#fuzzing

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

Nuclei on offsec.tools
Sponsor
Nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

API fuzzer on offsec.tools
API fuzzer

Fuzz request attributes using common pentesting techniques and lists vulnerabilities.

#api   #fuzzing  

RESTler on offsec.tools
RESTler

A stateful fuzzing tool for automatically testing cloud services through their REST APIs.

#api   #fuzzing   #rest  

The Time Machine on offsec.tools
The Time Machine

Weaponizing WaybackUrls for recon, bug bounties, OSINT, sensitive endpoints and what not.

dnstwist on offsec.tools
dnstwist

Domain name permutation engine for detecting several types of attacks.

DNSMORPH on offsec.tools
DNSMORPH

Domain name permutation engine written in Go.

litefuzz on offsec.tools
litefuzz

A multi-platform fuzzer for poking at userland binaries and servers.

Wordsmith on offsec.tools
Wordsmith

Assist with creating tailored wordlists, mostly based on geolocation.

Firefly on offsec.tools
Firefly

Black box fuzzer for web applications.

dnstwist_ on offsec.tools
dnstwist_

A tool to monitor for potential spear phishing domains and send to Slack.

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

Nozaki on offsec.tools
Nozaki

HTTP fuzzer engine security oriented.

#fuzzing   #http   #yaml  

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

userefuzz on offsec.tools
userefuzz

User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.

TheftFuzzer on offsec.tools
TheftFuzzer

Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

Scout on offsec.tools
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

0d1n on offsec.tools
0d1n

Tool for automating customized attacks against web applications.

Shelling on offsec.tools
Shelling

A comprehensive OS command injection payload generator.

SecLists on offsec.tools
SecLists

Collection of multiple types of lists used during security assessments, collected in one place.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

XSS Radar on offsec.tools
XSS Radar

A Chrome extension for fast and easy XSS fuzzing.

SSRFmap on offsec.tools
SSRFmap

Automatic SSRF fuzzer and exploitation tool.

Race The Web on offsec.tools
Race The Web

Tests for race conditions in web applications.

Oralyzer on offsec.tools
Oralyzer

Open Redirection Analyzer.

headi on offsec.tools
headi

Customisable and automated HTTP header injection.

IntruderPayloads on offsec.tools
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

DotDotPwn on offsec.tools
DotDotPwn

The Directory Traversal Fuzzer.

Injectus on offsec.tools
Injectus

CRLF and open redirect fuzzer.

vaf on offsec.tools
vaf

Cross-platform very advanced and fast web fuzzer written in nim.

Fuzzapi on offsec.tools
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.

FuzzDB on offsec.tools
FuzzDB

Attack patterns and primitives for black-box application fault injection and resource discovery.

Filebuster on offsec.tools
Filebuster

An extremely fast and flexible web fuzzer.

fuzzagotchi on offsec.tools
fuzzagotchi

A fuzzing tool written in Go. It helps your pentesting journey.

Crawlergo on offsec.tools
Crawlergo

A powerful browser crawler for web vulnerability scanners

graphw00f on offsec.tools
graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

4-ZERO-3 on offsec.tools
4-ZERO-3

403/401 Bypass Methods.

Arjun on offsec.tools
Arjun

HTTP parameter discovery suite.

CRLFuzz on offsec.tools
CRLFuzz

A fast tool to scan CRLF vulnerability written in Go.

qsreplace on offsec.tools
qsreplace

Accept URLs on stdin, replace all query string values with a user-supplied value.

cook on offsec.tools
cook

Overpower wordlist generator, words permutation and combinations, encoding/decoding...

Feroxbuster on offsec.tools
Feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Knoxnl on offsec.tools
Knoxnl

This is a python wrapper around the amazing KNOXSS.

Wapiti on offsec.tools
Wapiti

The web-application vulnerability scanner.

recollapse on offsec.tools
recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations

qsfuzz on offsec.tools
qsfuzz

qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject

Wfuzz on offsec.tools
Wfuzz

Web application fuzzer.

Zed Attack Proxy on offsec.tools
Zed Attack Proxy

The world's most widely used web app scanner.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

Burp Suite on offsec.tools
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.