Update
hahwul
parent
b0781b1b3e
commit
6f42538c09
598
README.md
598
README.md
|
|
@ -1,290 +1,340 @@
|
||||||
|
|
||||||
<h1 align="center">
|
<h1 align="center">
|
||||||
<br>
|
<br>
|
||||||
<a href=""><img src="https://user-images.githubusercontent.com/13212227/104400969-9f3d9280-5596-11eb-80f4-864effae95fc.png" alt="" width="500px;"></a>
|
<a href=""><img src="https://user-images.githubusercontent.com/13212227/104400969-9f3d9280-5596-11eb-80f4-864effae95fc.png" alt="" width="500px;"></a>
|
||||||
<br>
|
<br>
|
||||||
<img src="https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons?style=flat">
|
<img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat">
|
||||||
<img src="https://img.shields.io/github/last-commit/hahwul/WebHackersWeapons?style=flat">
|
<img src="https://img.shields.io/badge/PRs-welcome-cyan">
|
||||||
<img src="https://img.shields.io/badge/PRs-welcome-cyan">
|
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/Build/badge.svg">
|
||||||
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/Build/badge.svg">
|
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat&logo=twitter"></a>
|
||||||
<img src="https://github.com/hahwul/WebHackersWeapons/workflows/CodeQL/badge.svg">
|
|
||||||
<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat&logo=twitter"></a>
|
|
||||||
</h1>
|
</h1>
|
||||||
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
|
A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting
|
||||||
|
|
||||||
## Family project
|
## Family project
|
||||||
[](https://github.com/hahwul/WebHackersWeapons)
|
[](https://github.com/hahwul/WebHackersWeapons)
|
||||||
[](https://github.com/hahwul/MobileHackersWeapons)
|
[](https://github.com/hahwul/MobileHackersWeapons)
|
||||||
|
|
||||||
## Table of Contents
|
## Table of Contents
|
||||||
- [WHW-Tools](https://whw-tools.hahwul.com)
|
|
||||||
- [Weapons](#weapons)
|
- [Weapons](#weapons)
|
||||||
- [Awesome Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets)
|
- Tools
|
||||||
- [Awesome Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions)
|
- [Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets)
|
||||||
- [Awesome Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions)
|
- [Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions)
|
||||||
|
- [Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions)
|
||||||
- [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md)
|
- [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md)
|
||||||
- [Thanks to contributor](#thanks-to-contributor)
|
- [Thanks to contributor](#thanks-to-contributor)
|
||||||
|
|
||||||
## WHW-Tools
|
|
||||||
> Always use the latest tools 😎
|
|
||||||
|
|
||||||
`WHW-Tools` is tools web of `#WebHackersWeapons`. Easy install and Easy manage upgrade. Go to [WHW-Tools](https://whw-tools.hahwul.com/)
|
|
||||||
|
|
||||||
## Weapons
|
## Weapons
|
||||||
| Type | Name | Description | Popularity | Language |
|
### Tools
|
||||||
| ---------- | :---------- | :----------: | :----------: | :----------: |
|
| Type | Name | Description | Badges | Popularity |
|
||||||
| Army-Knife/SCAN | [jaeles](https://github.com/jaeles-project/jaeles) | The Swiss Army knife for automated Web Application Testing |  |  |
|
| --- | --- | --- | --- | --- |
|
||||||
| Army-Knife/PROXY | [BurpSuite](https://portswigger.net/burp) | the BurpSuite Project||
|
|[]|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|||
|
||||||
| Army-Knife/PROXY | [hetty](https://github.com/dstotijn/hetty) | Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. |  |  |
|
|[]|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|||
|
||||||
| Army-Knife/PROXY | [httptoolkit](https://github.com/httptoolkit/httptoolkit) | HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac |  |  |
|
|[]|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|||
|
||||||
| Army-Knife/PROXY | [proxify](https://github.com/projectdiscovery/proxify) | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay |  |  |
|
|[]|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |||
|
||||||
| Army-Knife/PROXY | [zaproxy](https://github.com/zaproxy/zaproxy) | The OWASP ZAP core project |  |  |
|
|[]|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|||
|
||||||
| Army-Knife/SCAN | [nuclei](https://github.com/projectdiscovery/nuclei) | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |  |  |
|
|[]|[scilla](https://github.com/edoardottt/scilla)|🏴☠️ Information Gathering tool 🏴☠️ dns/subdomain/port enumeration|||
|
||||||
| Discovery/ALL | [3klCon](https://github.com/eslam3kl/3klCon) | Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. |  |  |
|
|[]|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams| ||x|
|
||||||
| Discovery/ALL | [HydraRecon](https://github.com/aufzayed/HydraRecon) | All In One, Fast, Easy Recon Tool |  |  |
|
|[]|[grc](https://github.com/garabik/grc)|generic colouriser|||
|
||||||
| Discovery/ALL | [OneForAll](https://github.com/shmilylty/OneForAll) | OneForAll是一款功能强大的子域收集工具 |  |  |
|
|[]|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |||
|
||||||
| Discovery/ALL | [aquatone](https://github.com/michenriksen/aquatone) | A Tool for Domain Flyovers |  |  |
|
|[]|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|||
|
||||||
| Discovery/ALL | [intrigue-core](https://github.com/intrigueio/intrigue-core) | Discover Your Attack Surface |  |  |
|
|[]|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |||
|
||||||
| Discovery/ALL | [lazyrecon](https://github.com/nahamsec/lazyrecon) | This script is intended to automate your reconnaissance process in an organized fashion |  |  |
|
|[]|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|||
|
||||||
| Discovery/ALL | [reconftw](https://github.com/six2dez/reconftw) | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities |  |  |
|
|[]|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|||
|
||||||
| Discovery/ALL | [rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |  |  |
|
|[]|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |||
|
||||||
| Discovery/ALL | [scilla](https://github.com/edoardottt/scilla) | 🏴☠️ Information Gathering tool 🏴☠️ dns/subdomain/port enumeration |  |  |
|
|[]|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|||
|
||||||
| Discovery/ALL | [sn0int](https://github.com/kpcyrd/sn0int) | Semi-automatic OSINT framework and package manager |  |  |
|
|[]|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.||||x|
|
||||||
| Discovery/API | [kiterunner](https://github.com/assetnote/kiterunner) | Contextual Content Discovery Tool |  |  |
|
|[]|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |||
|
||||||
| Discovery/APK | [apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints & secrets. |  |  |
|
|[]|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |||
|
||||||
| Discovery/URL | [Photon](https://github.com/s0md3v/Photon) | Incredibly fast crawler designed for OSINT. |  |  |
|
|[]|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |||
|
||||||
| Discovery/URL | [cc.py](https://github.com/si9int/cc.py) | Extracting URLs of a specific target based on the results of "commoncrawl.org" |  |  |
|
|[]|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |||
|
||||||
| Discovery/URL | [go-dork](https://github.com/dwisiswant0/go-dork) | The fastest dork scanner written in Go. |  |  |
|
|[]|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|||
|
||||||
| Discovery/URL | [gospider](https://github.com/jaeles-project/gospider) | Gospider - Fast web spider written in Go |  |  |
|
|[]|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|||
|
||||||
| Discovery/URL | [hakrawler](https://github.com/hakluke/hakrawler) | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |  |  |
|
|[]|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x|
|
||||||
| Discovery/URL | [urlgrab](https://github.com/IAmStoxe/urlgrab) | A golang utility to spider through a website searching for additional links. |  |  |
|
|[]|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |||
|
||||||
| Discovery/DNS | [DNSDumpster](https://dnsdumpster.com) | Online dns recon & research, find & lookup dns records| | |
|
|[]|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|||
|
||||||
| Discovery/DNS | [SecurityTrails](https://securitytrails.com) | Online dns / subdomain / recon tool| | |
|
|[]|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |||
|
||||||
| Discovery/DNS | [dnsprobe](https://github.com/projectdiscovery/dnsprobe) | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |  |  |
|
|[]|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|||
|
||||||
| Discovery/DNS | [dnsvalidator](https://github.com/vortexau/dnsvalidator) | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. |  |  |
|
|[]|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records| ||x|
|
||||||
| Discovery/DNS | [dnsx](https://github.com/projectdiscovery/dnsx) | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. |  |  |
|
|[]|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |||
|
||||||
| Discovery/DNS | [hakrevdns](https://github.com/hakluke/hakrevdns) | Small, fast tool for performing reverse DNS lookups en masse. |  |  |
|
|[]|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|||
|
||||||
| Discovery/DNS | [haktrails](https://github.com/hakluke/haktrails) | Golang client for querying SecurityTrails API data |  |  |
|
|[]|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|||
|
||||||
| Discovery/DNS | [puredns](https://github.com/d3mondev/puredns) | Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. |  |  |
|
|[]|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |||
|
||||||
| Discovery/DNS | [rusolver](https://github.com/Edu4rdSHL/rusolver) | Fast and accurate DNS resolver. |  |  |
|
|[]|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|||
|
||||||
| Discovery/DNS | [shuffledns](https://github.com/projectdiscovery/shuffledns) | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |  |  |
|
|[]|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |||
|
||||||
| Discovery/DNS | [subgen](https://github.com/pry0cc/subgen) | A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! |  |  |
|
|[]|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|||
|
||||||
| Discovery/DNS | [zdns](https://github.com/zmap/zdns) | Fast CLI DNS Lookup Tool |  |  |
|
|[]|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |||
|
||||||
| Discovery/DOMAIN | [Amass](https://github.com/OWASP/Amass) | In-depth Attack Surface Mapping and Asset Discovery |  |  |
|
|[]|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |||
|
||||||
| Discovery/DOMAIN | [Chaos Web](https://chaos.projectdiscovery.io) | actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.||
|
|[]|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|||
|
||||||
| Discovery/DOMAIN | [Sublist3r](https://github.com/aboul3la/Sublist3r) | Fast subdomains enumeration tool for penetration testers |  |  |
|
|[]|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |||
|
||||||
| Discovery/DOMAIN | [altdns](https://github.com/infosec-au/altdns) | Generates permutations, alterations and mutations of subdomains and then resolves them |  |  |
|
|[]|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |||
|
||||||
| Discovery/DOMAIN | [assetfinder](https://github.com/tomnomnom/assetfinder) | Find domains and subdomains related to a given domain |  |  |
|
|[]|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|||
|
||||||
| Discovery/DOMAIN | [chaos-client](https://github.com/projectdiscovery/chaos-client) | Go client to communicate with Chaos DNS API. |  |  |
|
|[]|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|||
|
||||||
| Discovery/DOMAIN | [ditto](https://github.com/evilsocket/ditto) | A tool for IDN homograph attacks and detection. |  |  |
|
|[]|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |||
|
||||||
| Discovery/DOMAIN | [dmut](https://github.com/bp0lr/dmut) | A tool to perform permutations, mutations and alteration of subdomains in golang. |  |  |
|
|[]|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |||
|
||||||
| Discovery/DOMAIN | [findomain](https://github.com/Edu4rdSHL/findomain) | The fastest and cross-platform subdomain enumerator, do not waste your time. |  |  |
|
|[]|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |||
|
||||||
| Discovery/DOMAIN | [knock](https://github.com/guelfoweb/knock) | Knock Subdomain Scan |  |  |
|
|[]|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|||
|
||||||
| Discovery/DOMAIN | [subfinder](https://github.com/projectdiscovery/subfinder) | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |  |  |
|
|[]|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |||
|
||||||
| Discovery/FAVICON | [FavFreak](https://github.com/devanshbatham/FavFreak) | Making Favicon.ico based Recon Great again ! |  |  |
|
|[]|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|||
|
||||||
| Discovery/FUZZ | [DirDar](https://github.com/M4DM0e/DirDar) | DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it |  |  |
|
|[]|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|||
|
||||||
| Discovery/FUZZ | [dirsearch](https://github.com/maurosoria/dirsearch) | Web path scanner |  |  |
|
|[]|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |||
|
||||||
| Discovery/FUZZ | [dontgo403](https://github.com/devploit/dontgo403) | Tool to bypass 40X response codes. |  |  |
|
|[]|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |||
|
||||||
| Discovery/FUZZ | [feroxbuster](https://github.com/epi052/feroxbuster) | A fast, simple, recursive content discovery tool written in Rust. |  |  |
|
|[]|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|||
|
||||||
| Discovery/FUZZ | [gobuster](https://github.com/OJ/gobuster) | Directory/File, DNS and VHost busting tool written in Go |  |  |
|
|[]|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools| ||x|
|
||||||
| Discovery/FUZZ | [medusa](https://github.com/riza/medusa) | Fastest recursive HTTP fuzzer, like a Ferrari. |  |  |
|
|[]|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |||
|
||||||
| Discovery/GH | [pagodo](https://github.com/opsdisk/pagodo) | pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching |  |  |
|
|[]|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |||
|
||||||
| Discovery/GIT | [GitMiner](https://github.com/UnkL4b/GitMiner) | Tool for advanced mining for content on Github |  |  |
|
|[]|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |||
|
||||||
| Discovery/GIT | [gitGraber](https://github.com/hisxo/gitGraber) | gitGraber |  |  |
|
|[]|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |||
|
||||||
| Discovery/GIT | [github-endpoints](https://github.com/gwen001/github-endpoints) | Find endpoints on GitHub. |  |  |
|
|[]|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |||
|
||||||
| Discovery/GIT | [github-regexp](https://github.com/gwen001/github-regexp) | Basically a regexp over a GitHub search. |  |  |
|
|[]|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|||
|
||||||
| Discovery/GIT | [github-search](https://github.com/gwen001/github-search) | Tools to perform basic search on GitHub. |  |  |
|
|[]|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |||
|
||||||
| Discovery/GIT | [github-subdomains](https://github.com/gwen001/github-subdomains) | Find subdomains on GitHub |  |  |
|
|[]|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|||
|
||||||
| Discovery/GIT | [gitleaks](https://github.com/zricethezav/gitleaks) | Scan git repos (or files) for secrets using regex and entropy 🔑 |  |  |
|
|[]|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |||
|
||||||
| Discovery/GIT | [gitrob](https://github.com/michenriksen/gitrob) | Reconnaissance tool for GitHub organizations |  |  |
|
|[]|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|||
|
||||||
| Discovery/GQL | [graphql-voyager](https://github.com/APIs-guru/graphql-voyager) | 🛰️ Represent any GraphQL API as an interactive graph |  |  |
|
|[]|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |||
|
||||||
| Discovery/GQL | [inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing |  |  |
|
|[]|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |||
|
||||||
| Discovery/HOST | [uncover](https://github.com/projectdiscovery/uncover) | Quickly discover exposed hosts on the internet using multiple search engine. |  |  |
|
|[]|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |||
|
||||||
| Discovery/HTTP | [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite. |  |  |
|
|[]|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|||
|
||||||
| Discovery/HTTP | [headi](https://github.com/mlcsec/headi) | Customisable and automated HTTP header injection |  |  |
|
|[]|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|||
|
||||||
| Discovery/JS | [JSFScan.sh](https://github.com/KathanP19/JSFScan.sh) | Automation for javascript recon in bug bounty. |  |  |
|
|[]|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|||
|
||||||
| Discovery/JS | [LinkFinder](https://github.com/GerbenJavado/LinkFinder) | A python script that finds endpoints in JavaScript files |  |  |
|
|[]|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|||
|
||||||
| Discovery/JS | [SecretFinder](https://github.com/m4ll0k/SecretFinder) | SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |  |  |
|
|[]|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |||
|
||||||
| Discovery/JS | [subjs](https://github.com/lc/subjs) | Fetches javascript file from a list of URLS or subdomains. |  |  |
|
|[]|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|||
|
||||||
| Discovery/OSINT | [spiderfoot](https://github.com/smicallef/spiderfoot) | SpiderFoot automates OSINT collection so that you can focus on analysis. |  |  |
|
|[]|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |||
|
||||||
| Discovery/PARAM | [ParamSpider](https://github.com/devanshbatham/ParamSpider) | Mining parameters from dark corners of Web Archives |  |  |
|
|[]|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |||
|
||||||
| Discovery/PARAM | [Parth](https://github.com/s0md3v/Parth) | Heuristic Vulnerable Parameter Scanner |  |  |
|
|[]|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |||
|
||||||
| Discovery/PARAM | [fuzzparam](https://github.com/0xsapra/fuzzparam) | A fast go based param miner to fuzz possible parameters a URL can have. |  |  |
|
|[]|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|||
|
||||||
| Discovery/PARAM | [parameth](https://github.com/maK-/parameth) | This tool can be used to brute discover GET and POST parameters |  |  |
|
|[]|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|||
|
||||||
| Discovery/PARAM | [x8](https://github.com/Sh1Yo/x8) | Hidden parameters discovery suite |  |  |
|
|[]|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|||
|
||||||
| Discovery/PORT | [RustScan](https://github.com/brandonskerritt/RustScan) | Faster Nmap Scanning with Rust |  |  |
|
|[]|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|||
|
||||||
| Discovery/PORT | [Shodan](https://www.shodan.io/) | World's first search engine for Internet-connected devices| | |
|
|[]|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|||
|
||||||
| Discovery/PORT | [masscan](https://github.com/robertdavidgraham/masscan) | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |  |  |
|
|[]|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|||
|
||||||
| Discovery/PORT | [naabu](https://github.com/projectdiscovery/naabu) | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |  |  |
|
|[]|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |||
|
||||||
| Discovery/PORT | [nmap](https://github.com/nmap/nmap) | Nmap - the Network Mapper. Github mirror of official SVN repository. |  |  |
|
|[]|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |||
|
||||||
| Discovery/TKOV | [SubOver](https://github.com/Ice3man543/SubOver) | A Powerful Subdomain Takeover Tool |  |  |
|
|[]|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |||
|
||||||
| Discovery/TKOV | [can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz) | "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records. |  |  |
|
|[]|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |||
|
||||||
| Discovery/TKOV | [subjack](https://github.com/haccer/subjack) | Subdomain Takeover tool written in Go |  |  |
|
|[]|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|||
|
||||||
| Discovery/TKOV | [subzy](https://github.com/LukaSikic/subzy) | Subdomain takeover vulnerability checker |  |  |
|
|[]|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |||
|
||||||
| Discovery/URL | [cariddi](https://github.com/edoardottt/cariddi) | Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... |  |  |
|
|[]|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |||
|
||||||
| Discovery/URL | [crawlergo](https://github.com/Qianlitp/crawlergo) | A powerful browser crawler for web vulnerability scanners |  |  |
|
|[]|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |||
|
||||||
| Discovery/URL | [gau](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. |  |  |
|
|[]|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|||
|
||||||
| Discovery/URL | [gauplus](https://github.com/bp0lr/gauplus) | A modified version of gau for personal usage. Support workers, proxies and some extra things. |  |  |
|
|[]|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |||
|
||||||
| Discovery/URL | [security-crawl-maze](https://github.com/google/security-crawl-maze) | Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document. |  |  |
|
|[]|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|||
|
||||||
| Discovery/URL | [urlhunter](https://github.com/utkusen/urlhunter) | a recon tool that allows searching on URLs that are exposed via shortener services |  |  |
|
|[]|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |||
|
||||||
| Discovery/URL | [waybackurls](https://github.com/tomnomnom/waybackurls) | Fetch all the URLs that the Wayback Machine knows about for a domain |  |  |
|
|[]|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |||
|
||||||
| Discovery/VULN | [Silver](https://github.com/s0md3v/Silver) | Mass scan IPs for vulnerable services |  |  |
|
|[]|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|||
|
||||||
| Discovery/WEBSOCK | [STEWS](https://github.com/PalindromeLabs/STEWS) | A Security Tool for Enumerating WebSockets |  |  |
|
|[]|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |||
|
||||||
| Discovery/WEBSOCK | [wssip](https://github.com/nccgroup/wssip) | Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. |  |  |
|
|[]|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner| ||x|
|
||||||
| Fetch/HTTP | [fhc](https://github.com/Edu4rdSHL/fhc) | Fast HTTP Checker. |  |  |
|
|[]|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|||
|
||||||
| Fetch/HTTP | [htcat](https://github.com/htcat/htcat) | Parallel and Pipelined HTTP GET Utility |  |  |
|
|[]|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|||
|
||||||
| Fetch/HTTP | [httprobe](https://github.com/tomnomnom/httprobe) | Take a list of domains and probe for working HTTP and HTTPS servers |  |  |
|
|[]|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |||
|
||||||
| Fetch/HTTP | [httpx](https://github.com/projectdiscovery/httpx) | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |  |  |
|
|[]|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|||
|
||||||
| Fetch/HTTP | [meg](https://github.com/tomnomnom/meg) | Fetch many paths for many hosts - without killing the hosts |  |  |
|
|[]|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |||
|
||||||
| Fetch/HTTP | [wuzz](https://github.com/asciimoo/wuzz) | Interactive cli tool for HTTP inspection |  |  |
|
|[]|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |||
|
||||||
| Fetch/JS | [getJS](https://github.com/003random/getJS) | A tool to fastly get all javascript sources/files |  |  |
|
|[]|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |||
|
||||||
| Scanner/CACHE | [Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner) | Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). |  |  |
|
|[]|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |||
|
||||||
| Scanner/CACHE-POISON | [fockcache](https://github.com/tismayil/fockcache) | FockCache - Minimalized Test Cache Poisoning |  |  |
|
|[]|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|||
|
||||||
| Scanner/CACHE-POISON | [web_cache_poison](https://github.com/fngoo/web_cache_poison) | web cache poison - Top 1 web hacking technique of 2019 |  |  |
|
|[]|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |||
|
||||||
| Scanner/CONFUSE | [confused](https://github.com/visma-prodsec/confused) | Tool to check for dependency confusion vulnerabilities in multiple package management systems |  |  |
|
|[]|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |||
|
||||||
| Scanner/CORS | [CorsMe](https://github.com/Shivangx01b/CorsMe) | Cross Origin Resource Sharing MisConfiguration Scanner |  |  |
|
|[]|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |||
|
||||||
| Scanner/CORS | [Corsy](https://github.com/s0md3v/Corsy) | CORS Misconfiguration Scanner |  |  |
|
|[]|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |||
|
||||||
| Scanner/CORS | [corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan) | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). |  |  |
|
|[]|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |||
|
||||||
| Scanner/CRLF | [crlfuzz](https://github.com/dwisiswant0/crlfuzz) | A fast tool to scan CRLF vulnerability written in Go |  |  |
|
|[]|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|||
|
||||||
| Scanner/CSRF | [XSRFProbe](https://github.com/0xInfection/XSRFProbe) | The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. |  |  |
|
|[]|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |||
|
||||||
| Scanner/FUZZ | [BruteX](https://github.com/1N3/BruteX) | Automatically brute force all services running on a target. |  |  |
|
|[]|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |||
|
||||||
| Scanner/FUZZ | [PPScan](https://github.com/msrkp/PPScan) | Client Side Prototype Pollution Scanner |  |  |
|
|[]|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|||
|
||||||
| Scanner/FUZZ | [VHostScan](https://github.com/codingo/VHostScan) | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |  |  |
|
|[]|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|||
|
||||||
| Scanner/FUZZ | [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer written in Go |  |  |
|
|[]|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|||
|
||||||
| Scanner/FUZZ | [plution](https://github.com/raverrr/plution) | Prototype pollution scanner using headless chrome |  |  |
|
|[]|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |||
|
||||||
| Scanner/FUZZ | [ppfuzz](https://github.com/dwisiswant0/ppfuzz) | A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 |  |  |
|
|[]|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |||
|
||||||
| Scanner/FUZZ | [ppmap](https://github.com/kleiton0x00/ppmap) | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. |  |  |
|
|[]|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |||
|
||||||
| Scanner/FUZZ | [thc-hydra](https://github.com/vanhauser-thc/thc-hydra) | hydra |  |  |
|
|[]|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|||
|
||||||
| Scanner/FUZZ | [wfuzz](https://github.com/xmendez/wfuzz) | Web application fuzzer |  |  |
|
|[]|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |||
|
||||||
| Scanner/GQL | [GraphQLmap](https://github.com/swisskyrepo/GraphQLmap) | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |  |  |
|
|[]|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|||
|
||||||
| Scanner/JS | [jsprime](https://github.com/dpnishant/jsprime) | a javascript static security analysis tool |  |  |
|
|[]|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |||
|
||||||
| Scanner/LFI | [LFISuite](https://github.com/D35m0nd142/LFISuite) | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |  |  |
|
|[]|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|||
|
||||||
| Scanner/LFI | [dotdotpwn](https://github.com/wireghoul/dotdotpwn) | DotDotPwn - The Directory Traversal Fuzzer |  |  |
|
|[]|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |||
|
||||||
| Scanner/NOSQL | [NoSQLMap](https://github.com/codingo/NoSQLMap) | Automated NoSQL database enumeration and web application exploitation tool. |  |  |
|
|[]|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |||
|
||||||
| Scanner/NOSQL | [nosqli](https://github.com/Charlie-belmer/nosqli) | NoSql Injection CLI tool |  |  |
|
|[]|[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google| ||x|
|
||||||
| Scanner/RCE | [commix](https://github.com/commixproject/commix) | Automated All-in-One OS Command Injection Exploitation Tool. |  |  |
|
|[]|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|||
|
||||||
| Scanner/RECON | [Osmedeus](https://github.com/j3ssie/Osmedeus) | Fully automated offensive security framework for reconnaissance and vulnerability scanning |  |  |
|
|[]|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|||
|
||||||
| Scanner/RECON | [Sn1per](https://github.com/1N3/Sn1per) | Automated pentest framework for offensive security experts |  |  |
|
|[]|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|||
|
||||||
| Scanner/RECON | [megplus](https://github.com/EdOverflow/megplus) | Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |  |  |
|
|[]|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|||
|
||||||
| Scanner/REDIRECT | [OpenRedireX](https://github.com/devanshbatham/OpenRedireX) | A Fuzzer for OpenRedirect issues |  |  |
|
|[]|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |||
|
||||||
| Scanner/S3 | [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump) | Security Tool to Look For Interesting Files in S3 Buckets |  |  |
|
|[]|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|||
|
||||||
| Scanner/S3 | [S3Scanner](https://github.com/sa7mon/S3Scanner) | Scan for open AWS S3 buckets and dump the contents |  |  |
|
|[]|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |||
|
||||||
| Scanner/SMUGGLE | [HRS](https://github.com/SafeBreach-Labs/HRS) | HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. |  |  |
|
|[]|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|||
|
||||||
| Scanner/SMUGGLE | [h2csmuggler](https://github.com/assetnote/h2csmuggler) | HTTP Request Smuggling Detection Tool |  |  |
|
|[]|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |||
|
||||||
| Scanner/SMUGGLE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs. |  |  |
|
|[]|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |||
|
||||||
| Scanner/SMUGGLE | [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) | HTTP Request Smuggling Detection Tool |  |  |
|
|[]|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |||
|
||||||
| Scanner/SMUGGLE | [http2smugl](https://github.com/neex/http2smugl) | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. |  |  |
|
|[]|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |||
|
||||||
| Scanner/SMUGGLE | [smuggler](https://github.com/defparam/smuggler) | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |  |  |
|
|[]|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |||
|
||||||
| Scanner/SMUGGLE | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler |  |  |
|
|[]|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |||
|
||||||
| Scanner/SMUGGLE | [ws-smuggler](https://github.com/hahwul/ws-smuggler) | WebSocket Connection Smuggler |  |  |
|
|[]|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|||
|
||||||
| Scanner/SQL | [SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner| | |
|
|[]|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|||
|
||||||
| Scanner/SQLi | [DSSS](https://github.com/stamparm/DSSS) | Damn Small SQLi Scanner |  |  |
|
|[]|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|||
|
||||||
| Scanner/SQLi | [SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner||
|
|[]|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |||
|
||||||
| Scanner/SQLi | [sqliv](https://github.com/the-robot/sqliv) | massive SQL injection vulnerability scanner |  |  |
|
|[]|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|||
|
||||||
| Scanner/SQLi | [sqlmap](https://github.com/sqlmapproject/sqlmap) | Automatic SQL injection and database takeover tool |  |  |
|
|[]|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|||
|
||||||
| Scanner/SSL | [DeepViolet](https://github.com/spoofzu/DeepViolet) | Tool for introspection of SSL\TLS sessions |  |  |
|
|[]|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |||
|
||||||
| Scanner/SSL | [a2sv](https://github.com/hahwul/a2sv) | Auto Scanning to SSL Vulnerability |  |  |
|
|[]|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices| ||x|
|
||||||
| Scanner/SSL | [testssl.sh](https://github.com/drwetter/testssl.sh) | Testing TLS/SSL encryption anywhere on any port |  |  |
|
|[]|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|||
|
||||||
| Scanner/SSRF | [SSRFmap](https://github.com/swisskyrepo/SSRFmap) | Automatic SSRF fuzzer and exploitation tool |  |  |
|
|[]|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|||
|
||||||
| Scanner/SSRF | [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) | A simple SSRF-testing sheriff written in Go |  |  |
|
|[]|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|||
|
||||||
| Scanner/SSTI | [tplmap](https://github.com/epinna/tplmap) | Server-Side Template Injection and Code Injection Detection and Exploitation Tool |  |  |
|
|[]|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|||
|
||||||
| Scanner/WP | [wprecon](https://github.com/blackcrw/wprecon) | Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. |  |  |
|
|[]|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|||
|
||||||
| Scanner/WP | [wpscan](https://github.com/wpscanteam/wpscan) | WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |  |  |
|
|[]|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|||
|
||||||
| Scanner/WVS | [Striker](https://github.com/s0md3v/Striker) | Striker is an offensive information and vulnerability scanner. |  |  |
|
|[]|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |||
|
||||||
| Scanner/WVS | [Taipan](https://github.com/enkomio/Taipan) | Web application vulnerability scanner |  |  |
|
|[]|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |||
|
||||||
| Scanner/WVS | [arachni](https://github.com/Arachni/arachni) | Web Application Security Scanner Framework |  |  |
|
|[]|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|||
|
||||||
| Scanner/WVS | [nikto](https://github.com/sullo/nikto) | Nikto web server scanner |  |  |
|
|[]|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|||
|
||||||
| Scanner/WVS | [rapidscan](https://github.com/skavngr/rapidscan) | The Multi-Tool Web Vulnerability Scanner. |  |  |
|
|[]|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|||
|
||||||
| Scanner/WVS | [zap-cli](https://github.com/Grunny/zap-cli) | A simple tool for interacting with OWASP ZAP from the commandline. |  |  |
|
|[]|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |||
|
||||||
| Scanner/XSS | [Cyclops](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) | Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. |  |  |
|
|[]|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |||
|
||||||
| Scanner/XSS | [DOMPurify](https://github.com/cure53/DOMPurify) | DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: |  |  |
|
|[]|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|||
|
||||||
| Scanner/XSS | [XSStrike](https://github.com/s0md3v/XSStrike) | Most advanced XSS scanner. |  |  |
|
|[]|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|||
|
||||||
| Scanner/XSS | [XSpear](https://github.com/hahwul/XSpear) | Powerfull XSS Scanning and Parameter analysis tool&gem |  |  |
|
|[]|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|||
|
||||||
| Scanner/XSS | [dalfox](https://github.com/hahwul/dalfox) | 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |  |  |
|
|[]|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|||
|
||||||
| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications |  |  |
|
|[]|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|||
|
||||||
| Scanner/XSS | [ezXSS](https://github.com/ssl/ezXSS) | ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |  |  |
|
|[]|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |||
|
||||||
| Scanner/XSS | [findom-xss](https://github.com/dwisiswant0/findom-xss) | A fast DOM based XSS vulnerability scanner with simplicity. |  |  |
|
|[]|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|||
|
||||||
| Scanner/XSS | [xsscrapy](https://github.com/DanMcInerney/xsscrapy) | XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |  |  |
|
|[]|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |||
|
||||||
| Scanner/XSS | [xsser](https://github.com/epsylon/xsser) | Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |  |  |
|
|[]|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|||
|
||||||
| ToolBox/ALL | [Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz) | BBT - Bug Bounty Tools |  |  |
|
|[]|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool| ||x|
|
||||||
| ToolBox/ALL | [CyberChef](https://github.com/gchq/CyberChef) | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |  |  |
|
|[]|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|||
|
||||||
| ToolBox/ALL | [hacks](https://github.com/tomnomnom/hacks) | A collection of hacks and one-off scripts |  |  |
|
|[]|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|||
|
||||||
| ToolBox/ALL | [pentest-tools](https://github.com/gwen001/pentest-tools) | Custom pentesting tools |  |  |
|
|[]|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |||
|
||||||
| ToolBox/DNS Rebind | [singularity](https://github.com/nccgroup/singularity) | A DNS rebinding attack framework. |  |  |
|
|[]|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |||
|
||||||
| Utility/ANY | [anew](https://github.com/tomnomnom/anew) | A tool for adding new lines to files, skipping duplicates |  |  |
|
|[]|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |||
|
||||||
| Utility/ANY | [bat](https://github.com/sharkdp/bat) | A cat(1) clone with wings. |  |  |
|
|[]|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|||
|
||||||
| Utility/ANY | [fzf](https://github.com/junegunn/fzf) | A command-line fuzzy finder |  |  |
|
|[]|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |||
|
||||||
| Utility/ANY | [gee](https://github.com/hahwul/gee) | 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go |  |  |
|
|[]|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|||
|
||||||
| Utility/ANY | [grc](https://github.com/garabik/grc) | generic colouriser |  |  |
|
|[]|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |||
|
||||||
| Utility/ANY | [pet](https://github.com/knqyf263/pet) | Simple command-line snippet manager, written in Go. |  |  |
|
|[]|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |||
|
||||||
| Utility/B-ADDON | [postMessage-tracker](https://github.com/fransr/postMessage-tracker) | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon |  |  |
|
|[]|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|||
|
||||||
| Utility/BRIDGE | [Atlas](https://github.com/m4ll0k/Atlas) | Quick SQLMap Tamper Suggester |  |  |
|
|[]|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |||
|
||||||
| Utility/CRACK | [hashcat](https://github.com/hashcat/hashcat/) | World's fastest and most advanced password recovery utility |  |  |
|
|[]|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |||
|
||||||
| Utility/CSP | [CSP Evaluator](https://csp-evaluator.withgoogle.com) | Online CSP Evaluator from google| | |
|
|[]|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |||
|
||||||
| Utility/ENV | [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) | GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |  |  |
|
|[]|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|||
|
||||||
| Utility/ENV | [recon_profile](https://github.com/nahamsec/recon_profile) | Recon profile (bash profile) for bugbounty |  |  |
|
|[]|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |||
|
||||||
| Utility/ETC | [Phoenix](https://www.hahwul.com/p/phoenix.html) | hahwul's online tools| | |
|
|[]|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |||
|
||||||
| Utility/FLOW | [SequenceDiagram](https://sequencediagram.org) | Online tool for creating UML sequence diagrams| | |
|
|[]|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |||
|
||||||
| Utility/GIT | [gitls](https://github.com/hahwul/gitls) | Listing git repository from URL/User/Org |  |  |
|
|[]|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|||
|
||||||
| Utility/GREP | [gf](https://github.com/tomnomnom/gf) | A wrapper around grep, to help you grep for things |  |  |
|
|[]|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |||
|
||||||
| Utility/HTTP | [curl](https://github.com/curl/curl) | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features |  |  |
|
|[]|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |||
|
||||||
| Utility/HTTP | [httpie](https://github.com/httpie/httpie) | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie |  |  |
|
|[]|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|||
|
||||||
| Utility/HTTP | [hurl](https://github.com/Orange-OpenSource/hurl) | Hurl, run and test HTTP requests. |  |  |
|
|[]|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |||
|
||||||
| Utility/JSON | [gron](https://github.com/tomnomnom/gron) | Make JSON greppable! |  |  |
|
|[]|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |||
|
||||||
| Utility/JWT | [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) | JWT brute force cracker written in C |  |  |
|
|[]|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |||
|
||||||
| Utility/JWT | [jwt-cracker](https://github.com/lmammino/jwt-cracker) | Simple HS256 JWT token brute force cracker |  |  |
|
|[]|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|||
|
||||||
| Utility/JWT | [jwt-hack](https://github.com/hahwul/jwt-hack) | 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce) |  |  |
|
|[]|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |||
|
||||||
| Utility/NOTIFY | [Emissary](https://github.com/BountyStrike/Emissary) | Send notifications on different channels such as Slack, Telegram, Discord etc. |  |  |
|
|[]|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|||
|
||||||
| Utility/NOTIFY | [ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack) | Hacky Slack - a bash script that sends beautiful messages to Slack |  |  |
|
|[]|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|||
|
||||||
| Utility/NOTIFY | [slackcat](https://github.com/bcicen/slackcat) | CLI utility to post files and command output to slack |  |  |
|
|[]|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|||
|
||||||
| Utility/OAST | [TukTuk](https://github.com/ArturSS7/TukTuk) | Tool for catching and logging different types of requests. |  |  |
|
|[]|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|||
|
||||||
| Utility/OAST | [boast](https://github.com/marcoagner/boast) | The BOAST Outpost for AppSec Testing (v0.1.0) |  |  |
|
|[]|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|||
|
||||||
| Utility/OAST | [dnsobserver](https://github.com/allyomalley/dnsobserver) | A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |  |  |
|
|[]|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |||
|
||||||
| Utility/OAST | [interactsh](https://github.com/projectdiscovery/interactsh) | An OOB interaction gathering server and client library |  |  |
|
|[]|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|||
|
||||||
| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. |  |  |
|
|[]|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |||
|
||||||
| Utility/PAYLOAD | [Blacklist3r](https://github.com/NotSoSecure/Blacklist3r) | project-blacklist3r |  |  |
|
|[]|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|||
|
||||||
| Utility/PAYLOAD | [Findsploit](https://github.com/1N3/Findsploit) | Find exploits in local and online databases instantly |  |  |
|
|[]|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|||
|
||||||
| Utility/PAYLOAD | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |  |  |
|
|[]|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|||
|
||||||
| Utility/PAYLOAD | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. |  |  |
|
|[]|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |||
|
||||||
| Utility/PAYLOAD | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF |  |  |
|
|[]|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |||
|
||||||
| Utility/PAYLOAD | [PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) | 📡 PoC auto collect from GitHub. Be careful malware. |  |  |
|
|[]|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |||
|
||||||
| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. |  |  |
|
|[]|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project||x|
|
||||||
| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) |  |  |
|
|[]|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|||
|
||||||
| Utility/PAYLOAD | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker |  |  |
|
|[]|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|||
|
||||||
| Utility/PAYLOAD | [jsfuck](https://github.com/aemkei/jsfuck) | Write any JavaScript with 6 Characters |  |  |
|
|[]|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|||
|
||||||
| Utility/PAYLOAD | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes |  |  |
|
|[]|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |||
|
||||||
| Utility/PAYLOAD | [quickjack](https://github.com/samyk/quickjack) | Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks. |  |  |
|
|[]|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |||
|
||||||
| Utility/PAYLOAD | [security-research-pocs](https://github.com/google/security-research-pocs) | Proof-of-concept codes created as part of security research done by Google Security Team. |  |  |
|
|[]|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |||
|
||||||
| Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 |  |  |
|
|[]|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|||
|
||||||
| Utility/PAYLOAD | [xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data) | This repository contains all the XSS cheatsheet data to allow contributions from the community. |  |  |
|
|[]|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |||
|
||||||
| Utility/PAYLOAD | [xssor2](https://github.com/evilcos/xssor2) | XSS'OR - Hack with JavaScript. |  |  |
|
|[]|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|||
|
||||||
| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads |  |  |
|
|[]|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|||
|
||||||
| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |  |  |
|
|[]|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|||
|
||||||
| Utility/PAYLOAD | [ysoserial.net](https://github.com/pwntester/ysoserial.net) | Deserialization payload generator for a variety of .NET formatters |  |  |
|
|[]|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|||
|
||||||
| Utility/PENTEST | [axiom](https://github.com/pry0cc/axiom) | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |  |  |
|
|[]|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |||
|
||||||
| Utility/PENTEST | [pwncat](https://github.com/cytopia/pwncat) | pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |  |  |
|
|[]|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |||
|
||||||
| Utility/S3 | [s3reverse](https://github.com/hahwul/s3reverse) | The format of various s3 buckets is convert in one format. for bugbounty and security testing. |  |  |
|
|[]|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|||
|
||||||
| Utility/SETUP | [autochrome](https://github.com/nccgroup/autochrome) | This tool downloads, installs, and configures a shiny new copy of Chromium. |  |  |
|
|[]|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |||
|
||||||
| Utility/SHOT | [gowitness](https://github.com/sensepost/gowitness) | 🔍 gowitness - a golang, web screenshot utility using Chrome Headless |  |  |
|
|[]|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |||
|
||||||
| Utility/Scripts | [tiscripts](https://github.com/defparam/tiscripts) | Turbo Intruder Scripts |  |  |
|
|[]|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |||
|
||||||
| Utility/TEMPLATE | [bountyplz](https://github.com/fransr/bountyplz) | Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |  |  |
|
|[]|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|||
|
||||||
| Utility/TEMPLATE | [template-generator](https://github.com/fransr/template-generator) | A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |  |  |
|
|[]|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|||
|
||||||
| Utility/URL | [burl](https://github.com/tomnomnom/burl) | A Broken-URL Checker |  |  |
|
|[]|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|||
|
||||||
| Utility/URL | [cf-check](https://github.com/dwisiswant0/cf-check) | Cloudflare Checker written in Go |  |  |
|
|[]|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |||
|
||||||
| Utility/URL | [grex](https://github.com/pemistahl/grex) | A command-line tool and library for generating regular expressions from user-provided test cases |  |  |
|
|[]|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |||
|
||||||
| Utility/URL | [hakcheckurl](https://github.com/hakluke/hakcheckurl) | Takes a list of URLs and returns their HTTP response codes |  |  |
|
|[]|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|||
|
||||||
| Utility/URL | [qsreplace](https://github.com/tomnomnom/qsreplace) | Accept URLs on stdin, replace all query string values with a user-supplied value |  |  |
|
|[]|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|||
|
||||||
| Utility/URL | [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin |  |  |
|
|[]|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |||
|
||||||
| Utility/URL | [urlprobe](https://github.com/1ndianl33t/urlprobe) | Urls status code & content length checker |  |  |
|
|[]|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|||
|
||||||
| Utility/URL | [uro](https://github.com/s0md3v/uro) | declutters url lists for crawling/pentesting |  |  |
|
|[]|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |||
|
||||||
| Utility/WAF | [gotestwaf](https://github.com/wallarm/gotestwaf) | An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses |  |  |
|
|[]|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|||
|
||||||
| Utility/WORD | [wordlists](https://github.com/assetnote/wordlists) | Automated & Manual Wordlists provided by Assetnote |  |  |
|
|[]|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |||
|
||||||
| Utility/WORD | [CT_subdomains](https://github.com/internetwache/CT_subdomains) | An hourly updated list of subdomains gathered from certificate transparency logs |  |  |
|
|[]|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |||
|
||||||
| Utility/WORD | [SecLists](https://github.com/danielmiessler/SecLists) | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |  |  |
|
|[]|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |||
|
||||||
| Utility/WORD | [longtongue](https://github.com/edoardottt/longtongue) | Customized Password/Passphrase List inputting Target Info |  |  |
|
|[]|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|||
|
||||||
| Utility/WORD | [subs_all](https://github.com/emadshanab/subs_all) | Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |  |  |
|
|
||||||
| Utility/WORDLIST | [gotator](https://github.com/Josue87/gotator) | Gotator is a tool to generate DNS wordlists through permutations. |  |  |
|
### Bookmarklets
|
||||||
| Utility/XS-Leaks | [xsinator.com](https://github.com/RUB-NDS/xsinator.com) | XS-Leak Browser Test Suite |  |  |
|
| Type | Name | Description | Badges | Popularity |
|
||||||
|
| --- | --- | --- | --- | --- |
|
||||||
|
|
||||||
|
### Browser Addons
|
||||||
|
| Type | Name | Description | Badges | Popularity |
|
||||||
|
| --- | --- | --- | --- | --- |
|
||||||
|
|[]|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|||
|
||||||
|
|[]|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|||
|
||||||
|
|[]|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|||
|
||||||
|
|[]|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site||x|
|
||||||
|
|[]|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.||x|
|
||||||
|
|[]|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|||
|
||||||
|
|[]|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome||x|
|
||||||
|
|[]|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website||x|
|
||||||
|
|[]|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site||x|
|
||||||
|
|[]|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|||
|
||||||
|
|[]|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|||
|
||||||
|
|[]|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|||
|
||||||
|
|[]|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|||
|
||||||
|
|
||||||
|
### Burpsuite and ZAP Addons
|
||||||
|
| Type | Name | Description | Badges | Popularity |
|
||||||
|
| --- | --- | --- | --- | --- |
|
||||||
|
|[]|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||||
|
||||||
|
|[]|[param-miner](https://github.com/PortSwigger/param-miner)||||
|
||||||
|
|[]|[HUNT](https://github.com/bugcrowd/HUNT)||||
|
||||||
|
|[]|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|||
|
||||||
|
|[]|[Autorize](https://github.com/Quitten/Autorize)||||
|
||||||
|
|[]|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||||
|
||||||
|
|[]|[taborator](https://github.com/hackvertor/taborator)||||
|
||||||
|
|[]|[BurpBounty](https://github.com/wagiro/BurpBounty)||||
|
||||||
|
|[]|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||||
|
||||||
|
|[]|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||||
|
||||||
|
|[]|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||||
|
||||||
|
|[]|[safecopy](https://github.com/yashrs/safecopy)||||
|
||||||
|
|[]|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|||
|
||||||
|
|[]|[http-script-generator](https://github.com/h3xstream/http-script-generator)||||
|
||||||
|
|[]|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||||
|
||||||
|
|[]|[femida](https://github.com/wish-i-was/femida)||||
|
||||||
|
|[]|[burp-exporter](https://github.com/artssec/burp-exporter)||||
|
||||||
|
|[]|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||||
|
||||||
|
|[]|[zap-hud](https://github.com/zaproxy/zap-hud)||||
|
||||||
|
|[]|[Stepper](https://github.com/CoreyD97/Stepper)||||
|
||||||
|
|[]|[inql](https://github.com/doyensec/inql)||||
|
||||||
|
|[]|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||||
|
||||||
|
|[]|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||||
|
||||||
|
|[]|[csp-auditor](https://github.com/GoSecure/csp-auditor)||||
|
||||||
|
|[]|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||||
|
||||||
|
|[]|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||||
|
||||||
|
|[]|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||||
|
||||||
|
|[]|[reflect](https://github.com/TypeError/reflect)||||
|
||||||
|
|[]|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||||
|
||||||
|
|[]|[burp-piper](https://github.com/silentsignal/burp-piper)||||
|
||||||
|
|[]|[community-scripts](https://github.com/zaproxy/community-scripts)||||
|
||||||
|
|[]|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||||
|
||||||
|
|[]|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||||
|
||||||
|
|
||||||
## Thanks to (Contributor)
|
## Thanks to (Contributor)
|
||||||
I would like to thank everyone who helped with this project 👍😎
|
I would like to thank everyone who helped with this project 👍😎
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -108,4 +108,5 @@ Dir.entries("./weapons/").each do | name |
|
||||||
end
|
end
|
||||||
|
|
||||||
markdown = ERB.new(template, trim_mode: "%<>")
|
markdown = ERB.new(template, trim_mode: "%<>")
|
||||||
puts markdown.result
|
#puts markdown.result
|
||||||
|
File.write './README.md', markdown.result
|
||||||
Loading…
Reference in New Issue