#endpoints

httpx
sponsor
httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

katana
sponsor
katana

A next-generation crawling and spidering framework.

X8
featured
X8

Hidden parameters discovery suite.

MetaDetective
MetaDetective

Unleash metadata intelligence, bridging the chasm in metadata extraction and analysis.

Porch-Pirate
Porch-Pirate

The most comprehensive Postman recon / OSINT client and framework.

FinalRecon
FinalRecon

All In One Web Recon.

Lookyloo
Lookyloo

Allows users to capture a website page and then display a tree of domains that call each other.

Velociraptor
Velociraptor

Endpoint visibility and collection tool.

Swagger Jacker
Swagger Jacker

Designed to assist with auditing of exposed Swagger/OpenAPI) definition files.

sourcemapper
sourcemapper

Extract JavaScript source trees from source map files.

jsluice
jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

BackupKiller
BackupKiller

Generate wordlist based on the URLs to check for backup, installation, etc files.

wordlistgen
wordlistgen

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths.

xurlfind3r
xurlfind3r

A cli utility to find domain's known URLs from curated passive online sources.

APKLeaks
APKLeaks

Scanning APK file for URIs, endpoints & secrets.

subjs
subjs

Fetches javascript file from a list of URLS or subdomains.

kiterunner
kiterunner

Contextual content discovery tool.

socialhunter
socialhunter

Crawls the website and finds broken social media links that can be hijacked

Haylxon
Haylxon

Blazing-fast tool to grab screenshots of your domain list right from terminal.

hakfindinternaldomains
hakfindinternaldomains

Feed it a list of subdomains, it will resolve them and tell you which ones are internal.

The Time Machine
The Time Machine

Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.

hrekt
hrekt

A really fast HTTP prober.

wildcrawl
wildcrawl

Crawls URL to get a better image of what is tied to a website.

swagroutes
swagroutes

Extract and list API routes from Swagger files in YAML/JSON format.

endext
endext

A tool for extracting all the possible endpoints from the JS files.

trurl
trurl

Command line tool for URL parsing and manipulation.

urless
urless

De-clutter a list of URLs.

jsleak
jsleak

Find secrets, paths or links in the source code.

github-endpoints
github-endpoints

Find endpoints on GitHub.

github-regexp
github-regexp

Basically a regexp over a GitHub search.

JSpector
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

ffufPostprocessing
ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

jsfinder
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

Aranea
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

pown.js
pown.js

Security testing and exploitation toolkit.

haktldextract
haktldextract

Extract domains/subdomains from URLs en masse.

differer
differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

GrayhatWarfare
GrayhatWarfare

Search for buckets and URL shorteners.

apkurlgrep
apkurlgrep

Extract endpoints from APK files.

Wayback Machine
Wayback Machine

Explore more than 778 billion web pages saved over time.

websy
websy

Keep an eye on your targets to get quickly notified for any change they push on their server.

gitscraper
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

pyBuster
pyBuster

A multi-target URL bruteforcer.

Hamburglar
Hamburglar

Collect useful information from urls, directories, and files.

Raccoon
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

dirhunt
dirhunt

Find web directories without bruteforce.

Photon
Photon

Incredibly fast crawler designed for OSINT.

cc.py
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

curate
curate

A tool for fetching archived URLs.

StaCoAn
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Sniff-Paste
Sniff-Paste

Pastebin OSINT harvester.

Domain Analyzer
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

Web Crawler Security Tool
Web Crawler Security Tool

A web crawler oriented to infosec.

ChopChop
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

SubDomainizer
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

BurpSmartBuster
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

JSONBee
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

cariddi
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

BlackWidow
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

waybackSqliScanner
waybackSqliScanner

Gather urls from wayback machine and test each GET parameter for SQL injection.

gaussrf
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

GadgetProbe
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

BurpJSLinkFinder
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

ParamPamPam
ParamPamPam

This tool for brute discover GET and POST parameters.

linx
linx

Reveals invisible links within JavaScript files.

urlgrab
urlgrab

A golang utility to spider through a website searching for additional links.

GoLinkFinder
GoLinkFinder

A fast and minimal JS endpoint extractor.

JS-Scan
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

crawley
crawley

The unix-way web crawler.

Dirstalk
Dirstalk

Multi threaded application designed to brute force paths on web servers.

Filebuster
Filebuster

An extremely fast and flexible web fuzzer.

RecurseBuster
RecurseBuster

Rapid content discovery tool for recursively querying webservers.

GAP
GAP

A Burp Suite extension to find potential endpoints and parameters.

Sub3 Suite
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

skipfish
skipfish

Active web application security reconnaissance tool.

uro
uro

Declutters url lists for crawling/pentesting.

fuzzagotchi
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

DataExtractor
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Sudomy
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

Arjun
Arjun

HTTP parameter discovery suite.

gospider
gospider

Fast web spider written in Go.

crithit
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

BFAC
BFAC

Check for backup artifacts that may disclose the web-application's source code.

gf
gf

A wrapper around grep to avoid typing common patterns.

Feroxbuster
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Waymore
Waymore

Find way more from the Wayback Machine!

xnLinkFinder
xnLinkFinder

A python tool used to discover endpoints and potential parameters for a given target.

extract-endpoints
extract-endpoints

Extract endpoints from source files.

Dirb
Dirb

Web Fuzzer.

Wfuzz
Wfuzz

Web application fuzzer.

EyeWitness
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

httprobe
httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

unfurl
unfurl

An Entropy-Based Link Vulnerability Tool.

webscreenshot
webscreenshot

A simple script to screenshot a list of websites.

JSParser
JSParser

Python script to parse relative URLs from JavaScript files.

gau
gau

Fetch known URLs from several sources.

meg
meg

Fetch many paths for many hosts, without killing the hosts.

fuzzuli
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

hakrawler
hakrawler

Simple, fast web crawler designed for discovery of endpoints and assets within a web application.

waybackurls
waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

LinkFinder
LinkFinder

A python script that finds endpoints in JavaScript files.

ffuf
ffuf

Fast web fuzzer written in Go.