A vast collection of security tools for bug bounty, pentest and red teaming

#endpoints

katana on offsec.tools
Sponsor
katana

A next-generation crawling and spidering framework.

httpx on offsec.tools
Sponsor
httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

github-regexp on offsec.tools
github-regexp

Basically a regexp over a GitHub search.

github-endpoints on offsec.tools
github-endpoints

Find endpoints on GitHub.

JSpector on offsec.tools
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

ffufPostprocessing on offsec.tools
ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

jsfinder on offsec.tools
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

Aranea on offsec.tools
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

pown.js on offsec.tools
pown.js

Security testing and exploitation toolkit.

differer on offsec.tools
differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

apkurlgrep on offsec.tools
apkurlgrep

Extract endpoints from APK files.

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

Wayback Machine on offsec.tools
Wayback Machine

Explore more than 778 billion web pages saved over time.

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

Hamburglar on offsec.tools
Hamburglar

Collect useful information from urls, directories, and files.

pyBuster on offsec.tools
pyBuster

A multi-target URL bruteforcer.

dirhunt on offsec.tools
dirhunt

Find web directories without bruteforce.

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

cc.py on offsec.tools
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

Sniff-Paste on offsec.tools
Sniff-Paste

Pastebin OSINT harvester.

StaCoAn on offsec.tools
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

curate on offsec.tools
curate

A tool for fetching archived URLs.

Web Crawler Security Tool on offsec.tools
Web Crawler Security Tool

A web crawler oriented to infosec.

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

SubDomainizer on offsec.tools
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

BurpSmartBuster on offsec.tools
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

JSONBee on offsec.tools
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

waybackSqliScanner on offsec.tools
waybackSqliScanner

Gather urls from wayback machine then test each GET parameter for SQL injection.

gaussrf on offsec.tools
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

GadgetProbe on offsec.tools
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

BurpJSLinkFinder on offsec.tools
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

ParamPamPam on offsec.tools
ParamPamPam

This tool for brute discover GET and POST parameters.

linx on offsec.tools
linx

Reveals invisible links within JavaScript files.

urlgrab on offsec.tools
urlgrab

A golang utility to spider through a website searching for additional links.

GoLinkFinder on offsec.tools
GoLinkFinder

A fast and minimal JS endpoint extractor.

JS-Scan on offsec.tools
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

crawley on offsec.tools
crawley

The unix-way web crawler.

Dirstalk on offsec.tools
Dirstalk

Multi threaded application designed to brute force paths on web servers.

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

RecurseBuster on offsec.tools
RecurseBuster

Rapid content discovery tool for recursively querying webservers.

GAP on offsec.tools
GAP

A Burp Suite extension to find potential endpoints and parameters.

Sub3 Suite on offsec.tools
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

skipfish on offsec.tools
skipfish

Active web application security reconnaissance tool.

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

uro on offsec.tools
uro

Declutters url lists for crawling/pentesting.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

gospider on offsec.tools
gospider

Fast web spider written in Go.

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

crithit on offsec.tools
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

BFAC on offsec.tools
BFAC

Check for backup artifacts that may disclose the web-application's source code.

gf on offsec.tools
gf

A wrapper around grep to avoid typing common patterns.

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

xnLinkFinder on offsec.tools
xnLinkFinder

A python tool used to discover endpoints and potential parameters for a given target.

Waymore on offsec.tools
Waymore

Find way more from the Wayback Machine!

X8 on offsec.tools
X8

Hidden parameters discovery suite.

extract-endpoints on offsec.tools
extract-endpoints

Extract endpoints from source files.

EyeWitness on offsec.tools
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

Wfuzz on offsec.tools
Wfuzz

Web application fuzzer.

Dirb on offsec.tools
Dirb

Web Fuzzer.

JSParser on offsec.tools
JSParser

Python script to parse relative URLs from JavaScript files.

webscreenshot on offsec.tools
webscreenshot

A simple script to screenshot a list of websites.

unfurl on offsec.tools
unfurl

An Entropy-Based Link Vulnerability Tool.

httprobe on offsec.tools
httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

meg on offsec.tools
meg

Fetch many paths for many hosts, without killing the hosts.

gau on offsec.tools
gau

Fetch known URLs from several sources.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

Hakrawler on offsec.tools
Hakrawler

Simple, fast web crawler designed for discovery of endpoints and assets within a web application.

waybackurls on offsec.tools
waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

LinkFinder on offsec.tools
LinkFinder

A python script that finds endpoints in JavaScript files.

ffuf on offsec.tools
ffuf

Fast web fuzzer written in Go.