#endpoints

httpx on offsec.tools
Sponsor
httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

katana on offsec.tools
Sponsor
katana

A next-generation crawling and spidering framework.

gf on offsec.tools
Featured
gf

A wrapper around grep to avoid typing common patterns.

jsluice on offsec.tools
jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

BackupKiller on offsec.tools
BackupKiller

Generate wordlist based on the URLs to check for backup, installation, etc files.

wordlistgen on offsec.tools
wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths.

xurlfind3r on offsec.tools
xurlfind3r

A cli utility to find domain's known URLs from curated passive online sources.

APKLeaks on offsec.tools
APKLeaks

Scanning APK file for URIs, endpoints & secrets.

subjs on offsec.tools
subjs

Fetches javascript file from a list of URLS or subdomains.

kiterunner on offsec.tools
kiterunner

Contextual content discovery tool.

socialhunter on offsec.tools
socialhunter

Crawls the website and finds broken social media links that can be hijacked

Haylxon on offsec.tools
Haylxon

Blazing-fast tool to grab screenshots of your domain list right from terminal.

hakfindinternaldomains on offsec.tools
hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal.

The Time Machine on offsec.tools
The Time Machine

Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.

hrekt on offsec.tools
hrekt

A really fast HTTP prober.

wildcrawl on offsec.tools
wildcrawl

Crawls URL to get a better image of what is tied to a website.

swagroutes on offsec.tools
swagroutes

Extract and list API routes from Swagger files in YAML/JSON format.

endext on offsec.tools
endext

A tool for extracting all the possible endpoints from the JS files.

trurl on offsec.tools
trurl

Command line tool for URL parsing and manipulation.

urless on offsec.tools
urless

De-clutter a list of URLs.

jsleak on offsec.tools
jsleak

Find secrets, paths or links in the source code.

github-endpoints on offsec.tools
github-endpoints

Find endpoints on GitHub.

github-regexp on offsec.tools
github-regexp

Basically a regexp over a GitHub search.

JSpector on offsec.tools
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

ffufPostprocessing on offsec.tools
ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

jsfinder on offsec.tools
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

Aranea on offsec.tools
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

pown.js on offsec.tools
pown.js

Security testing and exploitation toolkit.

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

differer on offsec.tools
differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

apkurlgrep on offsec.tools
apkurlgrep

Extract endpoints from APK files.

Wayback Machine on offsec.tools
Wayback Machine

Explore more than 778 billion web pages saved over time.

websy on offsec.tools
websy

Keep an eye on your targets to get quickly notified for any change they push on their server.

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

pyBuster on offsec.tools
pyBuster

A multi-target URL bruteforcer.

Hamburglar on offsec.tools
Hamburglar

Collect useful information from urls, directories, and files.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

dirhunt on offsec.tools
dirhunt

Find web directories without bruteforce.

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

cc.py on offsec.tools
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

curate on offsec.tools
curate

A tool for fetching archived URLs.

StaCoAn on offsec.tools
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Sniff-Paste on offsec.tools
Sniff-Paste

Pastebin OSINT harvester.

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

Web Crawler Security Tool on offsec.tools
Web Crawler Security Tool

A web crawler oriented to infosec.

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

SubDomainizer on offsec.tools
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

BurpSmartBuster on offsec.tools
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

JSONBee on offsec.tools
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

waybackSqliScanner on offsec.tools
waybackSqliScanner

Gather urls from wayback machine and test each GET parameter for SQL injection.

gaussrf on offsec.tools
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

GadgetProbe on offsec.tools
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

BurpJSLinkFinder on offsec.tools
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

ParamPamPam on offsec.tools
ParamPamPam

This tool for brute discover GET and POST parameters.

linx on offsec.tools
linx

Reveals invisible links within JavaScript files.

urlgrab on offsec.tools
urlgrab

A golang utility to spider through a website searching for additional links.

GoLinkFinder on offsec.tools
GoLinkFinder

A fast and minimal JS endpoint extractor.

JS-Scan on offsec.tools
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

crawley on offsec.tools
crawley

The unix-way web crawler.

Dirstalk on offsec.tools
Dirstalk

Multi threaded application designed to brute force paths on web servers.

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

RecurseBuster on offsec.tools
RecurseBuster

Rapid content discovery tool for recursively querying webservers.

GAP on offsec.tools
GAP

A Burp Suite extension to find potential endpoints and parameters.

Sub3 Suite on offsec.tools
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

skipfish on offsec.tools
skipfish

Active web application security reconnaissance tool.

uro on offsec.tools
uro

Declutters url lists for crawling/pentesting.

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

gospider on offsec.tools
gospider

Fast web spider written in Go.

crithit on offsec.tools
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

BFAC on offsec.tools
BFAC

Check for backup artifacts that may disclose the web-application's source code.

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Waymore on offsec.tools
Waymore

Find way more from the Wayback Machine!

xnLinkFinder on offsec.tools
xnLinkFinder

A python tool used to discover endpoints and potential parameters for a given target.

X8 on offsec.tools
X8

Hidden parameters discovery suite.

extract-endpoints on offsec.tools
extract-endpoints

Extract endpoints from source files.

Dirb on offsec.tools
Dirb

Web Fuzzer.

Wfuzz on offsec.tools
Wfuzz

Web application fuzzer.

EyeWitness on offsec.tools
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

httprobe on offsec.tools
httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

unfurl on offsec.tools
unfurl

An Entropy-Based Link Vulnerability Tool.

webscreenshot on offsec.tools
webscreenshot

A simple script to screenshot a list of websites.

JSParser on offsec.tools
JSParser

Python script to parse relative URLs from JavaScript files.

gau on offsec.tools
gau

Fetch known URLs from several sources.

meg on offsec.tools
meg

Fetch many paths for many hosts, without killing the hosts.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

hakrawler on offsec.tools
hakrawler

Simple, fast web crawler designed for discovery of endpoints and assets within a web application.

waybackurls on offsec.tools
waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

LinkFinder on offsec.tools
LinkFinder

A python script that finds endpoints in JavaScript files.

ffuf on offsec.tools
ffuf

Fast web fuzzer written in Go.