A vast collection of security tools for bug bounty, pentest and red teaming
#scanner


Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.

mapcidr
Small utility program to perform multiple operations for a given subnet/CIDR ranges.



Java Deserialization Scanner
All-in-one plugin for the detection and exploitation of Java deserialization vulnerabilities.








WebInspect
An automated dynamic testing solution that provides comprehensive vulnerability detection.




RedTeam_toolkit
Open source Django offensive webapp which is keeping the best tools used in the redteaming.








Qualys Cloud Platform
The revolutionary architecture that powers Qualys' IT, security, and compliance cloud apps.































scan-check-builder
Burp Suite extension which helps to improve the active and passive scanner by yourself.

Dastardly Scan Action
Runs a scan using Dastardly by Burp Suite against a target site and generates a report.












WPSpider
A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.



XSSwagger
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.






XSSer
Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.




Evil SQL Client
Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.


Extended SSRF search
Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.















reconFTW
Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.






Rengine
Automated reconnaissance framework for webapps, highly configurable streamlined recon process.









Masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.





Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.

