#all

alterx
sponsor
alterx

Fast and customizable subdomain wordlist generator using DSL.

nuclei-burp-plugin
sponsor
nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

Villain
sponsor
Villain

Backdoor generator and multi-session handler for sessions sharing among connected sibling servers.

hoaxshell
sponsor
hoaxshell

Windows reverse shell payload generator and handler that abuses the http(s) protocol.

Nuclei templates
sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

psudohash
sponsor
psudohash

Password list generator for orchestrating brute force attacks.

Shells
sponsor
Shells

A script for generating common revshells fast and easily.

Chaos
sponsor
Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

dnsX
sponsor
dnsX

Fast and multi-purpose DNS toolkit designed for running DNS queries.

tlsx
sponsor
tlsx

Fast and configurable TLS grabber focused on TLS based data collection.

ASNmap
sponsor
ASNmap

Quickly maps organization network ranges using ASN information.

cloudlist
sponsor
cloudlist

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

httpx
sponsor
httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

mapcidr
sponsor
mapcidr

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

uncover
sponsor
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

katana
sponsor
katana

A next-generation crawling and spidering framework.

interactsh
sponsor
interactsh

An OOB interaction gathering server and client library

proxify
sponsor
proxify

Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.

DNSProbe
sponsor
DNSProbe

Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

shuffleDNS
sponsor
shuffleDNS

Enumerate valid subdomains using active bruteforce and DNS resolution.

Subfinder
sponsor
Subfinder

Discovery tool that discovers valid subdomains for websites.

Naabu
sponsor
Naabu

A fast port scanner written in go with a focus on reliability and simplicity.

Nuclei
sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

mythril
featured
mythril

Security analysis tool for EVM bytecode that supports smart contracts builds.

Fresh Resolvers
featured
Fresh Resolvers

List of fresh DNS resolvers updated every 12h.

The PenTesters Framework
featured
The PenTesters Framework

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

NetworkChuck
featured
NetworkChuck

Network Chuck YouTube channel.

Fluxion
featured
Fluxion

Fluxion is the future of MITM WPA attacks.

ScreenShooter
featured
ScreenShooter

Convert your masscan/subdomain-scan results into screenshots for better analysis.

Dangerous Methods
featured
Dangerous Methods

A Burp Suite extension for finding the use of potentially dangerous methods/functions.

JSONBeautifier
featured
JSONBeautifier

JSON Beautifier for Burp written in Java.

LFI Suite
featured
LFI Suite

Totally Automatic LFI Exploiter and Scanner.

cero
featured
cero

Scrape domain names from SSL certificates of arbitrary hosts.

sulley
sulley

A pure-python fully automated and unattended fuzzing framework.

OSINT-Framework
OSINT-Framework

OSINT Framework.

RedEye
RedEye

RedEye is a visual analytic tool supporting Red & Blue Team operations.

boofuzz
boofuzz

Network protocol fuzzing for humans.

ThreatMapper
ThreatMapper

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

atomic-red-team
atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

MITRE ATT&CK
MITRE ATT&CK

Knowledge base of adversary tactics and techniques based on real-world observations.

DSStoreView
DSStoreView

DS_Store file parser/viewer.

RedELK
RedELK

Tool for Red Teams used for tracking and alarming about Blue Team activities.

kerbrute
kerbrute

Bruteforce and enumerate Active Directory accounts through Kerberos pre-authentication.

JPEXS
JPEXS

Free Flash decompiler.

nexfil
nexfil

OSINT tool for finding profiles by username.

IVRE
IVRE

Network recon framework.

OpenCTI
OpenCTI

Open Cyber Threat Intelligence Platform.

driftctl
driftctl

Detect, track and alert on infrastructure drift.

cve-search
cve-search

A tool to perform local searches for known vulnerabilities.

Quasar
Quasar

Remote administration tool for Windows.

rekall
rekall

Rekall Memory Forensic Framework.

Velociraptor
Velociraptor

Endpoint visibility and collection tool.

CUPP
CUPP

Common User Passwords Profiler.

The HTTP Garden
The HTTP Garden

Differential testing and fuzzing of HTTP servers and proxies.

pipedream
pipedream

Collect HTTP or webhook requests and inspect them in a human-friendly way.

webhook.site
webhook.site

Easily test HTTP webhooks with this handy tool that displays requests instantly.

hetty
hetty

An HTTP toolkit for security research.

ImHex
ImHex

Hex editor for reverse engineers, programmers and people who value their retinas when working at 3am.

django-DefectDojo
django-DefectDojo

DevSecOps, ASPM, Vulnerability Management.

tfsec
tfsec

Security scanner for your Terraform code.

trape
trape

People tracker on the Internet: OSINT analysis and research tool.

zdns
zdns

Fast CLI DNS lookup tool.

zgrab
zgrab

Fast Go application scanner.

zmap
zmap

Fast single packet network scanner designed for Internet-wide network surveys.

holehe
holehe

Check if the mail is used on different sites and retrieve informations on sites.

sandsifter
sandsifter

The x86 processor fuzzer.

androguard
androguard

Reverse engineering and pentesting for Android applications.

pphack
pphack

The most advanced client-side prototype pollution scanner.

tsunami-security-scanner
tsunami-security-scanner

Network security scanner with an extensible plugin system.

sonarqube
sonarqube

Continuous inspection.

objection
objection

Runtime mobile exploration.

EagleEye
EagleEye

Stalk your friends on social media using image recognition and reverse image search.

peda
peda

Python Exploit Development Assistance for GDB.

axiom
axiom

Distribute the workload of many different scanning tools with ease.

wifijammer
wifijammer

Continuously jam all wifi clients/routers.

Modlishka
Modlishka

A powerful and flexible HTTP reverse proxy.

PhoneSploit-Pro
PhoneSploit-Pro

Remotely exploit Android devices using ADB and Metasploit.

nodejsscan
nodejsscan

A static security code scanner for Node.js applications.

SocialFish
SocialFish

Phishing tool & information collector.

Semgrep
Semgrep

Lightweight static analysis for many languages.

mvt
mvt

Helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Havoc
Havoc

Modern and malleable post-exploitation command and control framework.

metasploitable
metasploitable

VM that is built from the ground up with a large amount of security vulnerabilities.

GOAD
GOAD

Game of Active Directory.

merlin
merlin

Cross-platform post-exploitation HTTP/2 Command & Control server and agent.

Zphisher
Zphisher

An automated phishing tool with 30+ templates.

CMSScan
CMSScan

Scan Wordpress, Drupal, Joomla, vBulletin websites for security issues.

vbscan
vbscan

A black box vBulletin vulnerability scanner.

UglifyJS
UglifyJS

A JavaScript parser, minifier, compressor and beautifier toolkit.

changedetection.io
changedetection.io

Page change monitoring with alerts a breezem, the best way to monitor website changes.

x64dbg
x64dbg

An open-source user mode debugger for Windows for reverse engineering and malware analysis.

Apktool
Apktool

A tool for reverse engineering Android APK files.

lynis
lynis

Security auditing tool for Linux, macOS, and UNIX-based systems.

pwntools
pwntools

CTF framework and exploit development library.

twint
twint

Twitter scraping & OSINT tool allowing you to scrape a user's followers, following, tweets and more.

tinfoleak
tinfoleak

The most complete open-source tool for Twitter intelligence analysis.

bore
bore

A simple CLI tool for making tunnels to localhost.

pupy
pupy

Opensource, cross-platform C2 and post-exploitation framework written in python and C.

honggfuzz
honggfuzz

A security oriented software fuzzer.

Osintgram
Osintgram

An interactive shell to perform analysis on Instagram account of any users by its nickname.

mana
mana

Wifi rogue AP attacks and MitM.

osintname
osintname

Generate emails and usernames.

exiv2
exiv2

Image metadata library and tools.

Parsero
Parsero

Robots.txt audit tool.

qemu
qemu

A generic and open source machine emulator and virtualizer.

mfoc
mfoc

Mifare classic offline cracker.

terraform
terraform

Enables you to safely and predictably create, change, and improve infrastructure.

jadx
jadx

Dex to Java decompiler.

nasm
nasm

A cross-platform x86 assembler with an Intel-like syntax.

Xenotix
Xenotix

An advanced Cross Site Scripting vulnerability detection and exploitation framework.

DOMPurify
DOMPurify

A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

wazuh
wazuh

The open source security platform.

MapperPlus
MapperPlus

An advanced source map extractor based on headless browser.

wtfis
wtfis

Passive hostname, domain and IP lookup tool for non-robots.

infer
infer

A static analyzer for Java, C, C++, and Objective-C.

qark
qark

Look for several security related Android application vulnerabilities.

pmd
pmd

An extensible multilanguage static code analyzer.

writehat
writehat

A pentest reporting tool.

mentalist
mentalist

Graphical tool for custom wordlist generation.

wacker
wacker

A WPA3 dictionary cracker.

ParrotSec
ParrotSec

The ultimate framework for your cyber security operations.

LibAFL
LibAFL

Advanced fuzzing librar. Slot your fuzzers together and extend their features using Rust.

graphql-armor
graphql-armor

The missing GraphQL security security layer.

Linpmem
Linpmem

The Linux memory acquisition tool.

WinPmem
WinPmem

The Windows memory acquisition tool.

BBstats
BBstats

Displays stats and graphs about your Bug Bounty activity.

Swagger Jacker
Swagger Jacker

Designed to assist with auditing of exposed Swagger/OpenAPI) definition files.

Kerbeus-BOF
Kerbeus-BOF

Beacon Object Files for Kerberos abuse.

sliver
sliver

Adversary emulation framework.

bounty-targets
bounty-targets

Crawls bug bounty platform scopes.

BountyDash
BountyDash

Combine your rewards from platforms giving you insights about your bug hunting progress.

brakeman
brakeman

Static analysis security vulnerability scanner for Ruby on Rails applications.

codeql
codeql

Power security researchers around the world as well as code scanning.

Sort++
Sort++

The next generation Snort Intrusion Prevention System.

Acra
Acra

Database protection suite with field level encryption and intrusion detection.

Astra
Astra

Automated Security Testing For REST API's.

GSIL
GSIL

GitHub Sensitive Information Leakage.

a2sv
a2sv

Auto Scanning to SSL Vulnerability.

Csper
Csper

The most advance set of Content Security Policy tools.

Charles
Charles

HTTP proxy / monitor / reverse proxy that allows to view all of the HTTP(S) traffic.

OSS-Fuzz
OSS-Fuzz

Continuous Fuzzing for Open Source Software.

CRYPTOHACK
CRYPTOHACK

A fun, free platform for learning modern cryptography.

Argus-SAF
Argus-SAF

Static analysis framework built in house to do security vetting for Android applications.

oyente
oyente

An analysis tool for smart contracts.

king-phisher
king-phisher

Phishing Campaign Toolkit.

DVRF
DVRF

The Damn Vulnerable Router Firmware project.

FireBounty
FireBounty

The ultimate Vulnerability Disclosure Policy and Bug Bounty list!

Canarytokens
Canarytokens

Track activity and actions on your network.

ipsourcebypass
ipsourcebypass

Bypass IP source restrictions using HTTP headers.

Social Mapper
Social Mapper

A social media enumeration & correlation tool.

Infection Monkey
Infection Monkey

Test a data center's resiliency to perimeter breaches and internal server infection.

LFIDump
LFIDump

Dump remote files through a local file read or Local File Inclusion web vulnerability.

CLZero
CLZero

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling attack vectors.

avet
avet

AntiVirus Evasion Tool.

crowbar
crowbar

Brute forcing tool that support several uncommon protocols.

msfpc
msfpc

A quick way to generate various basic Meterpreter payloads via MSFvenom.

mitm6
mitm6

pwning IPv4 via IPv6.

SharPersist
SharPersist

Windows persistence toolkit written in C#.

Commando VM
Commando VM

Fully customizable Windows-based pentesting virtual machine distribution.

HEKATOMB
HEKATOMB

Connects to LDAP directory to retrieve all computers and users informations.

tun2socks
tun2socks

Handle all network traffic of any internet programs sent by the device through a proxy.

NetExec
NetExec

Network service exploitation tool that helps automate assessing the security of large networks.

MANSPIDER
MANSPIDER

Spider entire networks for juicy files sitting on SMB shares.

Certipy
Certipy

Active Directory Certificate Services enumeration and abuse.

OpenBuckets
OpenBuckets

Online platform for finding open buckets in cloud storage systems effortlessly.

BucketLoot
BucketLoot

An automated S3-compatible bucket inspector.

volatility
volatility

The volatile memory extraction framework.

netdiscover
netdiscover

Network address discovering tool.

dnswalk
dnswalk

A DNS database debugger.

evil-winrm
evil-winrm

The ultimate WinRM shell for hacking/pentesting.

macchanger
macchanger

Makes the maniputation of MAC addresses of network interfaces easier.

bxss.net
bxss.net

Web service that allows for detection Blind XSS vulnerabilities within web applications.

BounceBack
BounceBack

Stealth redirector for your red team operation security.

PrivacyNet
PrivacyNet

Allow users to route Internet traffic through Tor and hide their real IP address.

cvecrowd.com
cvecrowd.com

Lists CVEs that are currently being discussed on the social network Mastodon.

certs.io
certs.io

Search the entire internet by data in TLS certificates.

HackingHub
HackingHub

Join the front line of the internet, learn applicable cyber security skills.

TrafficWatch
TrafficWatch

A packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files.

DNSWatch
DNSWatch

DNS traffic sniffer and analyzer.

ppfuzz
ppfuzz

A fast tool to scan client-side prototype pollution vulnerability written in Rust.

graphql-voyager
graphql-voyager

Represent any GraphQL API as an interactive graph.

sourcemapper
sourcemapper

Extract JavaScript source trees from source map files.

XnlReveal
XnlReveal

A Chrome browser extension to show alerts for several hidden elements.

IPFuscator
IPFuscator

A tool to automatically generate alternative IP representations.

HardeningKitty
HardeningKitty

Checks and hardens your Windows configuration.

Built With
Built With

Find out what websites are Built With.

Tool WPXStrike
Tool WPXStrike

Escalate a Cross-Site Scripting vulnerability to Remote Code Execution in WordPress.

CyberSec Quizzes
CyberSec Quizzes

Test your knowledge on cyber security and practice for industry recognised certifications.

Bypass-403
Bypass-403

A simple script just made for self use for bypassing 403.

CloudFlair
CloudFlair

Find origin servers of websites behind Cloudflare by using Internet-wide scan data from Censys.

octosuite
octosuite

An all-in-one GitHub open-source intelligence framework.

msLDAPDump
msLDAPDump

LDAP enumeration tool implemented in Python3.

Sirius
Sirius

Truly open-source general purpose vulnerability scanner.

gcp_scanner
gcp_scanner

A comprehensive scanner for Google Cloud.

ILSpy
ILSpy

NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!.

HasMySecretLeaked
HasMySecretLeaked

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.

dmut
dmut

Perform permutations, mutations and alteration of subdomains.

cve-collector
cve-collector

Simple latest CVE collector written in Python.

Free Certifications
Free Certifications

A curated list of free courses & certifications.

certmitm
certmitm

A tool for testing for certificate validation vulnerabilities of TLS connections.

Tool capa
Tool capa

The FLARE team's open-source tool to identify capabilities in executable files.

TEx
TEx

Telegram Explorer created to help researchers, investigators and law enforcement agent.

PersistenceSniper
PersistenceSniper

Hunt persistences implanted in Windows machines.

Inspeckage
Inspeckage

Android package inspector.

bbradar.io
bbradar.io

Fetches latest bug bounty programs from many platforms and consolidates them in one place.

Locksmith
Locksmith

Detect and fix common misconfigurations in Active Directory Certificate Services.

DivideAndScan
DivideAndScan

Divide full port scan results and use it for targeted Nmap runs.

HAITI
HAITI

Hash type identifier.

RustHound
RustHound

Active Directory data collector for BloodHound written in Rust.

Redacted Request
Redacted Request

Enhance the security and confidentiality of HTTP request handling within the Burp Suite.

ScriptSentry
ScriptSentry

ScriptSentry finds misconfigured and dangerous logon scripts.

Burp-Encode-IP
Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.

SBOMb
SBOMb

SBOM parser that performs cursory vulnerability assessment.

SynapsInt
SynapsInt

Consulting different intelligence services, search engines and datasets for OSINT.

dot
dot

The Deepfake Offensive Toolkit.

PurpleOps
PurpleOps

An open-source self-hosted purple team management web application.

waf-bypass
waf-bypass

Check your WAF before an attacker does.

slither
slither

Static analyzer for Solidity.

cerbrutus
cerbrutus

Network brute force tool, faster than other existing solutions.

pwnagotchi
pwnagotchi

Deep reinforcement learning instrumenting bettercap for WiFi pwning.

wifi-bruteforcer-fsecurify
wifi-bruteforcer-fsecurify

Android application to brute force WiFi passwords without requiring a rooted device.

droopescan
droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs.

ufonet
ufonet

Denial of Service Toolkit.

WhatBreach
WhatBreach

OSINT tool to find breached emails, databases, pastes, and relevant information.

Hijacker
Hijacker

GUI for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver.

trackerjacker
trackerjacker

Like nmap for mapping wifi networks you're not connected to, plus device tracking.

SharpC2
SharpC2

Command and Control Framework written in C#.

NimPlant
NimPlant

A light-weight first-stage C2 implant written in Nim.

jsluice
jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

WeakestLink
WeakestLink

Browser extension that extracts users from LinkedIn company pages.

brute ratel
brute ratel

A customized command and control center for red team and adversary simulation.

jswzl
jswzl

Improve your web application aecurity testing with rich data from static analysis.

subzy
subzy

Subdomain takeover vulnerability checker.

BackupKiller
BackupKiller

Generate wordlist based on the URLs to check for backup, installation, etc files.

Pspy
Pspy

Unprivileged Linux process snooping.

wordlistgen
wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths.

Trivy
Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, repositories...

Scavenger
Scavenger

Burp Suite extension to create target specific and tailored wordlist from burp history.

GatherContacts
GatherContacts

Burp Suite extension to pull employee names from Google and Bing LinkedIn search results.

WhoisXMLAPI
WhoisXMLAPI

Domain & IP data intelligence for greater enterprise security.

DeHashed
DeHashed

DeHashed provides free deep-web scans and protection against credential leaks.

xurlfind3r
xurlfind3r

A cli utility to find domain's known URLs from curated passive online sources.

Cake Fuzzer
Cake Fuzzer

Cutting-edge project designed to automate the continuous discovery of vulnerabilities in webapps.

resolvers
resolvers

The most exhaustive list of reliable DNS resolvers.

Kaeferjaeger
Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

caido
caido

A lightweight web security auditing toolkit.

ripgen
ripgen

Rust-based high performance domain permutation generator.

karma v2
karma v2

Passive open source intelligence automated reconnaissance.

shosubgo
shosubgo

Small tool to grab subdomains using Shodan API.

BurpGPT
BurpGPT

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan.

go-stare
go-stare

A fast & light web screenshot without headless browser but Chrome DevTools protocol.

bbot
bbot

OSINT automation for hackers.

FavFreak
FavFreak

Making favicon.ico based recon great again.

evilgophish
evilgophish

Combination of evilginx3 and GoPhish.

GoPhish
GoPhish

Open-source phishing toolkit.

Pyscan
Pyscan

A dependency vulnerability scanner for your python projects, straight from the terminal.

BugProve
BugProve

Automated firmware analysis tool for composition analysis and vulnerability scanning.

SMBAT
SMBAT

Find secrets in file and secret files among the SMB target shares.

Rapidscan
Rapidscan

The multi tool web vulnerability scanner.

plution
plution

Prototype pollution scanner using headless chrome.

PwnDoc
PwnDoc

Pentest report generator.

Jira-Lens
Jira-Lens

Fast and customizable vulnerability scanner for Jira.

al-khaser
al-khaser

Public malware techniques used in the wild: virtual machine, emulation, debuggers.

traitor
traitor

Automatic Linux privilege escalation via exploitation of low-hanging fruit.

pydictor
pydictor

A powerful and useful hacker dictionary builder for a brute-force attack.

spraykatz
spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

WINspect
WINspect

Powershell-based Windows security auditing toolbox.

fuxploider
fuxploider

File upload vulnerability scanner and exploitation tool.

hping
hping

Network tool able to send custom TCP/IP packets.

AhMyth Android RAT
AhMyth Android RAT

Android remote administration tool.

AttifyOS
AttifyOS

Distribution for pentesting IoT devices.

Empire
Empire

Post-exploitation and adversary emulation framework that is used to aid Red Teams and pentesters.

Starkiller
Starkiller

Starkiller is a frontend for Empire.

Caldera
Caldera

Automated adversary emulation platform.

BloodHound
BloodHound

Six Degrees of Domain Admin.

CrackMapExec
CrackMapExec

A swiss army knife for pentesting networks.

CrossLinked
CrossLinked

LinkedIn enumeration tool to get employee names from an organization using scraping.

Infoga
Infoga

Email OSINT.

SharpCookieMonster
SharpCookieMonster

Extracts cookies from Chrome.

cookie_crimes
cookie_crimes

Read local Chrome cookies without root or decrypting.

TokenTactics
TokenTactics

Azure JWT token manipulation toolset.

Mr.SIP
Mr.SIP

SIP-based audit and attack tool.

MobSF
MobSF

All-in-one mobile application pentesting, malware analysis and security assessment framework.

cve
cve

Gather and update all available and newest CVEs with their PoC.

Offensive Security
Offensive Security

Offensive Security Youtube channel.

Damn Vulnerable Bank
Damn Vulnerable Bank

A vulnerable Android application with an interface to test your mobile hacking skills.

Synergy-httpx
Synergy-httpx

Http(s) server designed to host resources dynamically or act as a receiver for POST data intercepts.

P4wnP1 A.L.O.A.
P4wnP1 A.L.O.A.

Turn a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming or PE.

binwalk
binwalk

Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

proxmark3
proxmark3

RFID tool designed to snoop, listen and emulate everything from Low to High Frequency tags.

HTSHELLS
HTSHELLS

Self contained web shells and other attacks via .htaccess files.

pwnat
pwnat

Punch holes through firewalls/NATs where both clients and servers can be behind separate NATs.

egressbuster
egressbuster

Check egress filtering and identify if ports are allowed to automatically spawn a shell.

ctftool
ctftool

Interactive CTF exploration tool.

LDAP Relay Scan
LDAP Relay Scan

Check for LDAP protections regarding the relay of NTLM authentication.

demovfuscator
demovfuscator

A work-in-progress deobfuscator for movfuscated binaries.

M/o/Vfuscator
M/o/Vfuscator

The single instruction C compiler.

OSINT-SPY
OSINT-SPY

Perform OSINT scan on email/domain/ip address/organization.

pywerview
pywerview

A (partial) Python rewriting of PowerSploit's PowerView.

AndroSet
AndroSet

Manage Burp Suite certificate in Android to redirect all traffic to Burp Suite.

Prenum
Prenum

The perils of the pre-Windows 2000 compatible access group in a Windows domain.

smbcrawler
smbcrawler

No-nonsense tool that takes credentials and a list of hosts and crawls through those shares.

PS2
PS2

A port scanner written purely in PowerShell.

passiveDNS
passiveDNS

A network sniffer that logs all DNS server replies for use in a passive DNS setup.

BugBountyHunting
BugBountyHunting

Search Bug Bounty writeups easily.

DEFCON
DEFCON

The world’s most prominent and well-known computer security conferences.

Frida
Frida

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

APKLeaks
APKLeaks

Scanning APK file for URIs, endpoints & secrets.

GTFOBins
GTFOBins

Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

LOLBAS
LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

GTFOArgs
GTFOArgs

Unix binaries that can be manipulated for argument injection.

LOOBins
LOOBins

Living Off the Orchard: macOS Binaries.

RegStrike
RegStrike

RegStrike is a .reg payload generator.

GeoWordlists
GeoWordlists

Generate wordlists of passwords containing cities at a defined distance around the client city.

subjs
subjs

Fetches javascript file from a list of URLS or subdomains.

HackBrowserData
HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser.

Shellcrypt
Shellcrypt

A QoL tool to obfuscate shellcode.

SubScraper
SubScraper

Perform subdomain enumeration through various techniques and retrieve detailed output.

Sshimpanzee
Sshimpanzee

Reverse shell based on sshd supporting DNS and ICMP tunnelling as well as HTTP and Socks proxies.

SQLiDetector
SQLiDetector

Helps you to detect SQL injection "Error based" by sending multiple requests.

TLDHunt
TLDHunt

Domain availability checker.

Seela
Seela

Boost the cybersecurity skills of your teams with the cyber knowledge library.

co2
co2

A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

json-web-tokens
json-web-tokens

JSON Web Tokens Support for Burp Suite.

403-bypasser
403-bypasser

A Burp Suite extension made to automate the process of bypassing 403 pages.

additional-scanner-checks
additional-scanner-checks

Collection of scanner checks missing in Burp.

csrf-scanner
csrf-scanner

CSRF Scanner Extension for Burp Suite Pro.

DNSExfiltrator
DNSExfiltrator

Data exfiltration over DNS request covert channel.

archerysec
archerysec

Automate your application security orchestration and correlation (ASOC).

LaZagne
LaZagne

Credentials recovery project.

cloudsploit
cloudsploit

Cloud Security Posture Management (CSPM).

HTTP-revshell
HTTP-revshell

Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware.

toxssin
toxssin

Open-source penetration testing tool that automates the process of exploiting XSS.

SysReptor
SysReptor

Easy and customisable pentest report creator based on simple web technologies.

murphysec
murphysec

An open source tool focused on software supply chain security.

hcxdumptool
hcxdumptool

Small tool to capture packets from wlan devices.

JNDI-Injection-Exploit
JNDI-Injection-Exploit

Generates JNDI links can start several servers to exploit JNDI Injection vulnerabilities.

morphHTA
morphHTA

Morphing Cobalt Strike's evil.HTA.

repo-supervisor
repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets.

appmon
appmon

Framework for monitoring and tampering system API calls of native macOS, iOS and android apps.

talisman
talisman

Validate the outgoing changeset for things that look suspicious such as tokens, passwords and keys.

Pyrit
Pyrit

The famous WPA precomputed cracker.

zarp
zarp

Network attack tool.

git-secrets
git-secrets

Prevents you from committing secrets and credentials into git repositories.

enum4linux-ng
enum4linux-ng

A Windows/Samba enumeration tool with additional features like JSON/YAML export.

HardHat C2
HardHat C2

A cross-platform, collaborative, Command & Control framework.

SUID3NUM
SUID3NUM

Standalone script to enumerate SUID binaries, separate default binaries from customs.

adPEAS
adPEAS

Powershell tool to automate Active Directory enumeration.

wgen.io
wgen.io

Generate rich wordlists for targeted attacks online.

web2shell
web2shell

Automate converting webshells into reverse shells.

postmaniac
postmaniac

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.

deser-node
deser-node

NodeJS deserialization payload generator.

HTTP-traceroute
HTTP-traceroute

HTTP-traceroute in Go.

CSRFT
CSRFT

A lightweight CSRF Toolkit for easy Proof of Concept.

orpheus
orpheus

Bypass Kerberoast detections with modified KDC options and encryption types.

CypherDog
CypherDog

PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.

DripLoader
DripLoader

Evasive shellcode loader for bypassing injection detection.

Blacklist3r
Blacklist3r

Identify usage of pre-shared Machine Keys in a application for encryption and decryption.

badsecrets
badsecrets

A library for detecting known secrets across many web frameworks.

Poastal
Poastal

The Email OSINT tool.

Nishang
Nishang

Offensive PowerShell for red team, penetration testing and offensive security.

c{api}tal
c{api}tal

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

XXElixir
XXElixir

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

unicorn
unicorn

Simple tool for using a PowerShell downgrade attack and inject shellcode into memory.

Hades
Hades

Go shellcode loader that combines multiple evasion techniques.

DorkGPT
DorkGPT

Generate Google dorks with AI.

wpfinger
wpfinger

wpfinger is a red-team WordPress scanning tool.

cadaver
cadaver

Command-line WebDAV client.

google-authenticator-exporter
google-authenticator-exporter

Get the TOTP secrets exported by Google Authenticator.

HBSQLI
HBSQLI

Automated tool for testing header based blind SQL injection.

Nimbo-C2
Nimbo-C2

Yet another (simple and lightweight) C2 framework.

Freeze-rs
Freeze-rs

Payload toolkit for bypassing EDRs using suspended processes, direct syscalls written.

Hash Muncher
Hash Muncher

Grab NetNTLMv2 hashes using ETW with administrative rights on Windows.

Gowhois
Gowhois

Whois command implemented by golang with awesome whois servers list.

Evilginx3
Evilginx3

Standalone MITM attack framework allowing for the bypass of 2-factor authentication.

API fuzzer
API fuzzer

Fuzz request attributes using common pentesting techniques and lists vulnerabilities.

Invoke-ADEnum
Invoke-ADEnum

Automate Active Directory Enumeration using PowerView.

BugBountyScanner
BugBountyScanner

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use.

nuclei-wordfence-cve
nuclei-wordfence-cve

Collection of Nuclei templates dedicated to WordPress core, plugins and themes vulnerabilities.

octosql
octosql

CLI tool which lets you query a plethora of databases and file formats.

John Hammond
John Hammond

John Hammond YouTube channel.

Scopein
Scopein

A Go tool for scope management.

kiterunner
kiterunner

Contextual content discovery tool.

bbrf
bbrf

Help you coordinate your reconnaissance workflows across multiple devices.

socialhunter
socialhunter

Crawls the website and finds broken social media links that can be hijacked

Awesome-CobaltStrike
Awesome-CobaltStrike

List of awesome CobaltStrike resources.

Haylxon
Haylxon

Blazing-fast tool to grab screenshots of your domain list right from terminal.

Klyda
Klyda

Highly configurable script for dictionary/spray attacks against online web applications.

Kscan
Kscan

Kscan is an all-round scanner developed purely in Go, with functions such as port scanning, protocol.

deps.dev
deps.dev

Better understand the structure, construction, and security of open source software packages.

depsdev
depsdev

CLI client for deps.dev API.

wstunnel
wstunnel

Tunneling over websocket protocol - Static binary available.

RESTler
RESTler

A stateful fuzzing tool for automatically testing cloud services through their REST APIs.

Ghostbuster
Ghostbuster

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

UDPX
UDPX

Fast and lightweight UDP scanner that supports the discovery of many services.

gef
gef

A modern experience for GDB with advanced debugging capabilities.

subnerium
subnerium

A fast passive subdomain enumeration tool that uses various sources to gather data.

The Wordlists
The Wordlists

A collection of wordlists for many different usages.

PowerMeta
PowerMeta

Searches for publicly available files hosted on various websites for a particular domain.

Pymeta
Pymeta

Search the web for files on a domain to download and extract metadata.

SpiderSuite
SpiderSuite

Advanced web spider/crawler for cyber security professionals.

CTFd
CTFd

A Capture The Flag framework focusing on ease of use and customizability.

NanoDump
NanoDump

A flexible tool that creates a minidump of the LSASS process.

hakip2host
hakip2host

Takes a list of IP addresses then does a series of checks to return associated domain names.

hakfindinternaldomains
hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal.

hakoriginfinder
hakoriginfinder

Discover the origin host behind a reverse proxy, useful for bypassing cloud WAFs!.

haklistgen
haklistgen

Turns any junk text into a usable wordlist for brute-forcing.

The Time Machine
The Time Machine

Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.

PowerMayhem
PowerMayhem

Powershell payload generator In Bash !

s3cXSSer
s3cXSSer

This extension will help you to detect GET/POST based XSS vulnerability in any website easily.

certmon
certmon

A simple certificate expiration monitor script.

MSOLSpray
MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365).

haktrails
haktrails

Golang client for querying SecurityTrails API data.

Crlfi
Crlfi

CRLF bug scanner for WebPentesters and Bugbounty Hunters.

hrekt
hrekt

A really fast HTTP prober.

SharpSCCM
SharpSCCM

A post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager.

Go365
Go365

Go365 performs user enumeration and password guessing attacks on organizations that use Office365.

webpalm
webpalm

A tool that traverses a website and generates a tree of all the webpages and their links.

SubGPT
SubGPT

Find subdomains with GPT, for free.

qscan
qscan

Quick network scanner library.

WhatWaf
WhatWaf

Detect and bypass web application firewalls and protection systems.

CeWLeR
CeWLeR

Custom word list generator redefined, based on the Scrapy framework.

dontgo403
dontgo403

Tool to bypass 40X response codes.

ReverseKit
ReverseKit

A dynamic reverse engineering toolkit.

dorky
dorky

Quickly do keyword searches over GitLab and GitHub for OSINT & bug bounty recon.

KeePwn
KeePwn

A python script to help red teamers discover KeePass instances and extract secrets.

PyShell
PyShell

Multiplatform Python webshell.

svn-extractor
svn-extractor

Simple script to extract all web resources by means of .SVN folder exposed over network.

PowerMeUp
PowerMeUp

A small library of powershell scripts for post exploitation that you may need or use!

GhostTrack
GhostTrack

Useful tool to track location or mobile number.

wildcrawl
wildcrawl

Crawls URL to get a better image of what is tied to a website.

Kraken
Kraken

A modular multi-language webshell.

Kubestroyer
Kubestroyer

Exploit Kubernetes clusters misconfigurations and be the swiss army knife of your pentests.

IAMagic
IAMagic

Advanced AWS access credentials scanner.

swagroutes
swagroutes

Extract and list API routes from Swagger files in YAML/JSON format.

DomLink
DomLink

Link a domain with registered organisation names and emails, to other domains.

DNSCewl
DNSCewl

A DNS bruteforcing wordlist generator.

fastsub
fastsub

A DNS bruteforcer with multi-threading, and handling of bad resolvers.

subtake
subtake

Extension of sublister tool to check for subdomain takeovers.

Brute Hacking Framework
Brute Hacking Framework

A framework including all the tools that work on Windows.

XSS Hunter
XSS Hunter

The fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.

SubdomainFinder
SubdomainFinder

Find subdomains by searching public certificate records.

LDAPNomNom
LDAPNomNom

Anonymously bruteforce Active Directory usernames by abusing LDAP Ping requests.

LinkedInDumper
LinkedInDumper

Script that dumps employee data from the LinkedIn social networking platform.

gorgo
gorgo

The vertasile multi-threaded password sprayer built on the shoulders of giants.

GodPotato
GodPotato

Privilege escalation tool for Windows.

endext
endext

A tool for extracting all the possible endpoints from the JS files.

autowpscan
autowpscan

An automated tool that automatically scanning a list of multiple websites with wordpress at once.

Comperio
Comperio

OSINT tool to find usernames across 80+ social media and social networking sites.

Unforce
Unforce

Salesforce lightning recon and exploitation tool.

Nmap-API
Nmap-API

Create a Nmap API that can do scans with a good speed online and is easy to deploy.

Mimicry
Mimicry

A dynamic deception tool that actively deceives an attacker.

GPT_Vuln-Analyzer
GPT_Vuln-Analyzer

A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.

QuadraInspect
QuadraInspect

A comprehensive approach to the vulnerability analysis of Android application.

MalwareBazaar
MalwareBazaar

Malware sample database.

WebScrape
WebScrape

A web scraper to scrape email's and phone numbers from websites.

MalBuzz
MalBuzz

It's a handy tool to help you analyze malware.

wmiexec-RegOut
wmiexec-RegOut

Modify version of impacket wmiexec.py, get output from registry.

impacket
impacket

Collection of Python classes for working with network protocols.

nmapAutomater
nmapAutomater

Automate the process of enumeration & recon that is run every time.

wmiexec-Pro
wmiexec-Pro

The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.

lsassy
lsassy

Python tool to remotely extract credentials on a set of hosts.

SocialPwned
SocialPwned

Allows to get the emails from a target published in social networks to find possible credentials.

autopwn
autopwn

Specify targets and run sets of tools against them.

sshLooterC
sshLooterC

It's the C version of sshLooter.

sshLooter
sshLooter

Script to steal passwords from ssh.

ghidra
ghidra

Software reverse engineering (SRE) framework.

HackerSploit
HackerSploit

HackerSploit YouTube channel.

InsiderPhD
InsiderPhD

InsiderPhD Youtube channel.

Bug Bounty Reports Explained
Bug Bounty Reports Explained

Bug Bounty Reports Explained channel.

AWS Sensitive Permissions
AWS Sensitive Permissions

This script enumerates the permissions of all the AWS principals of an account.

vcsmap
vcsmap

Plugin-based tool to scan public version control systems for sensitive information.

t14m4t
t14m4t

Automated brute-forcing attack tool.

Reverse Shell Generator
Reverse Shell Generator

A tool to generate various ways to do a reverse shell.

ssh-auditor
ssh-auditor

The best way to scan for weak ssh passwords on your network.

dnstwist
dnstwist

Domain name permutation engine for detecting several types of attacks.

DNSMORPH
DNSMORPH

Domain name permutation engine written in Go.

MicroBurst
MicroBurst

A collection of scripts for assessing Microsoft Azure security.

PowerUpSQL
PowerUpSQL

A PowerShell toolkit for attacking SQL Server.

ncrack
ncrack

Open source tool for network authentication cracking.

phpsploit
phpsploit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.

kerberoast
kerberoast

Series of tools for attacking MS Kerberos implementations.

BaRMIe
BaRMIe

Enumerating and attacking Java Remote Method Invocation services.

PoshC2
PoshC2

A proxy aware C2 framework used to aid with post-exploitation and lateral movement.

Invoke-PowerThIEf
Invoke-PowerThIEf

An Internet Explorer post exploitation library.

R3C0Nizer
R3C0Nizer

The first ever CLI based menu-driven web application B-Tier recon framework.

OSINTui
OSINTui

OSINT from your favorite services in a friendly terminal user interface.

aem-detector
aem-detector

Discover Adobe Experience Manager (AEM) Content Management System (CMS) websites.

Athena OS
Athena OS

Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

trurl
trurl

Command line tool for URL parsing and manipulation.

lyncsmash
lyncsmash

Locate and attack Lync and Skype for Business.

LAZYPARIAH
LAZYPARIAH

Generate reverse shell payloads on the fly.

o365recon
o365recon

Retrieve information via O365 and AzureAD with valid credentials.

Storm breaker
Storm breaker

Social engineering tool, access eebcam & microphone & location finder.

urless
urless

De-clutter a list of URLs.

GD-Thief
GD-Thief

Exfiltrate files from a target's Google Drive that you have access to, via Google's API.

jsleak
jsleak

Find secrets, paths or links in the source code.

dnscat2
dnscat2

Create an encrypted command-and-control (C&C) channel over the DNS protocol.

PyExfil
PyExfil

Set as many exfiltration, techniques that CAN be used to bypass various.

Dismap
Dismap

Asset discovery and identification tool.

keyhacks.sh
keyhacks.sh

Automation of tokens/api keys testing.

github-endpoints
github-endpoints

Find endpoints on GitHub.

github-regexp
github-regexp

Basically a regexp over a GitHub search.

SecretFinder
SecretFinder

SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.

JSpector
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

ffufPostprocessing
ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

NMapify
NMapify

Quickly and accurately create a visual representation of their Nmap output.

LDAP Password Hunter
LDAP Password Hunter

Password Hunter in active directory.

ScareCrow
ScareCrow

Payload creation framework designed around EDR bypass.

h8mail
h8mail

Powerful and user-friendly password hunting tool.

sub404
sub404

A fast tool to check subdomain takeover vulnerability.

WiFi-Pumpkin
WiFi-Pumpkin

Framework for rogue Wi-Fi access point attack.

mimikittenz
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

Dumpert
Dumpert

LSASS memory dumper using direct system calls and API unhooking.

FindUncommonShares
FindUncommonShares

Quickly find uncommon shares in vast Windows domains.

Invoke-TmpDavFS
Invoke-TmpDavFS

Memory Backed Powershell WebDav Server.

Invoke-SocksProxy
Invoke-SocksProxy

Socks proxy, and reverse socks server using powershell.

PowerShdll
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

PSByPassCLM
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

CarbonCopy
CarbonCopy

Creates a spoofed certificate of any online website and signs an executable for AV evasion.

DNSTracer
DNSTracer

Trace the path of a DNS query.

Invoke-BSOD
Invoke-BSOD

For when you want a computer to be done - without admin!.

Invoke-WCMDump
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

Invoke-PSImage
Invoke-PSImage

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.

Ciphey
Ciphey

Automates decryptions & decodings with encodings, classical ciphers, hashes, or more.

SDBF
SDBF

Smart DNS Brute Forcer.

SQLMutant
SQLMutant

Searches for automated subdomain enumeration and runs SQLi tests.

ScopeHunter
ScopeHunter

Command-line tool for finding in-scope targets for bug bounty programs.

SSRFPwned
SSRFPwned

Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

TerminatorZ
TerminatorZ

Scan for top potential vulnerabilities with known CVEs in your web applications.

moniorg
moniorg

Leverage crt.sh website to monitor domains of a target.

DVCA
DVCA

Damn vulnerable cloud application.

Vampi
Vampi

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.

DVWS
DVWS

Vulnerable application with a web service and an API.

AzureGoat
AzureGoat

A damn vulnerable Azure infrastructure.

AWSGoat
AWSGoat

A damn vulnerable AWS infrastructure.

unix-privesc-check
unix-privesc-check

Shell script to check for simple privilege escalation vectors on Unix systems.

windows-privesc-check
windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

VBad
VBad

VBA obfuscation tools combined with an MS Office document generator .

dumpcreds
dumpcreds

May be used to extract various credentials from running processes.

PowerSploit
PowerSploit

A PowerShell Post-Exploitation Framework.

SMBeagle
SMBeagle

Fileshare auditing tool.

WMEye
WMEye

Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

NTLMRecon
NTLMRecon

Enumerate information from NTLM authentication enabled web endpoints.

MSDAT
MSDAT

Microsoft SQL database attacking tool.

SMBetray
SMBetray

Attack clients through file content swapping and compromise any data passed in cleartext.

FakeImageExploiter
FakeImageExploiter

Use a Fake image.jpg to exploit targets (hide known file extensions).

radare2
radare2

UNIX-like reverse engineering framework and command-line toolset.

FiercePhish
FiercePhish

Full-fledged phishing framework to manage all phishing engagements.

Microsploit
Microsploit

Quickly and easily create backdoor Office exploitation using module Metasploit packet.

Vegile
Vegile

Post exploitation tool to maintain some level of acces.

litefuzz
litefuzz

A multi-platform fuzzer for poking at userland binaries and servers.

securityonion
securityonion

Free and open platform for threat hunting, enterprise security monitoring, and log management.

RedHunt-OS
RedHunt-OS

Virtual machine for adversary emulation and threat hunting.

EAPHammer
EAPHammer

Targeted attacks against WPA2-Enterprise networks, wireless pivots using hostile portal attacks.

katoolin3
katoolin3

Get your favourite Kali Linux tools on Debian/Ubuntu/Linux Mint.

Phishery
Phishery

An SSL enabled basic auth credential harvester with a Word document template URL injector.

CDN Proxy
CDN Proxy

Create a copy of a targeted website with CDN and WAF restrictions disabled.

catphish
catphish

Generate similar-looking domains for phishing attacks.

WinPwnage
WinPwnage

UAC bypass, Elevate, Persistence methods.

GCPBucketBrute
GCPBucketBrute

Enumerate Google Storage buckets, check the access and if they can be privilege escalated.

jsfinder
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

CDK
CDK

Make security testing of K8s, Docker, and Containerd easier.

Quickjack
Quickjack

Point-and-click tool for producing advanced clickjacking and frame-slicing attacks.

upload_bypass
upload_bypass

File upload restrictions bypass by using different techniques!

PipeViewer
PipeViewer

A tool that shows detailed information about named pipes in Windows.

Kali Linux
Kali Linux

The most advanced penetration testing distribution.

nbtscan
nbtscan

Scan networks searching for NetBIOS information.

Unicornscan
Unicornscan

An asynchronous TCP and UDP port scanner.

ike-scan
ike-scan

Discover and fingerprint IKE hosts.

amap
amap

Identify applications even if they are running on a different port than normal.

Grendel-Scan
Grendel-Scan

A tool for automated security scanning of web applications.

Dradis
Dradis

Collaboration and reporting for infosec teams made simple.

KisMac
KisMac

A free, open source wireless stumbling and security tool for Mac OS X.

ratproxy
ratproxy

A semi-automated largely passive web application security audit tool.

Samurai WTF
Samurai WTF

The best security training environment for developers and AppSec professionals.

Sguil
Sguil

The analyst console for network security monitoring.

Tamper Data
Tamper Data

View and modify HTTP requests before they are sent.

Tamper Dev
Tamper Dev

Allows you to intercept and edit HTTP/HTTPS requests and responses.

NetworkMiner
NetworkMiner

Network forensic analysis tool for Windows.

wikto
wikto

Nikto for Windows with some extra features.

p0f
p0f

Identify the operating system of a target host simply by examining captured packets.

WebInspect
WebInspect

An automated dynamic testing solution that provides comprehensive vulnerability detection.

nipper-ng
nipper-ng

Network infrastructure configuration parser.

Invicti
Invicti

Web Application Security For Enterprise.

sslstrip
sslstrip

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

Splunk
Splunk

The unified security and observability platform.

NetWitness
NetWitness

Rapidly detect and respond to any threat, anywhere. See Everything. Fear Nothing.

Nagios
Nagios

The industry standard in IT infrastructure monitoring.

hunter.how
hunter.how

Internet search engines for security researchers.

Spy Extension
Spy Extension

This Chrome extension will read literally everything it can.

favirecon
favirecon

Use favicon.ico to improve your target recon phase.

Striker
Striker

Offensive information and vulnerability scanner.

sqlmate
sqlmate

A friend of SQLmap which will do what you always expected from SQLmap.

Kwetza
Kwetza

Infect an existing Android application with a Meterpreter payload.

ADRecon
ADRecon

Gather information about the Active Directory and generates a report.

AWSloot
AWSloot

Pull secrets from an AWS environment.

UserEnum
UserEnum

Domain user enumeration tool.

reDuh
reDuh

Create a TCP circuit through validly formed HTTP requests.

reGeorg
reGeorg

Pwn a bastion webserver and create SOCKS proxies through the DMZ.

Graphicator
Graphicator

Enumerate and extract GraphQL APIs.

celerystalk
celerystalk

An asynchronous enumeration & vulnerability scanner.

Wordsmith
Wordsmith

Assist with creating tailored wordlists, mostly based on geolocation.

SimplyEmail
SimplyEmail

Email recon made fast and easy, with a framework to build on.

Rock-ON
Rock-ON

All in one recon tool that just get a single domain name and do all of the work alone.

RedTeam_toolkit
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

web-hacking-toolkit
web-hacking-toolkit

A web hacking toolkit.

smbmap
smbmap

A handy SMB enumeration tool.

weevely3
weevely3

Weaponized web shell.

pypykatz
pypykatz

Mimikatz implementation in pure Python.

BetterBackdoor
BetterBackdoor

A backdoor with a multitude of features.

SUDO_KILLER
SUDO_KILLER

A tool to identify and exploit sudo rules misconfigurations and vulnerabilities.

AzureADLateralMovement
AzureADLateralMovement

Lateral movement graph for Azure Active Directory.

smb-scanner
smb-scanner

Samba scanning tool.

PhoneInfoga
PhoneInfoga

Information gathering framework for phone numbers.

Responder
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

ikeforce
ikeforce

Command line IPSEC VPN brute forcing tool for Linux.

KeyTabExtract
KeyTabExtract

Extracts Key Values from .keytab files.

linuxprivchecker
linuxprivchecker

A Linux privilege escalation check script.

Snaffler
Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

RidRelay
RidRelay

Enumerate usernames on a domain where you have no creds by using SMB relay.

jackdaw
jackdaw

Gather gather gather.

Domain Hunter
Domain Hunter

Checks expired domains to determine good candidates for phishing and C2 domain names.

CertStealer
CertStealer

A .NET tool for exporting and importing certificates without touching disk.

FastFuzz Chrome Extension
FastFuzz Chrome Extension

Site fast fuzzing with chorme extension.

Nosql-Exploitation-Framework
Nosql-Exploitation-Framework

A Python Framework For NoSQL Scanning and Exploitation.

Vajra
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

TrevorC2
TrevorC2

A legitimate website that tunnels client/server communications for covert command execution.

RED HAWK
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Gorsair
Gorsair

Gives root access on remote docker containers that expose their APIs.

SniffAir
SniffAir

A framework for wireless pentesting.

Firefly
Firefly

Black box fuzzer for web applications.

scanless
scanless

Online port scan scraper.

Dome
Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

airgeddon
airgeddon

This is a multi-use bash script for Linux systems to audit wireless networks.

APTRS
APTRS

Automated penetration testing reporting system.

Pentest Mapper
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

PyCript
PyCript

Bypass client-side encryption using custom logic for testing with Python and NodeJS.

Vulmap
Vulmap

Online local vulnerability scanners project.

Skanuvaty
Skanuvaty

Dangerously fast DNS/network/port scanner.

Metabigor
Metabigor

Intelligence tool to do OSINT tasks and more but without any API key.

enum4Linux
enum4Linux

Enumerate data from Windows and Samba hosts.

GitHarvester
GitHarvester

Tool used for harvesting information from GitHub.

certSniff
certSniff

A certificate transparency log keyword sniffer written in Python.

WiFi Exploitation Framework
WiFi Exploitation Framework

WiFi exploitation framework.

Bypass URL Parser
Bypass URL Parser

Tool that tests MANY url bypasses to reach a 40X protected page.

ShadowSpray
ShadowSpray

Spray shadow credentials across an entire domain.

autoSSRF
autoSSRF

Smart context-based SSRF vulnerability scanner.

SpoolSploit
SpoolSploit

Collection of Windows print spooler exploits and other utilities for practical exploitation.

CMSeek
CMSeek

CMS Detection and Exploitation suite that supports over 180 other CMSs.

wifiphisher
wifiphisher

The rogue access point framework.

gateway-finder
gateway-finder

Identify routers on the local LAN and paths to the Internet.

gateway-finder-imp
gateway-finder-imp

Identify routers on the local LAN and paths to the Internet.

undetected-chromedriver
undetected-chromedriver

Optimized Selenium Chromedriver patch which does not trigger anti-bot services.

gitleaks
gitleaks

Protect and discover secrets using Gitleaks.

afrog
afrog

A vulnerability scanning tools for penetration testing.

PayGen
PayGen

Tool to generate stable undetected payload.

mitmAP
mitmAP

A python program to create a fake AP and sniff data.

RDP Scraper
RDP Scraper

Enumerates users based off RDP Screenshots.

brutespray
brutespray

Automatically attempts default creds on found services based on Nmap output.

ggshield
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

awesome-cve-poc
awesome-cve-poc

A collection about Proof of Concepts of Common Vulnerabilities and Exposures.

reapoc
reapoc

OpenSource Poc && Vulnerable-Target Storage Box.

ShellPop
ShellPop

Pop shells like a master.

yersinia
yersinia

A framework for layer 2 attacks.

Fiddler Everywhere
Fiddler Everywhere

Web debugging proxy for MacOS, Windows, and Linux.

l0phtcrack
l0phtcrack

Crack Windows passwords from hashes.

mimikatz
mimikatz

A little tool to play with Windows security.

Qualys Cloud Platform
Qualys Cloud Platform

The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.

SSTImap
SSTImap

Automatic SSTI detection tool with interactive interface.

Shodan
Shodan

Search engine for Internet-connected devices.

Netlas.io
Netlas.io

Netlas.io is the network atlas of Internet. IP, DNS, Web, IoT devices, and etc.

dBmonster
dBmonster

A multitool for tracking and locating nearby devices via their RF activities.

AORT
AORT

All in one recon tool for bug bounty.

infoooze
infoooze

User-friendly OSINT tool that allows you to quickly and easily gather informations.

LanGuard
LanGuard

Patch management, vulnerability scanning, and network auditing.

Ophcrack
Ophcrack

Windows password cracker based on rainbow tables.

Nexpose
Nexpose

Vulnerability scanner which aims to support the entire vulnerability management lifecycle.

dsniff
dsniff

Collection of tools for network auditing and penetration testing.

Core Impact
Core Impact

Designed to enable security teams to conduct advanced penetration tests with ease.

WebScarab
WebScarab

Framework for analysing applications that communicate using the HTTP and HTTPS protocols.

Paros Proxy
Paros Proxy

HTTP(S) proxy for assessing web application vulnerability.

Ettercap
Ettercap

Free and open source network security tool for man-in-the-middle attacks on a LAN.

Kismet
Kismet

Remote capture for all capture types over TCP sockets or websockets.

Cain and Abel
Cain and Abel

Password recovery tool for Microsoft Operating Systems.

Nessus
Nessus

The global gold standard in vulnerability assessment built for the modern attack surface.

TryHackMe
TryHackMe

Hands-on cyber security training through real-world scenarios.

DVWA
DVWA

Damn Vulnerable Web Application.

Hack The Box
Hack The Box

Massive hacking playground, and infosec community.

OWASP Juice Shop
OWASP Juice Shop

Probably the most modern and sophisticated insecure web application.

VulnHub
VulnHub

Provide materials that allows anyone to gain practical 'hands-on' experience in security.

WebGoat
WebGoat

Deliberately insecure application.

bWAPP
bWAPP

An extremely buggy web application!.

PortSwigger WebSecurity Academy
PortSwigger WebSecurity Academy

Free, online web security training from the creators of Burp Suite.

OrbitalDump
OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool.

GitHacker
GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

XSSRocket
XSSRocket

Written by Black Hat Ethical Hacking and #ChatGPT for offensive security and XSS attacks.

Ronin
Ronin

A free and open source Ruby toolkit for security research and development.

RadareEye
RadareEye

Scan nearby devices and execute command when the target device comes in between range.

Vuls
Vuls

Agent-less vulnerability scanner.

Nosey Parker
Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

Offensive-Azure
Offensive-Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.

Scapy
Scapy

Powerful and interactive packet manipulation program and library.

Hawk
Hawk

Network, recon and offensive-security tool for Linux.

Onex
Onex

Hacking tools installer and package manager for hackers.

drek
drek

A static-code-analysis tool for performing security-focused code reviews.

Sub-Drill
Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services.

s3recon
s3recon

Amazon S3 bucket finder and crawler.

bucket_finder
bucket_finder

DigiNinja's bucket_finder utility.

detect-secrets
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

EarlyBird
EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

PwnFox
PwnFox

A Firefox/Burp Suite extension that provide usefull tools for your security audit.

autochrome
autochrome

A shiny new copy of Chromium that will bring colors in your hunt.

Mosca
Mosca

Manual search tool to find bugs like a grep unix command.

dnstwist_
dnstwist_

A tool to monitor for potential spear phishing domains and send to Slack.

hardCIDR
hardCIDR

Discover the netblocks or ranges (in CIDR notation) owned by the target organization.

CloudFrunt
CloudFrunt

A tool for identifying misconfigured CloudFront domains.

CloudJack
CloudJack

Route53/CloudFront Vulnerability assessment utility.

CloudMapper
CloudMapper

CloudMapper helps you analyze your Amazon Web Services environments.

Bucket Stream
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

Aranea
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

Can I Take Over DNS?
Can I Take Over DNS?

A list of DNS providers and how to claim (sub)domains via missing hosted zones.

Oculus
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

Nimbostratus
Nimbostratus

Tool for fingerprinting and exploiting Amazon cloud infrastructures.

Legitify
Legitify

Detect misconfigurations and security risks across GitHub and GitLab assets.

Agartha
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

WifiPass
WifiPass

A simple wireless networks penetration testing toolkit.

Up HTTP Server
Up HTTP Server

Simple HTTP listener for security testing.

Weaponised XSS Payloads
Weaponised XSS Payloads

XSS payloads designed to turn alert(1) into P1.

Apidor
Apidor

Tool for automating the search for IDOR vulnerabilities in web applications and APIs.

mssqlproxy
mssqlproxy

Perform lateral movement in restricted environments through a compromised MSSQL Server.

jok3r
jok3r

Network and Web Pentest Automation Framework.

DirBuster
DirBuster

Multi threaded application to brute force directories and files names on web/application servers.

Highlighter and Extractor
Highlighter and Extractor

Collect, categorize and highlight requests and/or responses according to their content.

Canvas
Canvas

Assessment tool that allows penetration testing and hostile attack simulations.

LiveTargetsFinder
LiveTargetsFinder

Generates lists of live hosts and URLs.

xssor2
xssor2

Hack with JavaScript.

ScoutSuite
ScoutSuite

Multi-cloud security auditing tool.

Medusa
Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer.

Legion
Legion

Aids in discovery, reconnaissance and exploitation of information systems.

windows-kernel-exploits
windows-kernel-exploits

A list of Windows kernel exploits.

Linux Exploit Suggester
Linux Exploit Suggester

Based on operating system release number.

bbscope
bbscope

Scope gathering tool for multiple Bug Bounty platforms.

go-dork
go-dork

The fastest dork scanner written in Go.

fprobe
fprobe

Take a list of domains/subdomains and probe for working http/https server.

AdvancedKeyHacks
AdvancedKeyHacks

API key/token exploitation made easy.

Subra
Subra

A Web-UI for subdomain enumeration.

crackerjack
crackerjack

Hashcat Web Interface.

LeakLooker-X
LeakLooker-X

Discover, browse and monitor database/source code leaks.

IntelSpy
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

CyberChef
CyberChef

A web app for encryption, encoding, compression and data analysis.

WES-NG
WES-NG

Windows Exploit Suggester - Next Generation.

Windows Exploit Suggester
Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

WinPwn
WinPwn

Automation for internal Windows pentest / AD-Security.

SharpImpersonation
SharpImpersonation

A User Impersonation tool - via Token or Shellcode injection.

ADRT
ADRT

Active Directory Report Tool.

s3reverse
s3reverse

The format of various S3 buckets is convert in one format.

Rekono
Rekono

Execute full pentesting processes combining multiple hacking tools automatically.

Nessus database export
Nessus database export

Export Nessus results to a relational database for use in reports, analysis, or whatever else.

grep.app
grep.app

Searches code from over a half million public repositories on GitHub.

Sourcegraph
Sourcegraph

Search millions of open source repositories.

DroneSploit
DroneSploit

Drone pentesting framework console.

Print-My-Shell
Print-My-Shell

Automate the process of generating various reverse shells.

Async DNS Brute
Async DNS Brute

DNS asynchronous brute force utility.

FridaAndroidTracer
FridaAndroidTracer

Android application tracer powered by Frida.

Firebase-Extractor
Firebase-Extractor

A tool written in python for scraping firebase data.

Runtime Mobile Security
Runtime Mobile Security

A powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.

padding-oracle-attacker
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

SweetPotato
SweetPotato

A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.

gwdomains
gwdomains

Sub domain wild card filtering tool.

pown.js
pown.js

Security testing and exploitation toolkit.

lk_scraper
lk_scraper

A fully configurable LinkedIn scraper: scrape anything within LinkedIn.

LazyHunter
LazyHunter

A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.

eLdap-Ldap-Search-and-Filter
eLdap-Ldap-Search-and-Filter

A tool that helps users searching and filtering queries in Ldap environment.

PCredz
PCredz

This tool extracts secrets from a pcap file or from a live interface.

qsinject
qsinject

Allows you to quickly substitute query string values with regex matches, one-at-a-time.

burp-exporter
burp-exporter

Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.

default-http-login-hunter
default-http-login-hunter

Login hunter of default credentials for administrative web interfaces.

haktldextract
haktldextract

Extract domains/subdomains from URLs en masse.

MagicRecon
MagicRecon

A powerful shell script to maximize the recon and data collection process.

exfilkit
exfilkit

Data exfiltration utility for testing detection capabilities.

SonarSearch
SonarSearch

A rapid API for the project Sonar dataset.

vhosts-sieve
vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

eos
eos

Enemies Of Symfony - debug mode Symfony looter.

Trishul
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

APKEnum
APKEnum

Passive enumeration utility For Android applications.

Nozaki
Nozaki

HTTP fuzzer engine security oriented.

pwncat
pwncat

Netcat on steroids with many extra features.

pivotnacci
pivotnacci

A tool to make socks connections through HTTP agents.

wifipumpkin3
wifipumpkin3

Powerful framework for rogue access point attack.

LiveOverflow
LiveOverflow

LiveOverflow YouTube channel.

The XSS rat
The XSS rat

The XSS rat YouTube channel.

SharpHose
SharpHose

Asynchronous password spraying tool for Windows environments.

Awesome BugBounty Writeups
Awesome BugBounty Writeups

A curated list of bugbounty writeups (Bug type wise).

Bug Bounty Reference
Bug Bounty Reference

A list of Bug Bounty writeups that is categorized by the bug nature.

Awesome Bug Bounty
Awesome Bug Bounty

A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.

Transformations
Transformations

Understand how input is transformed on a system, which can help to craft payloads.

differer
differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

Slack Watchman
Slack Watchman

Monitoring your Slack workspaces for sensitive informations.

NSDetect
NSDetect

Utility to detect AWS NS Takeover.

nmap-query-xml
nmap-query-xml

A simple program to query nmap XML files in the terminal.

Yet Another Sniffer
Yet Another Sniffer

A network analyzer that make easy to extract informations about network traffic.

GrayhatWarfare
GrayhatWarfare

Search for buckets and URL shorteners.

ATOR
ATOR

Authentication Token Obtain and Replace Extender.

apkurlgrep
apkurlgrep

Extract endpoints from APK files.

open-sesame
open-sesame

Contains HackerOne disclosed reports and other bug bounty writeups.

rate-limit-checker
rate-limit-checker

Check whether the domain has a rate limit enabled.

Words Scraper
Words Scraper

Selenium based web scraper to generate passwords list.

Wayback Machine
Wayback Machine

Explore more than 778 billion web pages saved over time.

Certificate Search
Certificate Search

Get informations about SSL certificates.

SecurityTrails
SecurityTrails

Data for Security companies, researchers and teams.

PortBender
PortBender

A TCP port redirection utility that allows inbound traffic redirection.

AllAboutBugBounty
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

DotGit
DotGit

An extension for checking if .git is exposed in visited websites.

windapsearch
windapsearch

Enumerate users, groups and computers from a Windows domain through LDAP queries.

Demiguise
Demiguise

HTA encryption tool for Red Teams.

Covenant
Covenant

Collaborative C2 framework for red teamers.

EDD
EDD

Ultimate domain enumeration tool.

Rubeus
Rubeus

Rubeus is a toolkit for Kerberos interaction and abuses.

WeirdAAL
WeirdAAL

AWS Attack Library.

safecopy
safecopy

Burp Extension for copying requests safely.

localdataHog
localdataHog

String-based secret-searching tool, high entropy and regexes.

linWinPwn
linWinPwn

Automates a number of Active Directory enumeration and vulnerability.

malicious-pdf
malicious-pdf

Generates a bunch of malicious pdf files with phone-home functionality.

Coercer
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

git-wild-hunt
git-wild-hunt

A tool to hunt for credentials in GitHub wild AKA git*hunt.

cstc
cstc

Burp Suite extension that allows request/response modification using a GUI.

Shotlooter
Shotlooter

Find sensitive data inside the screenshots uploaded to prnt.sc.

websy
websy

Keep an eye on your targets to get quickly notified for any change they push on their server.

JWTweak
JWTweak

Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.

gitscraper
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

H1 Report Finder
H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

SQLRecon
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

userefuzz
userefuzz

User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.

rush
rush

A cross-platform command-line tool for executing jobs in parallel.

Interlace
Interlace

Turn single threaded command line applications into a fast, multi-threaded application.

DependencyCheck
DependencyCheck

Utility that detects publicly disclosed vulnerabilities in application dependencies.

GoAltdns
GoAltdns

A permutation generation tool written in golang.

CertCrunchy
CertCrunchy

Uses data from SSL Certificates to find potential host names.

AutoSploit
AutoSploit

Automated Mass Exploiter.

GSAN
GSAN

Extract subdomains from SSL certificates in HTTPS sites.

TheftFuzzer
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

Cr3dOv3r
Cr3dOv3r

Know the dangers of credential reuse attacks.

Request Highlighter
Request Highlighter

Burp Suite extension that automatically highlights different HTTP requests.

pyBuster
pyBuster

A multi-target URL bruteforcer.

Hamburglar
Hamburglar

Collect useful information from urls, directories, and files.

airbash
airbash

Fully automated WPA PSK PMKID and handshake capture script.

Raccoon
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

PEASS-ng
PEASS-ng

Privilege Escalation Awesome Scripts SUITE.

RsaCtfTool
RsaCtfTool

RSA multi-attacks tool: uncypher data from a weak public key and try to recover a private key.

Angry IP Scanner
Angry IP Scanner

Fast and simple-to-use open-source/cross-platform network scanner.

Keyfinder
Keyfinder

Find and analyze private/public key files and Android APK files.

BeRoot
BeRoot

Multiplaform privilege escalation project.

dirhunt
dirhunt

Find web directories without bruteforce.

Photon
Photon

Incredibly fast crawler designed for OSINT.

cc.py
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

Hawkeye
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

curate
curate

A tool for fetching archived URLs.

BurpSuiteHTTPSmuggler
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

StaCoAn
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Sniff-Paste
Sniff-Paste

Pastebin OSINT harvester.

barq
barq

The AWS Cloud Post Exploitation framework!

domain_hunter
domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

evil SSDP
evil SSDP

Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.

Burp NTLM Challenge Decoder
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

h1-search
h1-search

Request the public disclosures on a specific HackerOne program.

RouterSploit
RouterSploit

Exploitation framework for embedded devices.

msldap
msldap

LDAP library for auditing Microsoft Active Directory.

ssh-audit
ssh-audit

SSH server auditing: banner, key exchange, encryption, compatibility, security...

TLD Scanner
TLD Scanner

Scan all possible TLD's for a given domain name.

House
House

A runtime mobile application analysis toolkit with a Web GUI.

ADAPE Script
ADAPE Script

Active Directory assessment and privilege escalation script.

LinEnum
LinEnum

Scripted Local Linux Enumeration & Privilege Escalation Checks.

IDontSpeakSSL
IDontSpeakSSL

Simple tool to scan large scope and provide SSL/TLS vulnerabilities.

Yoga
Yoga

Your OSINT Graphical Analyzer.

Mass3
Mass3

Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.

leakScraper
leakScraper

Set of tools to process and visualize huge text files containing credentials.

JSgen
JSgen

Generate javascript code to be injected in case you find a Server Side Javascript Injection.

Domain Analyzer
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

Web Crawler Security Tool
Web Crawler Security Tool

A web crawler oriented to infosec.

archaeologit
archaeologit

Scans the history of GitHub repositories to find sensitive things.

WhatsMyName
WhatsMyName

Enumerate usernames across many websites.

Namechk
Namechk

Check usernames on more than 100 websites, forums and social networks.

Hash Buster
Hash Buster

Crack hashes in seconds.

GyoiThon
GyoiThon

Growing penetration test tool using Machine Learning.

Freddy Deserialization Bug Finder
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

OWASP
OWASP

A nonprofit foundation that works to improve the security of software.

FireShodanMap
FireShodanMap

Realtime map that integrates Firebase, Google Maps and Shodan.

CTFR
CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Injectify
Injectify

Perform advanced MiTM attacks on websites with ease.

PentesterLand
PentesterLand

Sharing knowledge that makes your life as bug hunters and pentesters easier.

GitFive
GitFive

An OSINT tool to investigate GitHub profiles.

ChopChop
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

Scout
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

Kadimus
Kadimus

Check for and exploit LFI vulnerabilities with a focus on PHP systems.

Fingerprinter
Fingerprinter

CMS/LMS/Library etc Versions Fingerprinter.

Acunetix
Acunetix

Quickly find and fix the vulnerabilities that put your web applications at risk of attack.

0d1n
0d1n

Tool for automating customized attacks against web applications.

ExifTool
ExifTool

ExifTool meta information reader/writer.

SSH PuTTY login bruteforcer
SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

SMBploit
SMBploit

Offensive tool to scan & exploit vulnerabilities in Windows over SMB using Metasploit.

SiteBroker
SiteBroker

Utility for information gathering and penetration testing automation.

AttackSurfaceMapper
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

AutoRecon
AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

FOCA
FOCA

Tool to find metadata and hidden information in the documents.

Maigret
Maigret

Collect a dossier on a person by username from thousands of sites.

Have i been pwned?
Have i been pwned?

Check if your email or phone is in a data breach.

OpenVAS
OpenVAS

This repository contains the scanner component for Greenbone Community Edition.

RevShells
RevShells

Hosted Reverse Shell generator with a ton of functionality.

ADReaper
ADReaper

Enumerate an Active Directory environment with LDAP queries.

ADenum
ADenum

Find misconfiguration through LDAP to exploit weaknesses with Kerberos.

SubDomainizer
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

ASNLookup
ASNLookup

Leverage ASN to look up IP addresses owned by a specific organization.

espionage
espionage

Collects informations related to domains whois, history, dns records and more.

AWS Extender CLI
AWS Extender CLI

Command-line script to test cloud storage for common misconfiguration issues.

Smogcloud
Smogcloud

Find cloud assets that no one wants exposed.

Pacu
Pacu

The exploitation framework designed for testing the security of AWS environments.

findsecuritycontacts.com
findsecuritycontacts.com

Scans the top 500 sites daily for their security.txt file or DNS records.

DefaultPassword
DefaultPassword

Default passwords database sorted by manufacturers.

Bugcrowd VRT
Bugcrowd VRT

Bugcrowd’s baseline priority ratings for common security vulnerabilities.

Hacker101
Hacker101

A free class for web security.

GraphQL Threat Matrix
GraphQL Threat Matrix

Threat framework to research security gaps in GraphQL implementations.

Exploitalert
Exploitalert

Exploits found on the INTERNET.

ctf-tools
ctf-tools

Some setup scripts for security research tools.

The Exploit Database
The Exploit Database

Archive of public exploits and corresponding vulnerable software.

Spoofy
Spoofy

Checks if a list of domains can be spoofed based on SPF and DMARC records.

SqlmapDnsCollaborator
SqlmapDnsCollaborator

Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.

bypasswaf
bypasswaf

Add headers to all Burp requests to bypass some WAF products.

AWS security checks
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

BurpSmartBuster
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

Java Deserialization Scanner
Java Deserialization Scanner

All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.

Cross-site scripting cheat sheet
Cross-site scripting cheat sheet

PortSwigger XSS cheat sheet that contains many vectors that can help you bypass WAFs and filters.

Bug Bounty Guide
Bug Bounty Guide

Launchpad for bug bounty programs and bug bounty hunters.

SprayCannon
SprayCannon

Fast multithreaded password spraying tool with backend database.

burp-vulners-scanner
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Auth Analyzer
Auth Analyzer

The Burp extension helps you to find authorization bugs.

AuthMatrix
AuthMatrix

Provides a simple way to test authorization in web applications and web services.

OpenAPI
OpenAPI

Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.

Simple Basic Malware Scanner
Simple Basic Malware Scanner

Simple Malware Scanner based on file hash scan.

STĂ–K Fredrik
STĂ–K Fredrik

STĂ–K Fredrik YouTube channel.

NahamSec
NahamSec

NahamSec Twitch channel.

BugBountyHunter
BugBountyHunter

Helping you become a BugBountyHunter.

PentesterLab
PentesterLab

Learn Web Penetration Testing: The Right Way.

Betterscan
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

mitmproxy
mitmproxy

An interactive TLS-capable intercepting HTTP proxy.

Certificate Ripper
Certificate Ripper

A CLI tool to extract server certificates.

Hackingtool
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

Burp Extender API
Burp Extender API

Burp Extender API.

Burp WP
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

sqlipy
sqlipy

Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

HTTPoxy Scanner
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Stepper
Stepper

A natural evolution of Burp Suite's Repeater tool.

JWT4B
JWT4B

JWT Support for Burp Suite.

Dastardly Scan Action
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

Replicator
Replicator

Burp Suite extension to help developers replicate findings from pentests.

scan-check-builder
scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Distribute Damage
Distribute Damage

Evenly distributes scanner load across targets.

J2EEScan
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

Hackvertor
Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

Collaborator Everywhere
Collaborator Everywhere

Burp Suite extension which injects non-invasive headers to reveal backend systems.

HTTP Request Smuggler
HTTP Request Smuggler

Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.

Hackability
Hackability

Probe a rendering engine for vulnerabilities and other features.

PortSwigger Cross-Site Scripting cheatsheet data
PortSwigger Cross-Site Scripting cheatsheet data

All the XSS cheatsheet data to allow contributions from the community.

UploadScanner
UploadScanner

HTTP file upload scanner for Burp Proxy.

Autowasp
Autowasp

A one-stop pentesting checklist and logger tool.

OAUTHScan
OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security.

IPRotate
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

JOSEPH
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

Shelling
Shelling

A comprehensive OS command injection payload generator.

authz
authz

Burp Suite plugin to test for authorization flaws.

SecLists
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

BurpBeautifier
BurpBeautifier

Burpsuite extension for beautifying request/response body.

Logger++
Logger++

Log activities of all the tools in Burp Suite.

WSDL Wizard
WSDL Wizard

Burp Suite plugin to detect current and discover new WSDL files.

Headless Burp
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

BurpSentinel
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

AutoRepeater
AutoRepeater

Automated HTTP request repeating with Burp Suite.

Flow
Flow

Provides view with filtering capabilities for all requests from all Burp Suite tools.

ActiveScan++
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

OneForAll
OneForAll

A powerful subdomain integration tool.

EMBA
EMBA

The security analyzer for firmware of embedded devices.

csprecon
csprecon

Discover new target domains using Content Security Policy.

XFFenum
XFFenum

X-Forwarded-For [403 forbidden] enumeration.

bounty-targets-data
bounty-targets-data

Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.

Payloads All The Things
Payloads All The Things

A list of useful payloads and bypass for Web Application Security.

bountyplz
bountyplz

Automated security reporting from markdown templates.

JSONBee
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

cariddi
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

Eagle
Eagle

Vulnerability scanner for mass detection of web-based applications vulnerabilities.

backslash-powered-scanner
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

BlackWidow
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

SearchSploit
SearchSploit

Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.

Findsploit
Findsploit

Find exploits in local and online databases instantly.

flan
flan

A pretty sweet vulnerability scanner.

getsploit
getsploit

Command line utility for searching and downloading exploits.

Arachni
Arachni

Web Application Security Scanner Framework.

takeover
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

Second Order
Second Order

Second-order subdomain takeover scanner.

HostileSubBruteforcer
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

tko-subs
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

subHijack
subHijack

Hijacking forgotten & misconfigured subdomains.

cnames
cnames

Take a list of resolved subdomains and output any corresponding CNAMES en masse.

Can I take over XYZ?
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

NSBrute
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

autoSubTakeover
autoSubTakeover

A tool used to check if a CNAME resolves to the scope address.

SubOver
SubOver

A Powerful Subdomain Takeover Tool.

postMessage-tracker
postMessage-tracker

A Chrome Extension to track postMessage usage (url, domain and stack).

PostMessage_Fuzz_Tool
PostMessage_Fuzz_Tool

A PostMessage fuzzing extension for Chrome.

S3Scanner
S3Scanner

Scan for open S3 buckets and dump the contents.

AWSBucketDump
AWSBucketDump

Security Tool to Look For Interesting Files in S3 Buckets.

S3Viewer
S3Viewer

Publicly open storage viewer.

FestIN
FestIN

The powered S3 bucket finder and content discover.

mass-s3-bucket-tester
mass-s3-bucket-tester

Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.

S3BucketList
S3BucketList

Firefox plugin that lists Amazon S3 Buckets found in requests.

dirlstr
dirlstr

Finds Directory Listings or open S3 buckets from a list of URLs.

Burp-AnonymousCloud
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

kicks3
kicks3

S3 bucket finder from html,js and bucket misconfiguration testing tool.

2tearsinabucket
2tearsinabucket

Enumerate s3 buckets for a specific target.

S3 Objects Check
S3 Objects Check

Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.

s3tk
s3tk

A security toolkit for Amazon S3.

CloudBrute
CloudBrute

Awesome cloud enumerator.

s3cario
s3cario

Performs buckets checks from a given list of subdomains.

S3Cruze
S3Cruze

All-in-one AWS S3 bucket tool.

Sandcastle
Sandcastle

A Python script for AWS S3 bucket enumeration.

WPSpider
WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.

WPRecon
WPRecon

Tool for the recognition of vulnerabilities and blackbox information for Wordpress.

pyfiscan
pyfiscan

Free web-application vulnerability and version scanner.

JWT cracker
JWT cracker

JWT brute force cracker written in C.

jwt-heartbreaker
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

jwtear
jwtear

Modular command-line tool to parse, create and manipulate JWT tokens.

JWT Key ID Injector
JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

jwt-hack
jwt-hack

JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.

Faraday security
Faraday security

Open source sulnerability management and orchestration platform.

Prowler
Prowler

Open Source Security tool to perform Cloud Security best practices

git-vuln-finder
git-vuln-finder

Find potential software vulnerabilities from git commit messages.

Default Credentials Cheat Sheet
Default Credentials Cheat Sheet

One place for all the default credentials to assist on finding devices with default password.

changeme
changeme

A default credential scanner.

BruteX
BruteX

Automatically brute force all services running on a target.

git-all-secrets
git-all-secrets

Capture all the git secrets by leveraging multiple open source git searching tools.

GitGot
GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

Gitrob
Gitrob

Reconnaissance tool for GitHub organizations.

GitMiner
GitMiner

Tool for advanced mining for content on Github.

Rusty Hog
Rusty Hog

A suite of secret scanners built in Rust for performance.

Whispers
Whispers

Identify hardcoded secrets in static structured text.

Yet Another Robber
Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

dufflebag
dufflebag

Search exposed EBS volumes for secrets.

secret-bridge
secret-bridge

Monitors Github for leaked secrets.

GitTools
GitTools

A repository with 3 tools for pwn'ing websites with .git repositories available.

gitjacker
gitjacker

Leak git repositories from misconfigured websites.

GitHunter
GitHunter

A tool for searching a Git repository for interesting content.

dvcs-ripper
dvcs-ripper

Rip web accessible version control systems: svn, git...

lnkbomb
lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

MSDorkDump
MSDorkDump

Google Dork File Finder.

MSDNSScan
MSDNSScan

Identify DNS records, check for zone transfers and conduct subdomain enumeration.

Oh365UserFinder
Oh365UserFinder

O365 user enumeration and password spraying tool.

xxeserv
xxeserv

A mini webserver with FTP support for XXE payloads.

vaya-ciego-nen
vaya-ciego-nen

Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

DOM based XSS finder
DOM based XSS finder

Chrome extension that finds DOM based XSS vulnerabilities.

xss2png
xss2png

PNG IDAT chunks XSS payload generator.

XSSwagger
XSSwagger

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.

Shadow Workers
Shadow Workers

C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.

rexsser
rexsser

Burp Suite plugin that extracts keywords from response using and test for reflected XSS.

Xss-Sql-Fuzz
Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

XSS'OR
XSS'OR

Hack with JavaScript.

xsscrapy
xsscrapy

Fast, thorough, XSS/SQLi spider.

Sleepy Puppy
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

ezXSS
ezXSS

An easy way for penetration testers and bug bounty hunters to test (blind) XSS.

XSS Hunter Express
XSS Hunter Express

The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.

XSSer
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

XSpear
XSpear

Powerfull XSS Scanning and Parameter analysis tool&gem.

Tracy
Tracy

Assists with finding all sinks and sources of a webapp and display the results in a nice way.

xssValidator
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

JSShell
JSShell

An interactive multi-user web JS shell.

bXSS
bXSS

bXSS is a utility which can be used identify Blind Cross-Site Scripting.

XSS Radar
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

BruteXSS
BruteXSS

Tool written in Python simply to find XSS vulnerabilities in web application.

DOMDig
DOMDig

DOM XSS scanner for Single Page Applications.

Femida
Femida

Automated blind-xss search for Burp Suite.

DOM XSS Scanner
DOM XSS Scanner

A tool to scan source code for DOM based XSS vulnerabilities.

Extended XSS Searcher and Finder
Extended XSS Searcher and Finder

Scans for different types of XSS on a list of urls.

XSSMap
XSSMap

Detect XSS vulnerability in Web Applications.

XSSCon
XSSCon

Simple XSS Scanner tool.

BitBlinder
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

See-SURF
See-SURF

Detect Vulnerable SSRF parameters.

metahttp
metahttp

Script that automates the scanning of a target network for HTTP resources through XXE.

oxml_xxe
oxml_xxe

Embeds XXE/XML exploits into different filetypes.

XXEinjector
XXEinjector

Exploitation of XXE vulnerability using direct and different out of band methods.

XXExploiter
XXExploiter

Tool to help exploit XXE vulnerabilities.

XXE-FTP
XXE-FTP

A mini webserver with FTP support for XXE payloads.

docem
docem

Utility to embed XXE and XSS payloads in docx, odt, pptx...

DTD Finder
DTD Finder

List DTDs and generate XXE payloads using those local DTDs.

Ground control
Ground control

A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

LFI-Enum
LFI-Enum

Scripts to execute enumeration via LFI

NoSQL Injector
NoSQL Injector

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

SQLiv
SQLiv

Massive SQL injection vulnerability scanner.

andor
andor

Blind SQL Injection Tool with Golang.

SQLTruncSanner
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Burp-to-SQLMap
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

MSSQLi-DUET
MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

Evil SQL Client
Evil SQL Client

Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.

waybackSqliScanner
waybackSqliScanner

Gather urls from wayback machine and test each GET parameter for SQL injection.

SQLi-Hunter
SQLi-Hunter

Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

SleuthQL
SleuthQL

Burp History parsing tool to discover potential SQL injection points.

SQLiScanner
SQLiScanner

Automatic SQL injection with Charles and sqlmap API.

lorsrf
lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.

sentrySSRF
sentrySSRF

Searching for Sentry config on page or in Javascript files and check blind SSRF.

grafana-ssrf
grafana-ssrf

Authenticated SSRF in Grafana.

SSRF Detector
SSRF Detector

Server-side request forgery detector.

gaussrf
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

Extended SSRF search
Extended SSRF search

Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.

B-XSSRF
B-XSSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF.

SSRF Sheriff
SSRF Sheriff

A simple SSRF-testing sheriff written in Go.

httprebind
httprebind

Automatic tool for DNS rebinding-based SSRF attacks.

SSRFire
SSRFire

An automated SSRF finder. Just give the domain name and your server and chill!

Gopherus
Gopherus

Generates gopher link for exploiting SSRF and gaining RCE in various servers.

SSRFmap
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

graphql-path-enum
graphql-path-enum

Lists the different ways of reaching a given type in a GraphQL schema.

h2cSmuggler
h2cSmuggler

HTTP Request Smuggling over HTTP/2 Cleartext.

Smuggler
Smuggler

An HTTP Request Smuggling / Desync testing tool.

Race The Web
Race The Web

Tests for race conditions in web applications.

Turbo Intruder
Turbo Intruder

Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Requests-Racer
Requests-Racer

Exploit race conditions in web apps with Requests.

RacePWN
RacePWN

Race Condition framework.

dom-red
dom-red

Small script to check a list of domains against open redirect vulnerability.

Oralyzer
Oralyzer

Open Redirection Analyzer.

Autorize
Autorize

Automatic authorization enforcement detection extension for Burp Suite.

PHPGGC
PHPGGC

PHP unserialize() payloads along with a tool to generate them.

ysoserial.net
ysoserial.net

Deserialization payload generator for a variety of .NET formatters.

GadgetProbe
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

ysoserial
ysoserial

Generates payloads that exploit unsafe Java object deserialization.

headi
headi

Customisable and automated HTTP header injection.

clairvoyance
clairvoyance

Obtain GraphQL API Schema even if the introspection is not enabled.

GraphQL Beautifier
GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

ShapeShifter
ShapeShifter

GraphQL security testing tool.

GraphQLmap
GraphQLmap

Scripting engine to interact with a graphql endpoint for pentesting purposes.

InQL
InQL

Burp Extension for GraphQL Security Testing.

Liffy
Liffy

Local file inclusion exploitation tool.

ScrapeIn
ScrapeIn

Harvest employee email addresses from a specific company through LinkedIn.

BurpBounty
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

IntruderPayloads
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

param-miner
param-miner

Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.

BurpJSLinkFinder
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

DirSearch
DirSearch

A Go implementation of dirsearch.

ScanCannon
ScanCannon

Combines the speed of masscan with the reliability and detailed enumeration of nmap.

sub-domain enumeration techniques
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

DotDotPwn
DotDotPwn

The Directory Traversal Fuzzer.

XSRFProbe
XSRFProbe

The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.

Injectus
Injectus

CRLF and open redirect fuzzer.

CRLF-Injection-Scanner
CRLF-Injection-Scanner

Command line tool for testing CRLF injection on a list of domains.

CRLFsuite
CRLFsuite

The most powerful CRLF injection scanner.

CorsMe
CorsMe

CORS misconfiguration scanner tool with speed and precision in mind!

CORS Scanner
CORS Scanner

A multi-threaded scanner that helps identify CORS flaws/misconfigurations.

CORStest
CORStest

A simple CORS misconfiguration scanner.

Corsy
Corsy

CORS Misconfiguration Scanner.

vaf
vaf

Cross-platform very advanced and fast web fuzzer written in nim.

Fuzzapi
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

FuzzDB
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

ParamPamPam
ParamPamPam

This tool for brute discover GET and POST parameters.

parameth
parameth

Brute discover GET and POST parameters.

linx
linx

Reveals invisible links within JavaScript files.

getJS
getJS

A tool to fastly get all javascript sources/files.

urlgrab
urlgrab

A golang utility to spider through a website searching for additional links.

GoLinkFinder
GoLinkFinder

A fast and minimal JS endpoint extractor.

JS-Scan
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

crawley
crawley

The unix-way web crawler.

Dirstalk
Dirstalk

Multi threaded application designed to brute force paths on web servers.

Filebuster
Filebuster

An extremely fast and flexible web fuzzer.

RecurseBuster
RecurseBuster

Rapid content discovery tool for recursively querying webservers.

fingerprintx
fingerprintx

Standalone utility for service discovery on open ports!

Retire.js
Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

webanalyze
webanalyze

Uncovers technologies used on websites to automate mass scanning.

Wappalyzer
Wappalyzer

Identify technologies on websites.

httpscreenshot
httpscreenshot

Grabs screenshots and HTML of large numbers of websites.

Depix
Depix

Recovers passwords from pixelized screenshots.

Scrying
Scrying

Collects RDP, web and VNC screenshots all in one place.

Eyeballer
Eyeballer

Convolutional neural network for analyzing pentest screenshots.

WitnessMe
WitnessMe

Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.

Screenshoteer
Screenshoteer

Makes web screenshots and mobile emulations from the command line.

GHunt
GHunt

Offensive Google framework.

GoCloud
GoCloud

Checks whether a domain is hosted on a cloud service.

GAP
GAP

A Burp Suite extension to find potential endpoints and parameters.

Sub3 Suite
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

Scilla
Scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.

crtndtry
crtndtry

Yet another subdomain finder.

brutesubs
brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

Substr3am
Substr3am

Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.

As3nt
As3nt

Another Subdomain ENumeration Tool.

TugaRecon
TugaRecon

Subdomains enumeration tool for penetration testers.

Censys Enumeration
Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Turbolist3r
Turbolist3r

Subdomain enumeration tool with analysis features for discovered domains.

Censys subdomain finder
Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

domained
domained

Multi Tool Subdomain Enumeration.

DNSRecon
DNSRecon

DNS Enumeration Script.

RainbowCrack
RainbowCrack

It crack hashes with rainbow tables.

Maryam
Maryam

Open-source Intelligence Framework.

jSQL Injection
jSQL Injection

Java application for automatic SQL database injection.

dnsenum
dnsenum

Enumerates DNS information of a domain and to discover non-contiguous ip blocks.

wafw00f
wafw00f

Identify and fingerprint Web Application Firewall products protecting a website.

SSLyze
SSLyze

Fast and powerful SSL/TLS scanning library.

sslscan
sslscan

Tests SSL/TLS enabled services to discover supported cipher suites.

The Social-Engineer Toolkit
The Social-Engineer Toolkit

Open-source penetration testing framework designed for social engineering.

Fierce
Fierce

A DNS reconnaissance tool for locating non-contiguous IP space.

skipfish
skipfish

Active web application security reconnaissance tool.

Wireshark
Wireshark

Network sniffer that captures and analyzes packets off the wire.

CeWL
CeWL

Custom Word List Generator.

Sherlock
Sherlock

Hunt down social media accounts by username across social networks.

aircrack-ng
aircrack-ng

Complete suite of tools to assess WiFi network security.

wifite
wifite

Runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!

Maltego
Maltego

Open source intelligence and forensics application.

bettercap
bettercap

The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

BeEF
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

crunch
crunch

Wordlist generator where you can specify a character set or any set of characters to be used.

steghide
steghide

Steganography program that hides secrets in the least significant bits of a file.

fcrackzip
fcrackzip

Zip password cracker.

Recon-ng
Recon-ng

OSINT tool aimed at reducing the time spent harvesting information from open sources.

Metagoofil
Metagoofil

Search Google and download specific file types.

Reaver
Reaver

Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.

CloudScraper
CloudScraper

Tool to enumerate targets in search of cloud resources.

CRLFMap
CRLFMap

CRLFMap is a tool to find HTTP Splitting vulnerabilities.

FinDOM-XSS
FinDOM-XSS

A fast DOM based XSS vulnerability scanner with simplicity.

http-request-smuggling
http-request-smuggling

HTTP Request Smuggling Detection Tool.

FDsploit
FDsploit

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

kxss
kxss

Adaption of tomnomnom's kxss tool with a different output format.

OpenRedireX
OpenRedireX

A Fuzzer for OpenRedirect issues.

uro
uro

Declutters url lists for crawling/pentesting.

fuzzagotchi
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

mx-takeover
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

Crawlergo
Crawlergo

A powerful browser crawler for web vulnerability scanners

DataExtractor
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

graphw00f
graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

reconFTW
reconFTW

Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.

sns
sns

IIS shortname scanner written in Go.

Nginxpwner
Nginxpwner

Simple tool to look for common Nginx misconfigurations and vulnerabilities.

Sudomy
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

dnsReaper
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

SecretMagpie
SecretMagpie

Secret Detection Tool.

gowitness
gowitness

A golang, web screenshot utility using Chrome Headless.

4-ZERO-3
4-ZERO-3

403/401 Bypass Methods.

smap
smap

A drop-in replacement for Nmap powered by shodan.io.

Arjun
Arjun

HTTP parameter discovery suite.

gospider
gospider

Fast web spider written in Go.

DNSTake
DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

CRLFuzz
CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

crithit
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

cloud_enum
cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Nmap
Nmap

The network mapper.

VHostScan
VHostScan

Virtual host scanner that performs reverse lookups.

RustScan
RustScan

The Modern Port Scanner. Fast, smart, effective.

Rengine
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

GET-ACQ
GET-ACQ

Gather all companies acquired by a given company domain name.

mksub
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds.

BFAC
BFAC

Check for backup artifacts that may disclose the web-application's source code.

qsreplace
qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value.

ParamSpider
ParamSpider

Mining parameters from dark corners of Web Archives.

gf
gf

A wrapper around grep to avoid typing common patterns.

cook
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

Metasploit
Metasploit

The world’s most used penetration testing framework.

Th3inspector
Th3inspector

All in one tool for Information Gathering.

theHarvester
theHarvester

E-mails, subdomains and names Harvester.

Venom
Venom

Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.

w3af
w3af

Web Application Attack and Audit Framework.

Gobuster
Gobuster

Directory/File, DNS and VHost busting tool written in Go.

John The Ripper
John The Ripper

Password cracker tool.

Hydra
Hydra

Very fast password cracking tool.

Patator
Patator

Multi-purpose brute-forcer, with a modular design and a flexible usage.

puredns
puredns

Puredns is a fast domain resolver & subdomain bruteforcing tool.

github-subdomains
github-subdomains

Find subdomains on GitHub.

Hashcat
Hashcat

World's fastest and most advanced password recovery utility

Feroxbuster
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

spaces-finder
spaces-finder

A tool to hunt for publicly accessible DigitalOcean Spaces.

tplmap
tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

Ghauri
Ghauri

Automates the process of detecting and exploiting SQL injection security flaws.

gotator
gotator

Generates DNS wordlists through permutations.

Slurp
Slurp

A blazing fast & feature rich Amazon S3 bucket enumerator.

JWT Tool
JWT Tool

A toolkit for testing, tweaking and cracking JSON Web Tokens.

Osmedeus
Osmedeus

A Workflow Engine for Offensive Security

Waymore
Waymore

Find way more from the Wayback Machine!

Knoxnl
Knoxnl

This is a python wrapper around the amazing KNOXSS.

Jaeles
Jaeles

The Swiss Army knife for automated Web Application Testing

xnLinkFinder
xnLinkFinder

A python tool used to discover endpoints and potential parameters for a given target.

SQLninja
SQLninja

Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.

NoSQLMap
NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.

SSRFTest
SSRFTest

SSRF testing tool.

SpiderFoot
SpiderFoot

Automates OSINT for threat intelligence and mapping your attack surface.

Nikto
Nikto

Nikto web server scanner.

Wapiti
Wapiti

The web-application vulnerability scanner.

recollapse
recollapse

Helper tool for black-box regex fuzzing to bypass validations.

Cloudfox
Cloudfox

Automating situational awareness for cloud penetration tests.

X8
X8

Hidden parameters discovery suite.

ReconNess
ReconNess

Continuous recon and pipeline tools setup.

sqlmap
sqlmap

Automatic SQL injection and database takeover tool.

Sn1per
Sn1per

Attack Surface Management Platform.

qsfuzz
qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

gitpillage
gitpillage

Extract data from a .git directory.

favicon-hashtrick
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

cloudflare-origin-ip
cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

graphql-introspection-analyzer
graphql-introspection-analyzer

Graphql introspection query analyzer.

extract-endpoints
extract-endpoints

Extract endpoints from source files.

s3-buckets-finder
s3-buckets-finder

Find AWS S3 buckets and test their permissions.

Altdns
Altdns

Generates permutations, alterations and mutations of subdomains and then resolves them.

Sublert
Sublert

Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

dnscan
dnscan

Python wordlist-based DNS subdomain scanner.

Dirb
Dirb

Web Fuzzer.

WhatWeb
WhatWeb

Next generation web scanner.

Wfuzz
Wfuzz

Web application fuzzer.

dnsgen
dnsgen

Generates combination of domain names from the provided input.

Masscan
Masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

commit-stream
commit-stream

OSINT tool for finding Github repositories by extracting commit logs in real time.

shhgit
shhgit

Secrets detection for your GitHub, GitLab and Bitbucket repositories.

gitGraber
gitGraber

Monitor GitHub to search and find sensitive data in real time.

Subjack
Subjack

Subdomain Takeover tool written in Go.

EyeWitness
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

Zed Attack Proxy
Zed Attack Proxy

The world's most widely used web app scanner.

httprobe
httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

unfurl
unfurl

An Entropy-Based Link Vulnerability Tool.

webscreenshot
webscreenshot

A simple script to screenshot a list of websites.

Virtual host scanner
Virtual host scanner

A script to enumerate virtual hosts on a server.

Teh S3 Bucketeers
Teh S3 Bucketeers

Security tool to discover S3 buckets on Amazon's AWS platform.

lazys3
lazys3

Ruby script to bruteforce for AWS s3 buckets using different permutations.

JSParser
JSParser

Python script to parse relative URLs from JavaScript files.

gau
gau

Fetch known URLs from several sources.

meg
meg

Fetch many paths for many hosts, without killing the hosts.

Findomain
Findomain

The complete solution for domain recognition.

KNOXSS
KNOXSS

Online XSS tool with demonstration of vulnerability.

subzuf
subzuf

A smart DNS response-guided subdomain fuzzer.

GRecon
GRecon

Run a Google based passive recon against your scope.

hakrevdns
hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

DumpsterDiver
DumpsterDiver

Tool to search secrets in various filetypes.

csp-analyzer
csp-analyzer

Analyze Content-Security-Policy header of a given URL.

Commix
Commix

Automated All-in-One OS Command Injection Exploitation Tool.

detectify-cves
detectify-cves

Find CVEs that don't have a Detectify modules.

xray
xray

Security assessment tool that supports common web security issue scanning and custom PoC.