A vast collection of security tools for bug bounty, pentest and red teaming
#endpoints





JSpector
Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

ffufPostprocessing
Golang tool which helps dropping the irrelevant entries from your ffuf result file.

jsfinder
Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.




differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters.




gitscraper
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.











Domain Analyzer
Analyze the security of any domain by finding all the information possible. Made in python.






BlackWidow
Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.


gaussrf
Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.





























EyeWitness
Take screenshots of websites, provide server header info and identify default credentials.










Hakrawler
Simple, fast web crawler designed for discovery of endpoints and assets within a web application.


