A vast collection of security tools for bug bounty, pentest and red teaming
#passwords










Vajra
UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.




ggshield
Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.









padding-oracle-attacker
Execute padding oracle attacks with support for concurrent network requests and an elegant UI.




JWTweak
Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.










SSH PuTTY login bruteforcer
A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.





SecLists
Collection of multiple types of lists used during security assessments, collected in one place.









Default Credentials Cheat Sheet
One place for all the default credentials to assist on finding devices with default password.







crunch
Wordlist generator where you can specify a character set or any set of characters to be used.










EyeWitness
Take screenshots of websites, provide server header info and identify default credentials.
