A vast collection of security tools for bug bounty, pentest and red teaming

#endpoints

76 results
katana on offsec.tools
Sponsor
katana

A next-generation crawling and spidering framework.

#crawler   #endpoints  

httpx on offsec.tools
Sponsor
httpx

HTTP toolkit that allows running multiple probes using the retryablehttp library.

#endpoints   #probing  

github-regexp on offsec.tools
github-regexp

Basically a regexp over a GitHub search.

#endpoints   #github   #regexp   #secrets   #subdomains  

github-endpoints on offsec.tools
github-endpoints

Find endpoints on GitHub.

#endpoints   #github  

JSpector on offsec.tools
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

#burpsuite   #endpoints   #javascript   #parser   #regexp  

ffufPostprocessing on offsec.tools
ffufPostprocessing

Golang tool which helps dropping the irrelevant entries from your ffuf result file.

#endpoints   #utils  

jsfinder on offsec.tools
jsfinder

Fetches JavaScript files quickly and comprehensively from a defined list of URLs or domains.

#crawler   #endpoints   #javascript  

Aranea on offsec.tools
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

#crawler   #endpoints   #javascript   #regexp   #secrets  

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

#domains   #endpoints   #subdomains   #tld   #utils  

pown.js on offsec.tools
pown.js

Security testing and exploitation toolkit.

#endpoints   #framework   #recon  

differer on offsec.tools
differer

differer finds how URLs are parsed by different languages in order to help bug hunters break filters.

#endpoints   #ssrf   #utils  

apkurlgrep on offsec.tools
apkurlgrep

Extract endpoints from APK files.

#android   #apk   #endpoints   #mobile  

GrayhatWarfare on offsec.tools
GrayhatWarfare

Search for buckets and URL shorteners.

#aws   #azure   #buckets   #cloud   #digitalocean   #endpoints   #google   #online   #shorteners  

Wayback Machine on offsec.tools
Wayback Machine

Explore more than 778 billion web pages saved over time.

#endpoints   #online   #webarchives  

gitscraper on offsec.tools
gitscraper

Scrapes public GitHub repositories for common naming conventions in variables, folders and files.

#directories   #endpoints   #files   #github   #parameters   #resources  

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

#dns   #endpoints   #fingerprint   #firewall   #fuzzing   #ips   #scanner   #ssl   #subdomains  

Hamburglar on offsec.tools
Hamburglar

Collect useful information from urls, directories, and files.

#crypto   #directories   #emails   #endpoints   #files   #git   #regexp   #secrets  

pyBuster on offsec.tools
pyBuster

A multi-target URL bruteforcer.

#bruteforce   #endpoints   #ports  

dirhunt on offsec.tools
dirhunt

Find web directories without bruteforce.

#certificates   #commoncrawl   #crawler   #directories   #endpoints   #recon   #webarchives  

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

#crawler   #endpoints   #files   #javascript   #osint   #secrets   #subdomains   #webarchives  

cc.py on offsec.tools
cc.py

Extracting URLs of a specific target based on the results of commoncrawl.org.

#commoncrawl   #endpoints   #recon  

Sniff-Paste on offsec.tools
Sniff-Paste

Pastebin OSINT harvester.

#emails   #endpoints   #ips   #osint   #pastebin   #phones   #ports   #secrets  

StaCoAn on offsec.tools
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

#android   #codeanalysis   #endpoints   #mobile   #reports   #secrets  

curate on offsec.tools
curate

A tool for fetching archived URLs.

#endpoints   #recon   #virustotal   #webarchives  

Web Crawler Security Tool on offsec.tools
Web Crawler Security Tool

A web crawler oriented to infosec.

#crawler   #endpoints   #recon  

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

#crawler   #dns   #endpoints   #ips   #ports   #reports   #subdomains  

ChopChop on offsec.tools
ChopChop

Scan endpoints and identify exposition of sensitive services/files/folders.

#directories   #endpoints   #recon   #scanner  

SubDomainizer on offsec.tools
SubDomainizer

A tool to find subdomains and interesting things hidden inside.

#aws   #azure   #buckets   #cloud   #digitalocean   #endpoints   #github   #subto  

BurpSmartBuster on offsec.tools
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

#burpsuite   #directories   #endpoints  

JSONBee on offsec.tools
JSONBee

A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.

#bypass   #csp   #endpoints   #jsonp   #payloads  

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

#crawler   #endpoints   #passwords   #secrets  

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

#emails   #endpoints   #forms   #fuzzing   #osint   #owasp   #parameters   #phones   #subdomains  

waybackSqliScanner on offsec.tools
waybackSqliScanner

Gather urls from wayback machine then test each GET parameter for SQL injection.

#endpoints   #sqli   #vulnerabilities  

gaussrf on offsec.tools
gaussrf

Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.

#endpoints   #openredirect   #ssrf  

GadgetProbe on offsec.tools
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

#burpsuite   #deserialization   #endpoints   #fingerprint   #java  

BurpJSLinkFinder on offsec.tools
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

#burpsuite   #endpoints   #javascript  

ParamPamPam on offsec.tools
ParamPamPam

This tool for brute discover GET and POST parameters.

#endpoints  

linx on offsec.tools
linx

Reveals invisible links within JavaScript files.

#endpoints   #javascript  

urlgrab on offsec.tools
urlgrab

A golang utility to spider through a website searching for additional links.

#crawler   #endpoints  

GoLinkFinder on offsec.tools
GoLinkFinder

A fast and minimal JS endpoint extractor.

#endpoints   #javascript  

JS-Scan on offsec.tools
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

#endpoints   #javascript   #secrets  

crawley on offsec.tools
crawley

The unix-way web crawler.

#crawler   #directories   #endpoints  

Dirstalk on offsec.tools
Dirstalk

Multi threaded application designed to brute force paths on web servers.

#directories   #endpoints  

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

#directories   #endpoints   #fuzzing  

RecurseBuster on offsec.tools
RecurseBuster

Rapid content discovery tool for recursively querying webservers.

#directories   #endpoints  

GAP on offsec.tools
GAP

A Burp Suite extension to find potential endpoints and parameters.

#burpsuite   #endpoints   #parameters  

Sub3 Suite on offsec.tools
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

#dns   #endpoints   #ips   #osint   #ports   #ssl   #subdomains  

skipfish on offsec.tools
skipfish

Active web application security reconnaissance tool.

#crawler   #directories   #endpoints   #reports   #scanner   #sitemap  

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

#directories   #endpoints   #fuzzing   #parameters  

uro on offsec.tools
uro

Declutters url lists for crawling/pentesting.

#endpoints   #utils  

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

#burpsuite   #endpoints   #regexp   #secrets   #subdomains  

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

#endpoints   #ips   #ports   #scanner   #screenshots   #subdomains   #subto  

gospider on offsec.tools
gospider

Fast web spider written in Go.

#aws   #buckets   #directories   #endpoints  

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

#endpoints   #fuzzing   #parameters  

crithit on offsec.tools
crithit

Takes a single wordlist item and tests it one by one over a large collection of websites.

#directories   #endpoints  

BFAC on offsec.tools
BFAC

Check for backup artifacts that may disclose the web-application's source code.

#backups   #endpoints   #secrets  

gf on offsec.tools
gf

A wrapper around grep to avoid typing common patterns.

#endpoints   #secrets  

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

#directories   #endpoints   #fuzzing  

xnLinkFinder on offsec.tools
xnLinkFinder

A python tool used to discover endpoints and potential parameters for a given target.

#endpoints   #parameters  

Waymore on offsec.tools
Waymore

Find way more from the Wayback Machine!

#endpoints  

X8 on offsec.tools
X8

Hidden parameters discovery suite.

#endpoints   #parameters  

extract-endpoints on offsec.tools
extract-endpoints

Extract endpoints from source files.

#endpoints   #parser   #regexp  

EyeWitness on offsec.tools
EyeWitness

Take screenshots of websites, provide server header info and identify default credentials.

#endpoints   #passwords   #screenshots  

Wfuzz on offsec.tools
Wfuzz

Web application fuzzer.

#directories   #endpoints   #fuzzing  

Dirb on offsec.tools
Dirb

Web Fuzzer.

#directories   #endpoints  

JSParser on offsec.tools
JSParser

Python script to parse relative URLs from JavaScript files.

#endpoints  

webscreenshot on offsec.tools
webscreenshot

A simple script to screenshot a list of websites.

#endpoints   #screenshots  

unfurl on offsec.tools
unfurl

An Entropy-Based Link Vulnerability Tool.

#endpoints  

httprobe on offsec.tools
httprobe

Take a list of domains and probe for working HTTP and HTTPS servers.

#endpoints   #probing  

meg on offsec.tools
meg

Fetch many paths for many hosts, without killing the hosts.

#endpoints  

gau on offsec.tools
gau

Fetch known URLs from several sources.

#crawler   #endpoints  

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

#backups   #endpoints   #fuzzing   #secrets  

Hakrawler on offsec.tools
Hakrawler

Simple, fast web crawler designed for discovery of endpoints and assets within a web application.

#crawler   #endpoints  

waybackurls on offsec.tools
waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain.

#endpoints   #webarchives  

LinkFinder on offsec.tools
LinkFinder

A python script that finds endpoints in JavaScript files.

#endpoints  

ffuf on offsec.tools
ffuf

Fast web fuzzer written in Go.

#bruteforce   #directories   #endpoints   #recon