#fuzzing

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

#cves   #fuzzing   #payloads   #resources   #scanner   #secrets   #vulnerabilities  

Nuclei on offsec.tools
Sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

#allinone   #cves   #fuzzing   #scanner   #subto  

API fuzzer on offsec.tools
API fuzzer

Fuzz request attributes using common pentesting techniques and lists vulnerabilities.

#api   #fuzzing  

RESTler on offsec.tools
RESTler

A stateful fuzzing tool for automatically testing cloud services through their REST APIs.

#api   #fuzzing   #rest  

The Time Machine on offsec.tools
The Time Machine

Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.

#endpoints   #fuzzing   #osint   #webarchives  

dnstwist on offsec.tools
dnstwist

Domain name permutation engine for detecting several types of attacks.

#altdns   #dns   #domains   #fuzzing   #phishing  

DNSMORPH on offsec.tools
DNSMORPH

Domain name permutation engine written in Go.

#altdns   #dns   #domains   #fuzzing   #phishing  

litefuzz on offsec.tools
litefuzz

A multi-platform fuzzer for poking at userland binaries and servers.

#fuzzing   #network  

Wordsmith on offsec.tools
Wordsmith

Assist with creating tailored wordlists, mostly based on geolocation.

#fuzzing   #utils   #wordlists  

Firefly on offsec.tools
Firefly

Black box fuzzer for web applications.

#fuzzing   #payloads   #wordlists  

dnstwist_ on offsec.tools
dnstwist_

A tool to monitor for potential spear phishing domains and send to Slack.

#altdns   #dns   #domains   #fuzzing   #phishing  

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

#aws   #azure   #cloud   #directories   #emails   #firebase   #fuzzing   #osint   #subdomains  

Nozaki on offsec.tools
Nozaki

HTTP fuzzer engine security oriented.

#fuzzing   #http   #yaml  

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

#fuzzing   #network   #reports   #samba   #scanner   #windows  

userefuzz on offsec.tools
userefuzz

User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.

#fuzzing   #headers   #sqli  

TheftFuzzer on offsec.tools
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

#cors   #fuzzing   #vulnerabilities  

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

#dns   #endpoints   #fingerprint   #firewall   #fuzzing   #ips   #scanner   #ssl   #subdomains  

Scout on offsec.tools
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

#directories   #fuzzing   #subdomains  

0d1n on offsec.tools
0d1n

Tool for automating customized attacks against web applications.

#allinone   #bruteforce   #fuzzing   #reports  

Shelling on offsec.tools
Shelling

A comprehensive OS command injection payload generator.

#burpsuite   #fuzzing   #rce   #shell  

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

#fuzzing   #passwords   #payloads   #resources   #wordlists  

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

#emails   #endpoints   #forms   #fuzzing   #osint   #owasp   #parameters   #phones   #subdomains  

XSS Radar on offsec.tools
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

#browser   #chrome   #fuzzing   #vulnerabilities   #xss  

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

#exploits   #fuzzing   #ssrf   #vulnerabilities  

Race The Web on offsec.tools
Race The Web

Tests for race conditions in web applications.

#api   #fuzzing   #racecondition  

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

#exploits   #fuzzing   #openredirect   #vulnerabilities  

headi on offsec.tools
headi

Customisable and automated HTTP header injection.

#fuzzing   #headers   #http  

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

#burpsuite   #fuzzing   #owasp   #resources   #wordlists  

DotDotPwn on offsec.tools
DotDotPwn

The Directory Traversal Fuzzer.

#fuzzing   #lfi   #vulnerabilities  

Injectus on offsec.tools
Injectus

CRLF and open redirect fuzzer.

#crlf   #fuzzing   #openredirect   #vulnerabilities  

vaf on offsec.tools
vaf

Cross-platform very advanced and fast web fuzzer written in nim.

#fuzzing  

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

#api   #fuzzing   #scanner  

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

#fuzzing   #payloads   #resources   #wordlists  

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

#directories   #endpoints   #fuzzing  

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

#directories   #endpoints   #fuzzing   #parameters  

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

#fuzzing   #scanner  

graphw00f on offsec.tools
graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

#fuzzing   #graphql  

4-ZERO-3 on offsec.tools
4-ZERO-3

403/401 Bypass Methods.

#bypass   #fuzzing  

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

#endpoints   #fuzzing   #parameters  

CRLFuzz on offsec.tools
CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

#fuzzing  

qsreplace on offsec.tools
qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value.

#fuzzing  

cook on offsec.tools
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

#fuzzing   #passwords   #wordlists  

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

#directories   #endpoints   #fuzzing  

Knoxnl on offsec.tools
Knoxnl

This is a python wrapper around the amazing KNOXSS.

#fuzzing   #vulnerabilities   #xss  

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

#allinone   #exploits   #fuzzing   #scanner  

recollapse on offsec.tools
recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations

#fuzzing  

qsfuzz on offsec.tools
qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

#fuzzing  

Wfuzz on offsec.tools
Wfuzz

Web application fuzzer.

#directories   #endpoints   #fuzzing  

Zed Attack Proxy on offsec.tools
Zed Attack Proxy

The world's most widely used web app scanner.

#allinone   #fuzzing   #owasp   #proxy   #scanner  

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

#backups   #endpoints   #fuzzing   #secrets  

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.

#allinone   #burpsuite   #cves   #fuzzing   #proxy   #scanner