A vast collection of security tools for bug bounty, pentest and red teaming
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.
Small utility program to perform multiple operations for a given subnet/CIDR ranges.
Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Java Deserialization Scanner
All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.
Golang tool which helps dropping the irrelevant entries from your ffuf result file.
Creates a spoofed certificate of any online website and signs an executable for AV evasion.
Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute.
Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.
Free and open platform for threat hunting, enterprise security monitoring, and log management.
Enumerate Google Storage buckets, check the access and if they can be privilege escalated.
Targeted attacks against WPA2-Enterprise networks, wireless pivots using hostile portal attacks.
An automated dynamic testing solution that provides comprehensive vulnerability detection.
Open source Django offensive webapp which is keeping the best tools used in the redteaming.
UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.
A legitimate website that tunnels client/server communications for covert command execution.
Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.
Collection of Windows print spooler exploits and other utilities for practical exploitation.
Optimized Selenium Chromedriver patch which does not trigger anti-bot services.
Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.
Qualys Cloud Platform
The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.
A Git source leak exploit tool that restores the entire Git repository, including data from stash.
Command-line tool that finds secrets and sensitive information in textual data and Git history.
Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic.
Can I Take Over DNS?
A list of DNS providers and how to claim (sub)domains via missing hosted zones.
OSINT tool used to discover environments, directories, and subdomains of a particular domain.
Multi threaded application to brute force directories and files names on web/application servers.
Highlighter and Extractor
Collect, categorize and highlight requests and/or responses according to their content.
Windows Exploit Suggester
Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.
Execute padding oracle attacks with support for concurrent network requests and an elegant UI.
Runtime Mobile Security
A powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
Nessus database export
Export Nessus results to a relational database for use in reports, analysis, or whatever else.
A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.
Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.
A tool that helps users searching and filtering queries in Ldap environment.
Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.
Yet Another Sniffer
A network analyzer that make easy to extract informations about network traffic.
differer finds how URLs are parsed by different languages in order to help bug hunters break filters.