer for firmware of embedded devices.

csprecon

Discover new target domains using Content Security Policy.

XFFenum

X-Forwarded-For [403 forbidden] enumeration.

bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

bountyplz

Automated security reporting from markdown templates.

JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

SearchSploit

Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.

Findsploit

Find exploits in local and online databases instantly.

flan

A pretty sweet vulnerability scanner.

getsploit

Command line utility for searching and downloading exploits.

Arachni

Web Application Security Scanner Framework.

takeover

A tool for testing subdomain takeover possibilities at a mass scale.

Second Order

Second-order subdomain takeover scanner.

HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

subHijack

Hijacking forgotten & misconfigured subdomains.

cnames

Take a list of resolved subdomains and output any corresponding CNAMES en masse.

Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

autoSubTakeover

A tool used to check if a CNAME resolves to the scope address.

SubOver

A Powerful Subdomain Takeover Tool.

postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack).

PostMessage_Fuzz_Tool

A PostMessage fuzzing extension for Chrome.

S3Scanner

Scan for open S3 buckets and dump the contents.

AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

S3Viewer

Publicly open storage viewer.

FestIN

The powered S3 bucket finder and content discover.

mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

2tearsinabucket

Enumerate s3 buckets for a specific target.

S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

s3tk

A security toolkit for Amazon S3.

CloudBrute

Awesome cloud enumerator.

s3cario

Performs buckets checks from a given list of subdomains.

S3Cruze

All-in-one AWS S3 bucket tool.

Sandcastle

A Python script for AWS S3 bucket enumeration.

WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.

WPRecon

Tool for the recognition of vulnerabilities and blackbox information for Wordpress.

pyfiscan

Free web-application vulnerability and version scanner.

JWT cracker

JWT brute force cracker written in C.

jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

jwtear

Modular command-line tool to parse, create and manipulate JWT tokens.

JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

jwt-hack

JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.

Faraday security

Open source sulnerability management and orchestration platform.

Prowler

Open Source Security tool to perform Cloud Security best practices

git-vuln-finder

Find potential software vulnerabilities from git commit messages.

Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

changeme

A default credential scanner.

BruteX

Automatically brute force all services running on a target.

git-all-secrets

Capture all the git secrets by leveraging multiple open source git searching tools.

GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

Gitrob

Reconnaissance tool for GitHub organizations.

GitMiner

Tool for advanced mining for content on Github.

Rusty Hog

A suite of secret scanners built in Rust for performance.

Whispers

Identify hardcoded secrets in static structured text.

Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

dufflebag

Search exposed EBS volumes for secrets.

secret-bridge

Monitors Github for leaked secrets.

GitTools

A repository with 3 tools for pwn'ing websites with .git repositories available.

gitjacker

Leak git repositories from misconfigured websites.

GitHunter

A tool for searching a Git repository for interesting content.

dvcs-ripper

Rip web accessible version control systems: svn, git...

lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

MSDorkDump

Google Dork File Finder.

MSDNSScan

Identify DNS records, check for zone transfers and conduct subdomain enumeration.

Oh365UserFinder

O365 user enumeration and password spraying tool.

xxeserv

A mini webserver with FTP support for XXE payloads.

vaya-ciego-nen

Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

DOM based XSS finder

Chrome extension that finds DOM based XSS vulnerabilities.

xss2png

PNG IDAT chunks XSS payload generator.

XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

Shadow Workers

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

rexsser

Burp Suite plugin that extracts keywords from response using and test for reflected XSS.

Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

XSS'OR

Hack with JavaScript.

xsscrapy

Fast, thorough, XSS/SQLi spider.

Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

XSS Hunter Express

The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.

XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

Tracy

Assists with finding all sinks and sources of a webapp and display the results in a nice way.

xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

JSShell

An interactive multi-user web JS shell.

bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

DOMDig

DOM XSS scanner for Single Page Applications.

Femida

Automated blind-xss search for Burp Suite.

DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

XSSMap

Detect XSS vulnerability in Web Applications.

XSSCon

Simple XSS Scanner tool.

BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

See-SURF

Detect Vulnerable SSRF parameters.

metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

oxml_xxe

Embeds XXE/XML exploits into different filetypes.

XXEinjector

Exploitation of XXE vulnerability using direct and different out of band methods.

XXExploiter

Tool to help exploit XXE vulnerabilities.

XXE-FTP

A mini webserver with FTP support for XXE payloads.

docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

LFI-Enum

Scripts to execute enumeration via LFI

NoSQL Injector

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

SQLiv

Massive SQL injection vulnerability scanner.

andor

Blind SQL Injection Tool with Golang.

SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

waybackSqliScanner

Gather urls from wayback machine and test each GET parameter for SQL injection.

SQLi-Hunter

Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.

sentrySSRF

Searching for Sentry config on page or in Javascript files and check blind SSRF.

grafana-ssrf

Authenticated SSRF in Grafana.

SSRF Detector

Server-side request forgery detector.

gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

SSRF Sheriff

A simple SSRF-testing sheriff written in Go.

httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

SSRFire

An automated SSRF finder. Just give the domain name and your server and chill!

Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

SSRFmap

Automatic SSRF fuzzer and exploitation tool.

graphql-path-enum

Lists the different ways of reaching a given type in a GraphQL schema.

h2cSmuggler

HTTP Request Smuggling over HTTP/2 Cleartext.

Smuggler

An HTTP Request Smuggling / Desync testing tool.

Race The Web

Tests for race conditions in web applications.

Turbo Intruder

Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Requests-Racer

Exploit race conditions in web apps with Requests.

RacePWN

Race Condition framework.

dom-red

Small script to check a list of domains against open redirect vulnerability.

Oralyzer

Open Redirection Analyzer.

Autorize

Automatic authorization enforcement detection extension for Burp Suite.

PHPGGC

PHP unserialize() payloads along with a tool to generate them.

ysoserial.net

Deserialization payload generator for a variety of .NET formatters.

GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

ysoserial

Generates payloads that exploit unsafe Java object deserialization.

headi

Customisable and automated HTTP header injection.

clairvoyance

Obtain GraphQL API Schema even if the introspection is not enabled.

GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

ShapeShifter

GraphQL security testing tool.

GraphQLmap

Scripting engine to interact with a graphql endpoint for pentesting purposes.

InQL

Burp Extension for GraphQL Security Testing.

LFI Suite

Totally Automatic LFI Exploiter and Scanner.

Liffy

Local file inclusion exploitation tool.

ScrapeIn

Harvest employee email addresses from a specific company through LinkedIn.

BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

param-miner

Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.

BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

DirSearch

A Go implementation of dirsearch.

ScanCannon

Combines the speed of masscan with the reliability and detailed enumeration of nmap.

sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

DotDotPwn

The Directory Traversal Fuzzer.

XSRFProbe

The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.

Injectus

CRLF and open redirect fuzzer.

CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFsuite

The most powerful CRLF injection scanner.

CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CORStest

A simple CORS misconfiguration scanner.

Corsy

CORS Misconfiguration Scanner.

vaf

Cross-platform very advanced and fast web fuzzer written in nim.

Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

ParamPamPam

This tool for brute discover GET and POST parameters.

parameth

Brute discover GET and POST parameters.

linx

Reveals invisible links within JavaScript files.

getJS

A tool to fastly get all javascript sources/files.

urlgrab

A golang utility to spider through a website searching for additional links.

GoLinkFinder

A fast and minimal JS endpoint extractor.

JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

crawley

The unix-way web crawler.

Dirstalk

Multi threaded application designed to brute force paths on web servers.

Filebuster

An extremely fast and flexible web fuzzer.

RecurseBuster

Rapid content discovery tool for recursively querying webservers.

fingerprintx

Standalone utility for service discovery on open ports!

Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

webanalyze

Uncovers technologies used on websites to automate mass scanning.

Wappalyzer

Identify technologies on websites.

httpscreenshot

Grabs screenshots and HTML of large numbers of websites.

Depix

Recovers passwords from pixelized screenshots.

Scrying

Collects RDP, web and VNC screenshots all in one place.

Eyeballer

Convolutional neural network for analyzing pentest screenshots.

WitnessMe

Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.

Screenshoteer

Makes web screenshots and mobile emulations from the command line.

GHunt

Offensive Google framework.

GoCloud

Checks whether a domain is hosted on a cloud service.

GAP

A Burp Suite extension to find potential endpoints and parameters.

Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

Scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.

crtndtry

Yet another subdomain finder.

brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

Substr3am

Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.

As3nt

Another Subdomain ENumeration Tool.

TugaRecon

Subdomains enumeration tool for penetration testers.

Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Turbolist3r

Subdomain enumeration tool with analysis features for discovered domains.

Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

domained

Multi Tool Subdomain Enumeration.

DNSRecon

DNS Enumeration Script.

RainbowCrack

It crack hashes with rainbow tables.

Maryam

Open-source Intelligence Framework.

jSQL Injection

Java application for automatic SQL database injection.

dnsenum

Enumerates DNS information of a domain and to discover non-contiguous ip blocks.

wafw00f

Identify and fingerprint Web Application Firewall products protecting a website.

SSLyze

Fast and powerful SSL/TLS scanning library.

sslscan

Tests SSL/TLS enabled services to discover supported cipher suites.

The Social-Engineer Toolkit

Open-source penetration testing framework designed for social engineering.

Fierce

A DNS reconnaissance tool for locating non-contiguous IP space.

skipfish

Active web application security reconnaissance tool.

Wireshark

Network sniffer that captures and analyzes packets off the wire.

CeWL

Custom Word List Generator.

Sherlock

Hunt down social media accounts by username across social networks.

aircrack-ng

Complete suite of tools to assess WiFi network security.

wifite

Runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

Maltego

Open source intelligence and forensics application.

bettercap

The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

crunch

Wordlist generator where you can specify a character set or any set of characters to be used.

steghide

Steganography program that hides secrets in the least significant bits of a file.

fcrackzip

Zip password cracker.

Recon-ng

OSINT tool aimed at reducing the time spent harvesting information from open sources.

Metagoofil

Search Google and download specific file types.

Reaver

Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.

cero

Scrape domain names from SSL certificates of arbitrary hosts.

CloudScraper

Tool to enumerate targets in search of cloud resources.

FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

http-request-smuggling

HTTP Request Smuggling Detection Tool.

FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

kxss

Adaption of tomnomnom's kxss tool with a different output format.

OpenRedireX

A Fuzzer for OpenRedirect issues.

uro

Declutters url lists for crawling/pentesting.

fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

Crawlergo

A powerful browser crawler for web vulnerability scanners

DataExtractor

A Burp Suite extension to extract data from source code while browsing.

graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

sns

IIS shortname scanner written in Go.

Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

SecretMagpie

Secret Detection Tool.

gowitness

A golang, web screenshot utility using Chrome Headless.

4-ZERO-3

403/401 Bypass Methods.

smap

A drop-in replacement for Nmap powered by shodan.io.

Arjun

HTTP parameter discovery suite.

gospider

Fast web spider written in Go.

DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Nmap

The network mapper.

VHostScan

Virtual host scanner that performs reverse lookups.

RustScan

The Modern Port Scanner. Fast, smart, effective.

Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

GET-ACQ

Gather all companies acquired by a given company domain name.

mksub

Generate tens of thousands of subdomain combinations in a matter of seconds.

BFAC

Check for backup artifacts that may disclose the web-application's source code.

qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value.

ParamSpider

Mining parameters from dark corners of Web Archives.

gf

A wrapper around grep to avoid typing common patterns.

cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

Metasploit

The world’s most used penetration testing framework.

Th3inspector

All in one tool for Information Gathering.

theHarvester

E-mails, subdomains and names Harvester.

Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

w3af

Web Application Attack and Audit Framework.

Gobuster

Directory/File, DNS and VHost busting tool written in Go.

John The Ripper

Password cracker tool.

Hydra

Very fast password cracking tool.

Patator

Multi-purpose brute-forcer, with a modular design and a flexible usage.

puredns

Puredns is a fast domain resolver & subdomain bruteforcing tool.

github-subdomains

Find subdomains on GitHub.

Hashcat

World's fastest and most advanced password recovery utility

Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

spaces-finder

A tool to hunt for publicly accessible DigitalOcean Spaces.

tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

gotator

Generates DNS wordlists through permutations.

Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

JWT Tool

A toolkit for testing, tweaking and cracking JSON Web Tokens.

Osmedeus

A Workflow Engine for Offensive Security

Waymore

Find way more from the Wayback Machine!

Knoxnl

This is a python wrapper around the amazing KNOXSS.

Jaeles

The Swiss Army knife for automated Web Application Testing

xnLinkFinder

A python tool used to discover endpoints and potential parameters for a given target.

SQLninja

Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.

NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

SSRFTest

SSRF testing tool.

SpiderFoot

Automates OSINT for threat intelligence and mapping your attack surface.

Nikto

Nikto web server scanner.

Wapiti

The web-application vulnerability scanner.

recollapse

Helper tool for black-box regex fuzzing to bypass validations.

Cloudfox

Automating situational awareness for cloud penetration tests.

X8

Hidden parameters discovery suite.

ReconNess

Continuous recon and pipeline tools setup.

sqlmap

Automatic SQL injection and database takeover tool.

Sn1per

Attack Surface Management Platform.

qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

gitpillage

Extract data from a .git directory.

favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

graphql-introspection-analyzer

Graphql introspection query analyzer.

extract-endpoints

Extract endpoints from source files.

s3-buckets-finder

Find AWS S3 buckets and test their permissions.

Altdns

Generates permutations, alterations and mutations of subdomains and then resolves them.

Sublert

Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

dnscan

Python wordlist-based DNS subdomain scanner.

Dirb

Web Fuzzer.

WhatWeb

Next generation web scanner.

Wfuzz

Web application fuzzer.

dnsgen

Generates combination of domain names from the provided input.

Masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

commit-stream

OSINT tool for finding Github repositories by extracting commit logs in real time.

shhgit

Secrets detection for your GitHub, GitLab and Bitbucket repositories.

gitGraber

Monitor GitHub to search and find sensitive data in real time.

Subjack

Subdomain Takeover tool written in Go.

EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

Zed Attack Proxy

The world's most widely used web app scanner.

httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

unfurl

An Entropy-Based Link Vulnerability Tool.

webscreenshot

A simple script to screenshot a list of websites.

Virtual host scanner

A script to enumerate virtual hosts on a server.

Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

JSParser

Python script to parse relative URLs from JavaScript files.

gau

Fetch known URLs from several sources.

meg

Fetch many paths for many hosts, without killing the hosts.

Findomain

The complete solution for domain recognition.

KNOXSS

Online XSS tool with demonstration of vulnerability.

subzuf

A smart DNS response-guided subdomain fuzzer.

GRecon

Run a Google based passive recon against your scope.

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

DumpsterDiver

Tool to search secrets in various filetypes.

csp-analyzer

Analyze Content-Security-Policy header of a given URL.

Commix

Automated All-in-One OS Command Injection Exploitation Tool.

detectify-cves

Find CVEs that don't have a Detectify modules.

xray

Security assessment tool that supports common web security issue scanning and custom PoC.

dsieve

Filter and enrich a list of subdomains by level.

regulator

Automated learning of regexes for DNS discovery.

gitlab-subdomains

Find subdomains on GitLab.

DalFox

Powerful open source XSS scanning tool and parameter analyzer.

XSStrike

Most advanced XSS scanner.

related-domains

Find related domains of a given domain.

fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

git-dumper

A tool to dump a git repository from a website.

TruffleHog

Find credentials all over the place.

CloudFail

Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.

SubBrute

A DNS meta-query spider that enumerates DNS records, and subdomains.

Knockpy

Knock Subdomain Scan.

assetfinder

Find domains and subdomains related to a given domain.

JoomScan

OWASP Joomla Vulnerability Scanner Project.

Drupwn

Drupal enumeration & exploitation tool.

CMSmap

CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

dirsearch

Web path scanner.

hakrawler

Simple, fast web crawler designed for discovery of endpoints and assets within a web application.

waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

LinkFinder

A python script that finds endpoints in JavaScript files.

Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

Sublist3r

Fast subdomains enumeration tool for penetration testers.

MassDNS

A high-performance DNS stub resolver for bulk lookups and reconnaissance.

Aquatone

A Tool for Domain Flyovers.

ffuf

Fast web fuzzer written in Go.

Amass

In-depth Attack Surface Mapping and Asset Discovery.

WPScan

WPScan WordPress Security Scanner