From f59af59f5547ee1e31e9781744827624b5be8bf0 Mon Sep 17 00:00:00 2001 From: hahwul Date: Thu, 18 Aug 2022 00:45:37 +0900 Subject: [PATCH] Update --- CONTRIBUTING.md | 2 +- README.md | 588 +++++++++--------- scripts/erb.rb | 2 +- weapons/230-OOB.yaml | 7 +- weapons/3klCon.yaml | 7 +- weapons/AWSBucketDump.yaml | 7 +- weapons/Amass.yaml | 3 +- weapons/Arjun.yaml | 2 +- weapons/Assetnote_Wordlists.yaml | 2 +- weapons/Atlas.yaml | 2 +- weapons/AuthMatrix.yaml | 2 +- weapons/Autorize.yaml | 2 +- weapons/Blacklist3r.yaml | 7 +- weapons/BruteX.yaml | 7 +- weapons/Bug-Bounty-Toolz.yaml | 7 +- weapons/BurpBounty.yaml | 2 +- weapons/BurpCustomizer.yaml | 2 +- weapons/BurpJSLinkFinder.yaml | 2 +- weapons/BurpSuite-Secret_Finder.yaml | 2 +- weapons/BurpSuite.yaml | 7 +- weapons/BurpSuiteHTTPSmuggler.yaml | 2 +- weapons/BurpSuiteLoggerPlusPlus.yaml | 2 +- weapons/CSP_Evaluator.yaml | 2 +- weapons/CT_subdomains.yaml | 2 +- weapons/Chaos_Web.yaml | 7 +- .../Chromium-based-XSS-Taint-Tracking.yaml | 2 +- weapons/CorsMe.yaml | 2 +- weapons/Corsy.yaml | 2 +- weapons/CyberChef.yaml | 2 +- weapons/DNSDumpster.yaml | 2 +- weapons/DOMPurify.yaml | 2 +- weapons/DSSS.yaml | 2 +- weapons/Dark_Reader.yaml | 2 +- weapons/Dark_Reader_for_Safari.yaml | 2 +- weapons/DeepViolet.yaml | 2 +- weapons/DirDar.yaml | 2 +- weapons/DotGit.yaml | 2 +- weapons/Edit-This-Cookie.yaml | 2 +- weapons/Emissary.yaml | 2 +- weapons/FavFreak.yaml | 2 +- weapons/Findsploit.yaml | 2 +- weapons/Gf-Patterns.yaml | 2 +- weapons/GitMiner.yaml | 2 +- weapons/Gopherus.yaml | 2 +- weapons/GraphQLmap.yaml | 2 +- weapons/HRS.yaml | 2 +- weapons/HUNT.yaml | 2 +- weapons/Hack-Tools.yaml | 2 +- weapons/HydraRecon.yaml | 2 +- weapons/IntruderPayloads.yaml | 2 +- weapons/JSFScan.sh.yaml | 2 +- weapons/LFISuite.yaml | 2 +- weapons/LinkFinder.yaml | 2 +- weapons/MM3_ProxySwitch.yaml | 2 +- weapons/NoSQLMap.yaml | 2 +- weapons/OneForAll.yaml | 2 +- weapons/OpenRedireX.yaml | 2 +- weapons/Osmedeus.yaml | 2 +- weapons/PPScan.yaml | 2 +- weapons/ParamSpider.yaml | 2 +- weapons/Parth.yaml | 2 +- weapons/PayloadsAllTheThings.yaml | 2 +- weapons/Phoenix.yaml | 2 +- weapons/Photon.yaml | 2 +- weapons/PoC-in-GitHub.yaml | 2 +- weapons/RustScan.yaml | 2 +- weapons/S3Scanner.yaml | 2 +- weapons/SQLNinja.yaml | 2 +- weapons/SQL_Ninja.yaml | 2 +- weapons/SSRFmap.yaml | 2 +- weapons/STEWS.yaml | 2 +- weapons/SecLists.yaml | 2 +- weapons/SecretFinder.yaml | 2 +- weapons/SecurityTrails.yaml | 2 +- weapons/SequenceDiagram.yaml | 2 +- weapons/Shodan.yaml | 2 +- weapons/Silver.yaml | 2 +- weapons/Sn1per.yaml | 2 +- weapons/Stepper.yaml | 2 +- weapons/Striker.yaml | 2 +- weapons/SubOver.yaml | 2 +- weapons/Sublist3r.yaml | 2 +- weapons/Taipan.yaml | 2 +- weapons/TukTuk.yaml | 2 +- weapons/User-Agent_Switcher.yaml | 2 +- weapons/VHostScan.yaml | 2 +- weapons/Wayback_Machine.yaml | 2 +- weapons/Web-Cache-Vulnerability-Scanner.yaml | 2 +- weapons/XSRFProbe.yaml | 2 +- weapons/XSStrike.yaml | 2 +- weapons/XSpear.yaml | 2 +- weapons/XXEinjector.yaml | 2 +- weapons/a2sv.yaml | 2 +- weapons/altdns.yaml | 2 +- weapons/anew.yaml | 2 +- weapons/apkleaks.yaml | 2 +- weapons/aquatone.yaml | 2 +- weapons/arachni.yaml | 3 +- weapons/assetfinder.yaml | 2 +- weapons/attack-surface-detector-zap.yaml | 2 +- weapons/auto-repeater.yaml | 2 +- weapons/autochrome.yaml | 2 +- weapons/axiom.yaml | 3 +- weapons/bat.yaml | 7 +- weapons/boast.yaml | 7 +- weapons/bountyplz.yaml | 4 +- weapons/burl.yaml | 2 +- weapons/burp-exporter.yaml | 2 +- weapons/burp-piper.yaml | 2 +- weapons/burp-retire-js.yaml | 2 +- weapons/burp-send-to.yaml | 2 +- weapons/c-jwt-cracker.yaml | 2 +- weapons/can-i-take-over-xyz.yaml | 7 +- weapons/cariddi.yaml | 7 +- weapons/cc.py.yaml | 2 +- weapons/cf-check.yaml | 2 +- weapons/chaos-client.yaml | 2 +- weapons/clear-cache.yaml | 2 +- weapons/collaborator-everywhere.yaml | 2 +- weapons/commix.yaml | 7 +- weapons/community-scripts.yaml | 2 +- weapons/confused.yaml | 7 +- weapons/cookie-quick-manager.yaml | 2 +- weapons/corsair_scan.yaml | 7 +- weapons/crawlergo.yaml | 7 +- weapons/crlfuzz.yaml | 2 +- weapons/csp-auditor.yaml | 2 +- weapons/curl.yaml | 2 +- weapons/dalfox.yaml | 2 +- weapons/dirsearch.yaml | 2 +- weapons/ditto.yaml | 2 +- weapons/dmut.yaml | 2 +- weapons/dnsobserver.yaml | 2 +- weapons/dnsprobe.yaml | 2 +- weapons/dnsvalidator.yaml | 2 +- weapons/dnsx.yaml | 2 +- weapons/docem.yaml | 2 +- weapons/domdig.yaml | 2 +- weapons/dontgo403.yaml | 2 +- weapons/dotdotpwn.yaml | 2 +- weapons/eval_villain.yaml | 2 +- weapons/ezXSS.yaml | 2 +- weapons/femida.yaml | 2 +- weapons/feroxbuster.yaml | 2 +- weapons/ffuf.yaml | 2 +- weapons/fhc.yaml | 2 +- weapons/findom-xss.yaml | 2 +- weapons/findomain.yaml | 2 +- weapons/fockcache.yaml | 2 +- weapons/fuzzparam.yaml | 2 +- weapons/fzf.yaml | 2 +- weapons/gau.yaml | 2 +- weapons/gauplus.yaml | 2 +- weapons/gee.yaml | 2 +- weapons/getJS.yaml | 2 +- weapons/gf.yaml | 2 +- weapons/gitGraber.yaml | 2 +- weapons/github-endpoints.yaml | 2 +- weapons/github-regexp.yaml | 2 +- weapons/github-search.yaml | 2 +- weapons/github-subdomains.yaml | 2 +- weapons/gitleaks.yaml | 2 +- weapons/gitls.yaml | 2 +- weapons/gitrob.yaml | 2 +- weapons/go-dork.yaml | 2 +- weapons/gobuster.yaml | 2 +- weapons/gospider.yaml | 2 +- weapons/gotator.yaml | 2 +- weapons/gotestwaf.yaml | 2 +- weapons/gowitness.yaml | 2 +- weapons/graphql-voyager.yaml | 2 +- weapons/grc.yaml | 2 +- weapons/grex.yaml | 2 +- weapons/gron.yaml | 2 +- weapons/h2csmuggler.yaml | 2 +- weapons/hacks.yaml | 2 +- weapons/hakcheckurl.yaml | 2 +- weapons/hakrawler.yaml | 2 +- weapons/hakrevdns.yaml | 2 +- weapons/haktrails.yaml | 2 +- weapons/hashcat.yaml | 2 +- weapons/headi.yaml | 2 +- weapons/hetty.yaml | 2 +- weapons/hinject.yaml | 2 +- weapons/htcat.yaml | 2 +- weapons/http-request-smuggler.yaml | 2 +- weapons/http-request-smuggling.yaml | 2 +- weapons/http-script-generator.yaml | 2 +- weapons/http2smugl.yaml | 2 +- weapons/httpie.yaml | 2 +- weapons/httprobe.yaml | 2 +- weapons/httptoolkit.yaml | 2 +- weapons/httpx.yaml | 2 +- weapons/hurl.yaml | 2 +- weapons/inql.yaml | 2 +- weapons/interactsh.yaml | 2 +- weapons/intrigue-core.yaml | 2 +- weapons/jaeles.yaml | 2 +- weapons/jsfuck.yaml | 2 +- weapons/jsonwebtoken.github.io.yaml | 2 +- weapons/jsprime.yaml | 2 +- weapons/jwt-cracker.yaml | 2 +- weapons/jwt-hack.yaml | 2 +- weapons/kiterunner.yaml | 2 +- weapons/knife.yaml | 2 +- weapons/knock.yaml | 2 +- weapons/lazyrecon.yaml | 2 +- weapons/longtongue.yaml | 2 +- weapons/masscan.yaml | 2 +- weapons/medusa.yaml | 2 +- weapons/meg.yaml | 2 +- weapons/megplus.yaml | 2 +- weapons/naabu.yaml | 2 +- weapons/nikto.yaml | 2 +- weapons/nmap.yaml | 2 +- weapons/nosqli.yaml | 2 +- weapons/nuclei.yaml | 2 +- weapons/ob_hacky_slack.yaml | 2 +- weapons/owasp-zap-jwt-addon.yaml | 2 +- weapons/oxml_xxe.yaml | 2 +- weapons/pagodo.yaml | 2 +- weapons/param-miner.yaml | 2 +- weapons/parameth.yaml | 2 +- weapons/pentest-tools.yaml | 2 +- weapons/pet.yaml | 2 +- weapons/plution.yaml | 2 +- weapons/postMessage-tracker.yaml | 2 +- weapons/ppfuzz.yaml | 2 +- weapons/ppmap.yaml | 2 +- weapons/proxify.yaml | 2 +- weapons/puredns.yaml | 2 +- weapons/pwncat.yaml | 2 +- weapons/qsreplace.yaml | 2 +- weapons/quickjack.yaml | 2 +- weapons/rapidscan.yaml | 2 +- weapons/recon_profile.yaml | 2 +- weapons/reconftw.yaml | 2 +- weapons/reflect.yaml | 2 +- weapons/reflected-parameters.yaml | 2 +- weapons/rengine.yaml | 2 +- weapons/rusolver.yaml | 2 +- weapons/s3reverse.yaml | 2 +- weapons/safecopy.yaml | 2 +- weapons/scilla.yaml | 2 +- weapons/security-crawl-maze.yaml | 2 +- weapons/security-research-pocs.yaml | 2 +- weapons/shuffledns.yaml | 2 +- weapons/singularity.yaml | 2 +- weapons/slackcat.yaml | 2 +- weapons/smuggler.yaml | 2 +- weapons/sn0int.yaml | 2 +- weapons/spiderfoot.yaml | 2 +- weapons/sqliv.yaml | 2 +- weapons/sqlmap.yaml | 2 +- weapons/ssrf-sheriff.yaml | 2 +- weapons/subfinder.yaml | 2 +- weapons/subgen.yaml | 2 +- weapons/subjack.yaml | 2 +- weapons/subjs.yaml | 2 +- weapons/subs_all.yaml | 2 +- weapons/subzy.yaml | 2 +- weapons/taborator.yaml | 2 +- weapons/template-generator.yaml | 2 +- weapons/testssl.sh.yaml | 2 +- weapons/thc-hydra.yaml | 2 +- weapons/tiscripts.yaml | 2 +- weapons/tplmap.yaml | 2 +- weapons/turbo-intruder.yaml | 2 +- weapons/uncover.yaml | 2 +- weapons/unfurl.yaml | 2 +- weapons/urlgrab.yaml | 2 +- weapons/urlhunter.yaml | 2 +- weapons/urlprobe.yaml | 2 +- weapons/uro.yaml | 2 +- weapons/waybackurls.yaml | 2 +- weapons/weaponised-XSS-payloads.yaml | 2 +- weapons/web_cache_poison.yaml | 2 +- weapons/websocket-connection-smuggler.yaml | 2 +- weapons/wfuzz.yaml | 2 +- weapons/wprecon.yaml | 2 +- weapons/wpscan.yaml | 2 +- weapons/ws-smuggler.yaml | 2 +- weapons/wssip.yaml | 2 +- weapons/wuzz.yaml | 2 +- weapons/x8.yaml | 2 +- weapons/xsinator.com.yaml | 2 +- weapons/xss-cheatsheet-data.yaml | 2 +- weapons/xsscrapy.yaml | 2 +- weapons/xsser.yaml | 2 +- weapons/xssor2.yaml | 2 +- weapons/xxeserv.yaml | 2 +- weapons/ysoserial.net.yaml | 2 +- weapons/ysoserial.yaml | 2 +- weapons/zap-cli.yaml | 2 +- weapons/zap-hud.yaml | 2 +- weapons/zaproxy.yaml | 2 +- weapons/zdns.yaml | 2 +- 297 files changed, 659 insertions(+), 606 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e61da3d..53e663f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ name: App Name description: App Description url: App URL # https://github.com/hahwul/dalfox category: tool # tool / tool-addon / browser-addon / bookmarklet -types: [] # fuzzer / scanner / enum / etc... +type: # fuzzer / scanner / enum / etc... platform: - linux # linux - macos # macos application diff --git a/README.md b/README.md index e1d14be..b384567 100644 --- a/README.md +++ b/README.md @@ -31,254 +31,254 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Tools | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| -|[]|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| -|[]|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| -|[]|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| -|[]|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| -|[]|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| -|[]|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| -|[]|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| -|[]|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| -|[]|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| -|[]|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| -|[]|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| -|[]|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| -|[]|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets||![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| -|[]|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)||x| -|[]|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| -|[]|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| -|[]|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| -|[]|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| -|[]|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| -|[]|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| -|[]|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| -|[]|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| -|[]|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| -|[]|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| -|[]|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| -|[]|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| -|[]|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| -|[]|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| -|[]|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| -|[]|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| -|[]|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| -|[]|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| -|[]|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| -|[]|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| -|[]|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| -|[]|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| -|[]|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| -|[]|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| -|[]|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| -|[]|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| -|[]|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| -|[]|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| -|[]|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| -|[]|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| -|[]|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| -|[]|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| -|[]|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| -|[]|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| -|[]|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| -|[]|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| -|[]|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| -|[]|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| -|[]|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| -|[]|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| -|[]|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| -|[]|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| -|[]|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| -|[]|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| -|[]|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| -|[]|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| -|[]|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| -|[]|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| -|[]|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| -|[]|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| -|[]|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| -|[]|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| -|[]|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| -|[]|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| -|[]|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| -|[]|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| -|[]|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| -|[]|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| -|[]|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| -|[]|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| -|[]|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| -|[]|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| -|[]|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| -|[]|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| -|[]|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| -|[]|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| -|[]|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| -|[]|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| -|[]|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| -|[]|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| -|[]|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| -|[]|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| -|[]|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| -|[]|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| -|[]|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| -|[]|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| -|[]|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| -|[]|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| -|[]|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).||![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| -|[]|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| -|[]|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| -|[]|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| -|[]|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| -|[]|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| -|[]|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| -|[]|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| -|[]|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| -|[]|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| -|[]|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| -|[]|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| -|[]|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| -|[]|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| -|[]|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| -|[]|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| -|[]|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| -|[]|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| -|[]|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| -|[]|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| -|[]|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| -|[]|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| -|[]|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| -|[]|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| -|[]|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| -|[]|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| -|[]|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| -|[]|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| -|[]|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| -|[]|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| -|[]|[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| -|[]|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| -|[]|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| -|[]|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| -|[]|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| -|[]|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.||![](https://img.shields.io/github/stars/lc/230-OOB)| -|[]|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| -|[]|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| -|[]|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| -|[]|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| -|[]|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| -|[]|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| -|[]|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| -|[]|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| -|[]|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| -|[]|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners||![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| -|[]|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| -|[]|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| -|[]|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| -|[]|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)||![](https://img.shields.io/github/stars/marcoagner/boast)| -|[]|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| -|[]|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...||![](https://img.shields.io/github/stars/edoardottt/cariddi)| -|[]|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| -|[]|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack)| -|[]|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| -|[]|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| -|[]|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| -|[]|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| -|[]|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| -|[]|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| -|[]|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| -|[]|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| -|[]|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools ||![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| -|[]|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| -|[]|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| -|[]|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| -|[]|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| -|[]|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| -|[]|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| -|[]|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| -|[]|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| -|[]|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| -|[]|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| -|[]|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| -|[]|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| -|[]|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| -|[]|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| -|[]|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![macos](./images/apple.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| -|[]|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| -|[]|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| -|[]|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.||![](https://img.shields.io/github/stars/commixproject/commix)| -|[]|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| -|[]|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| -|[]|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| -|[]|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| -|[]|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| -|[]|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| -|[]|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| -|[]|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| -|[]|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| -|[]|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| -|[]|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.||![](https://img.shields.io/github/stars/1N3/BruteX)| -|[]|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| -|[]|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| -|[]|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| -|[]|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| -|[]|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| -|[]|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| -|[]|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| -|[]|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| -|[]|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| -|[]|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| -|[]|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| -|[]|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| -|[]|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| -|[]|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| -|[]|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems||![](https://img.shields.io/github/stars/visma-prodsec/confused)| -|[]|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| -|[]|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| -|[]|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| -|[]|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| -|[]|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| -|[]|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| -|[]|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| -|[]|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project||x| -|[]|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| -|[]|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| -|[]|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| -|[]|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| -|[]|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| -|[]|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| -|[]|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| -|[]|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| -|[]|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| -|[]|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.||![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| -|[]|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.||![](https://img.shields.io/github/stars/eslam3kl/3klCon)| -|[]|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| -|[]|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| -|[]|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| -|[]|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| -|[]|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| -|[]|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| -|[]|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| -|[]|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| -|[]|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.||![](https://img.shields.io/github/stars/sharkdp/bat)| -|[]|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| -|[]|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| -|[]|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| -|[]|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| -|[]|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| -|[]|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| -|[]|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| -|[]|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| -|[]|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| -|[]|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r ||![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| -|[]|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| -|[]|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| -|[]|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| +||[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| +||[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| +||[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| +||[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| +||[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| +||[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| +||[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| +||[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| +||[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| +||[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| +||[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| +||[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| +||[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| +||[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| +||[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|x| +||[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| +||[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| +||[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| +||[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| +||[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| +||[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| +||[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| +||[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| +||[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| +||[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| +||[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| +||[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| +||[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| +||[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| +||[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| +||[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| +||[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| +||[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| +||[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| +||[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| +||[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| +||[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| +||[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| +||[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| +||[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| +||[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| +||[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| +||[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| +||[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| +||[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| +||[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| +||[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| +||[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| +||[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| +||[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| +||[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| +||[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| +||[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| +||[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| +||[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| +||[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| +||[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| +||[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| +||[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| +||[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| +||[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| +||[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| +||[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| +||[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| +||[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| +||[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| +||[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| +||[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| +||[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| +||[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| +||[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| +||[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| +||[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| +||[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| +||[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| +||[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| +||[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| +||[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| +||[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| +||[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| +||[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| +||[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| +||[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| +||[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| +||[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| +||[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| +||[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| +||[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| +||[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| +||[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| +||[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| +||[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| +||[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| +||[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| +||[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| +||[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| +||[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| +||[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| +||[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| +||[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| +||[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| +||[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| +||[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| +||[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| +||[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| +||[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| +||[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| +||[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| +||[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| +||[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| +||[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| +||[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| +||[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| +||[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| +||[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| +||[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| +||[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| +||[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| +||[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| +||[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| +||[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| +||[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| +||[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| +||[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| +||[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| +||[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| +||[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| +||[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| +||[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/230-OOB)| +||[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| +||[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| +||[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| +||[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| +||[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| +||[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| +||[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| +||[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| +||[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| +||[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| +||[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| +||[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| +||[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| +||[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/marcoagner/boast)| +||[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| +||[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/cariddi)| +||[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| +||[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack)| +||[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| +||[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| +||[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| +||[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| +||[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| +||[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| +||[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| +||[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| +||[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| +||[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| +||[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| +||[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| +||[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| +||[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| +||[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| +||[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| +||[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| +||[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| +||[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| +||[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| +||[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| +||[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| +||[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| +||[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| +||[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| +||[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| +||[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/commixproject/commix)| +||[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| +||[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| +||[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| +||[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| +||[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| +||[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| +||[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| +||[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| +||[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| +||[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| +||[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/BruteX)| +||[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| +||[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| +||[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| +||[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| +||[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| +||[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| +||[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| +||[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| +||[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| +||[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| +||[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| +||[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| +||[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| +||[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| +||[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/visma-prodsec/confused)| +||[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| +||[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| +||[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| +||[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| +||[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| +||[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| +||[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| +||[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|x| +||[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| +||[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| +||[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| +||[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| +||[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| +||[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| +||[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| +||[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| +||[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| +||[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| +||[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/eslam3kl/3klCon)| +||[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| +||[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| +||[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| +||[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| +||[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| +||[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| +||[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| +||[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| +||[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sharkdp/bat)| +||[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| +||[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| +||[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| +||[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| +||[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| +||[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| +||[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| +||[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| +||[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| +||[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| +||[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| +||[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| +||[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| ### Bookmarklets | Type | Name | Description | Badges | Popularity | @@ -287,56 +287,56 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Browser Addons | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| -|[]|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| -|[]|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| -|[]|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![safari](./images/safari.png)|x| -|[]|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![chrome](./images/chrome.png)|x| -|[]|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| -|[]|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| -|[]|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![safari](./images/safari.png)|x| -|[]|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| -|[]|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| -|[]|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| -|[]|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| -|[]|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| +||[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| +||[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| +||[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| +||[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![safari](./images/safari.png)|x| +||[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![chrome](./images/chrome.png)|x| +||[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| +||[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| +||[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![safari](./images/safari.png)|x| +||[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| +||[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| +||[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| +||[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| +||[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| ### Burpsuite and ZAP Addons | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| -|[]|[param-miner](https://github.com/PortSwigger/param-miner)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/param-miner)| -|[]|[HUNT](https://github.com/bugcrowd/HUNT)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/bugcrowd/HUNT)| -|[]|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bit4woo/knife)| -|[]|[Autorize](https://github.com/Quitten/Autorize)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/Quitten/Autorize)| -|[]|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| -|[]|[taborator](https://github.com/hackvertor/taborator)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/hackvertor/taborator)| -|[]|[BurpBounty](https://github.com/wagiro/BurpBounty)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wagiro/BurpBounty)| -|[]|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| -|[]|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| -|[]|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| -|[]|[safecopy](https://github.com/yashrs/safecopy)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/yashrs/safecopy)| -|[]|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| -|[]|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| -|[]|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| -|[]|[femida](https://github.com/wish-i-was/femida)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wish-i-was/femida)| -|[]|[burp-exporter](https://github.com/artssec/burp-exporter)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/artssec/burp-exporter)| -|[]|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| -|[]|[zap-hud](https://github.com/zaproxy/zap-hud)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/zap-hud)| -|[]|[Stepper](https://github.com/CoreyD97/Stepper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/Stepper)| -|[]|[inql](https://github.com/doyensec/inql)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/doyensec/inql)| -|[]|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| -|[]|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| -|[]|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| -|[]|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| -|[]|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| -|[]|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| -|[]|[reflect](https://github.com/TypeError/reflect)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/TypeError/reflect)| -|[]|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| -|[]|[burp-piper](https://github.com/silentsignal/burp-piper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/silentsignal/burp-piper)| -|[]|[community-scripts](https://github.com/zaproxy/community-scripts)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/community-scripts)| -|[]|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| -|[]|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| +||[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| +||[param-miner](https://github.com/PortSwigger/param-miner)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/param-miner)| +||[HUNT](https://github.com/bugcrowd/HUNT)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/bugcrowd/HUNT)| +||[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bit4woo/knife)| +||[Autorize](https://github.com/Quitten/Autorize)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/Quitten/Autorize)| +||[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| +||[taborator](https://github.com/hackvertor/taborator)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/hackvertor/taborator)| +||[BurpBounty](https://github.com/wagiro/BurpBounty)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wagiro/BurpBounty)| +||[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| +||[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| +||[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| +||[safecopy](https://github.com/yashrs/safecopy)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/yashrs/safecopy)| +||[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| +||[http-script-generator](https://github.com/h3xstream/http-script-generator)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| +||[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| +||[femida](https://github.com/wish-i-was/femida)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wish-i-was/femida)| +||[burp-exporter](https://github.com/artssec/burp-exporter)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/artssec/burp-exporter)| +||[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| +||[zap-hud](https://github.com/zaproxy/zap-hud)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/zap-hud)| +||[Stepper](https://github.com/CoreyD97/Stepper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/Stepper)| +||[inql](https://github.com/doyensec/inql)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/doyensec/inql)| +||[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| +||[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| +||[csp-auditor](https://github.com/GoSecure/csp-auditor)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| +||[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| +||[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| +||[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| +||[reflect](https://github.com/TypeError/reflect)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/TypeError/reflect)| +||[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| +||[burp-piper](https://github.com/silentsignal/burp-piper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/silentsignal/burp-piper)| +||[community-scripts](https://github.com/zaproxy/community-scripts)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/community-scripts)| +||[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| +||[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 diff --git a/scripts/erb.rb b/scripts/erb.rb index d30d5d4..bc7abf2 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -98,7 +98,7 @@ Dir.entries("./weapons/").each do | name | popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" end badge = generate_badge(data['platform']) - line = "|#{data['types']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" + line = "|#{data['type']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" case data['category'] when 'tool' tools = tools + line + "\n" diff --git a/weapons/230-OOB.yaml b/weapons/230-OOB.yaml index 99c03a1..3ed2664 100644 --- a/weapons/230-OOB.yaml +++ b/weapons/230-OOB.yaml @@ -3,7 +3,10 @@ name: 230-OOB description: An Out-of-Band XXE server for retrieving file contents over FTP. url: https://github.com/lc/230-OOB category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/3klCon.yaml b/weapons/3klCon.yaml index 6a9bc17..0e0409a 100644 --- a/weapons/3klCon.yaml +++ b/weapons/3klCon.yaml @@ -4,7 +4,10 @@ description: Automation Recon tool which works with Large & Medium scopes. It pe more than 20 tasks and gets back all the results in separated files. url: https://github.com/eslam3kl/3klCon category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/AWSBucketDump.yaml b/weapons/AWSBucketDump.yaml index 6f83ce8..fc276a4 100644 --- a/weapons/AWSBucketDump.yaml +++ b/weapons/AWSBucketDump.yaml @@ -3,7 +3,10 @@ name: AWSBucketDump description: Security Tool to Look For Interesting Files in S3 Buckets url: https://github.com/jordanpotti/AWSBucketDump category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Amass.yaml b/weapons/Amass.yaml index fdc4944..275fcc5 100644 --- a/weapons/Amass.yaml +++ b/weapons/Amass.yaml @@ -3,9 +3,10 @@ name: Amass description: 'In-depth Attack Surface Mapping and Asset Discovery ' url: https://github.com/OWASP/Amass category: tool -types: [] +type: platform: - linux - macos +- windows lang: [] tags: [] diff --git a/weapons/Arjun.yaml b/weapons/Arjun.yaml index 046aee2..51e68e4 100644 --- a/weapons/Arjun.yaml +++ b/weapons/Arjun.yaml @@ -3,7 +3,7 @@ name: Arjun description: 'HTTP parameter discovery suite. ' url: https://github.com/s0md3v/Arjun category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Assetnote_Wordlists.yaml b/weapons/Assetnote_Wordlists.yaml index 0491f17..7ea78a2 100644 --- a/weapons/Assetnote_Wordlists.yaml +++ b/weapons/Assetnote_Wordlists.yaml @@ -3,7 +3,7 @@ name: Assetnote Wordlists description: Automated & Manual Wordlists provided by Assetnote url: https://github.com/assetnote/wordlists category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Atlas.yaml b/weapons/Atlas.yaml index 1f15b5e..9b0ee6d 100644 --- a/weapons/Atlas.yaml +++ b/weapons/Atlas.yaml @@ -3,7 +3,7 @@ name: Atlas description: 'Quick SQLMap Tamper Suggester ' url: https://github.com/m4ll0k/Atlas category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/AuthMatrix.yaml b/weapons/AuthMatrix.yaml index b05be3c..86fda63 100644 --- a/weapons/AuthMatrix.yaml +++ b/weapons/AuthMatrix.yaml @@ -3,7 +3,7 @@ name: AuthMatrix description: url: https://github.com/SecurityInnovation/AuthMatrix category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/Autorize.yaml b/weapons/Autorize.yaml index 1d700d5..e73e1a5 100644 --- a/weapons/Autorize.yaml +++ b/weapons/Autorize.yaml @@ -3,7 +3,7 @@ name: Autorize description: url: https://github.com/Quitten/Autorize category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/Blacklist3r.yaml b/weapons/Blacklist3r.yaml index caa5569..317493c 100644 --- a/weapons/Blacklist3r.yaml +++ b/weapons/Blacklist3r.yaml @@ -3,7 +3,10 @@ name: Blacklist3r description: 'project-blacklist3r ' url: https://github.com/NotSoSecure/Blacklist3r category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BruteX.yaml b/weapons/BruteX.yaml index 709b57f..1fde598 100644 --- a/weapons/BruteX.yaml +++ b/weapons/BruteX.yaml @@ -3,7 +3,10 @@ name: BruteX description: Automatically brute force all services running on a target. url: https://github.com/1N3/BruteX category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Bug-Bounty-Toolz.yaml b/weapons/Bug-Bounty-Toolz.yaml index d61fbc1..28c4e0f 100644 --- a/weapons/Bug-Bounty-Toolz.yaml +++ b/weapons/Bug-Bounty-Toolz.yaml @@ -3,7 +3,10 @@ name: Bug-Bounty-Toolz description: 'BBT - Bug Bounty Tools ' url: https://github.com/m4ll0k/Bug-Bounty-Toolz category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BurpBounty.yaml b/weapons/BurpBounty.yaml index aa9710e..7e07818 100644 --- a/weapons/BurpBounty.yaml +++ b/weapons/BurpBounty.yaml @@ -3,7 +3,7 @@ name: BurpBounty description: url: https://github.com/wagiro/BurpBounty category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpCustomizer.yaml b/weapons/BurpCustomizer.yaml index 1f01ba9..cd2d029 100644 --- a/weapons/BurpCustomizer.yaml +++ b/weapons/BurpCustomizer.yaml @@ -3,7 +3,7 @@ name: BurpCustomizer description: Because just a dark theme wasn't enough! url: https://github.com/CoreyD97/BurpCustomizer category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpJSLinkFinder.yaml b/weapons/BurpJSLinkFinder.yaml index e7a37e1..556ac96 100644 --- a/weapons/BurpJSLinkFinder.yaml +++ b/weapons/BurpJSLinkFinder.yaml @@ -3,7 +3,7 @@ name: BurpJSLinkFinder description: url: https://github.com/InitRoot/BurpJSLinkFinder category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpSuite-Secret_Finder.yaml b/weapons/BurpSuite-Secret_Finder.yaml index b6f3858..ac9a4af 100644 --- a/weapons/BurpSuite-Secret_Finder.yaml +++ b/weapons/BurpSuite-Secret_Finder.yaml @@ -3,7 +3,7 @@ name: BurpSuite-Secret_Finder description: url: https://github.com/m4ll0k/BurpSuite-Secret_Finder category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpSuite.yaml b/weapons/BurpSuite.yaml index 13e38f4..1caab35 100644 --- a/weapons/BurpSuite.yaml +++ b/weapons/BurpSuite.yaml @@ -3,7 +3,10 @@ name: BurpSuite description: the BurpSuite Project url: https://portswigger.net/burp category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BurpSuiteHTTPSmuggler.yaml b/weapons/BurpSuiteHTTPSmuggler.yaml index fcc4b12..7952c28 100644 --- a/weapons/BurpSuiteHTTPSmuggler.yaml +++ b/weapons/BurpSuiteHTTPSmuggler.yaml @@ -3,7 +3,7 @@ name: BurpSuiteHTTPSmuggler description: url: https://github.com/nccgroup/BurpSuiteHTTPSmuggler category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpSuiteLoggerPlusPlus.yaml b/weapons/BurpSuiteLoggerPlusPlus.yaml index 1bffb96..1a496a0 100644 --- a/weapons/BurpSuiteLoggerPlusPlus.yaml +++ b/weapons/BurpSuiteLoggerPlusPlus.yaml @@ -3,7 +3,7 @@ name: BurpSuiteLoggerPlusPlus description: url: https://github.com/nccgroup/BurpSuiteLoggerPlusPlus category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml index 38b9a70..daee20b 100644 --- a/weapons/CSP_Evaluator.yaml +++ b/weapons/CSP_Evaluator.yaml @@ -3,7 +3,7 @@ name: CSP Evaluator description: " Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://csp-evaluator.withgoogle.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/CT_subdomains.yaml b/weapons/CT_subdomains.yaml index b9aacc5..22782a4 100644 --- a/weapons/CT_subdomains.yaml +++ b/weapons/CT_subdomains.yaml @@ -4,7 +4,7 @@ description: 'An hourly updated list of subdomains gathered from certificate tra logs ' url: https://github.com/internetwache/CT_subdomains category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml index 3114520..670ef46 100644 --- a/weapons/Chaos_Web.yaml +++ b/weapons/Chaos_Web.yaml @@ -4,7 +4,10 @@ description: " actively scan and maintain internet-wide assets' data. enhance re and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)" url: https://chaos.projectdiscovery.io category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Chromium-based-XSS-Taint-Tracking.yaml b/weapons/Chromium-based-XSS-Taint-Tracking.yaml index c3490a8..faf61f0 100644 --- a/weapons/Chromium-based-XSS-Taint-Tracking.yaml +++ b/weapons/Chromium-based-XSS-Taint-Tracking.yaml @@ -4,7 +4,7 @@ description: Cyclops is a web browser with XSS detection feature, it is chromium xss detection that used to find the flows from a source to a sink. url: https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/CorsMe.yaml b/weapons/CorsMe.yaml index 3ed8e4e..df42b31 100644 --- a/weapons/CorsMe.yaml +++ b/weapons/CorsMe.yaml @@ -3,7 +3,7 @@ name: CorsMe description: 'Cross Origin Resource Sharing MisConfiguration Scanner ' url: https://github.com/Shivangx01b/CorsMe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Corsy.yaml b/weapons/Corsy.yaml index e44a078..0ba303b 100644 --- a/weapons/Corsy.yaml +++ b/weapons/Corsy.yaml @@ -3,7 +3,7 @@ name: Corsy description: 'CORS Misconfiguration Scanner ' url: https://github.com/s0md3v/Corsy category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/CyberChef.yaml b/weapons/CyberChef.yaml index cc72198..b98c5b0 100644 --- a/weapons/CyberChef.yaml +++ b/weapons/CyberChef.yaml @@ -4,7 +4,7 @@ description: 'The Cyber Swiss Army Knife - a web app for encryption, encoding, c and data analysis ' url: https://github.com/gchq/CyberChef category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml index ac48711..21baf35 100644 --- a/weapons/DNSDumpster.yaml +++ b/weapons/DNSDumpster.yaml @@ -3,7 +3,7 @@ name: DNSDumpster description: " Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://dnsdumpster.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DOMPurify.yaml b/weapons/DOMPurify.yaml index 4e6518a..dec97ff 100644 --- a/weapons/DOMPurify.yaml +++ b/weapons/DOMPurify.yaml @@ -5,7 +5,7 @@ description: 'DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer fo configurability and hooks. Demo:' url: https://github.com/cure53/DOMPurify category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DSSS.yaml b/weapons/DSSS.yaml index 60b90c8..4508b8c 100644 --- a/weapons/DSSS.yaml +++ b/weapons/DSSS.yaml @@ -3,7 +3,7 @@ name: DSSS description: Damn Small SQLi Scanner url: https://github.com/stamparm/DSSS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Dark_Reader.yaml b/weapons/Dark_Reader.yaml index 23648ae..7c2d0a6 100644 --- a/weapons/Dark_Reader.yaml +++ b/weapons/Dark_Reader.yaml @@ -3,7 +3,7 @@ name: Dark Reader description: Dark mode to any site url: https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/Dark_Reader_for_Safari.yaml b/weapons/Dark_Reader_for_Safari.yaml index ddf4486..26fb6d2 100644 --- a/weapons/Dark_Reader_for_Safari.yaml +++ b/weapons/Dark_Reader_for_Safari.yaml @@ -3,7 +3,7 @@ name: Dark Reader for Safari description: Dark mode to any site url: https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180 category: browser-addon -types: [] +type: platform: - safari lang: [] diff --git a/weapons/DeepViolet.yaml b/weapons/DeepViolet.yaml index 885e277..6ab741a 100644 --- a/weapons/DeepViolet.yaml +++ b/weapons/DeepViolet.yaml @@ -3,7 +3,7 @@ name: DeepViolet description: Tool for introspection of SSL\TLS sessions url: https://github.com/spoofzu/DeepViolet category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DirDar.yaml b/weapons/DirDar.yaml index a5881da..b378091 100644 --- a/weapons/DirDar.yaml +++ b/weapons/DirDar.yaml @@ -4,7 +4,7 @@ description: DirDar is a tool that searches for (403-Forbidden) directories to b it and get dir listing on it url: https://github.com/M4DM0e/DirDar category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DotGit.yaml b/weapons/DotGit.yaml index e95e03e..b5df387 100644 --- a/weapons/DotGit.yaml +++ b/weapons/DotGit.yaml @@ -3,7 +3,7 @@ name: DotGit description: An extension for checking if .git is exposed in visited websites url: https://github.com/davtur19/DotGit category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/Edit-This-Cookie.yaml b/weapons/Edit-This-Cookie.yaml index 5c5c73d..a3b6110 100644 --- a/weapons/Edit-This-Cookie.yaml +++ b/weapons/Edit-This-Cookie.yaml @@ -4,7 +4,7 @@ description: EditThisCookie is the famous Google Chrome/Chromium extension for e cookies url: https://github.com/ETCExtensions/Edit-This-Cookie category: browser-addon -types: [] +type: platform: - chrome lang: [] diff --git a/weapons/Emissary.yaml b/weapons/Emissary.yaml index a7c0c63..9bf0bfd 100644 --- a/weapons/Emissary.yaml +++ b/weapons/Emissary.yaml @@ -4,7 +4,7 @@ description: Send notifications on different channels such as Slack, Telegram, D etc. url: https://github.com/BountyStrike/Emissary category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/FavFreak.yaml b/weapons/FavFreak.yaml index ebd0856..2e1fcba 100644 --- a/weapons/FavFreak.yaml +++ b/weapons/FavFreak.yaml @@ -3,7 +3,7 @@ name: FavFreak description: 'Making Favicon.ico based Recon Great again ! ' url: https://github.com/devanshbatham/FavFreak category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Findsploit.yaml b/weapons/Findsploit.yaml index c7db9b6..db5e3b3 100644 --- a/weapons/Findsploit.yaml +++ b/weapons/Findsploit.yaml @@ -3,7 +3,7 @@ name: Findsploit description: Find exploits in local and online databases instantly url: https://github.com/1N3/Findsploit category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Gf-Patterns.yaml b/weapons/Gf-Patterns.yaml index dd9f6ee..2ae6822 100644 --- a/weapons/Gf-Patterns.yaml +++ b/weapons/Gf-Patterns.yaml @@ -4,7 +4,7 @@ description: 'GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_ parameters grep ' url: https://github.com/1ndianl33t/Gf-Patterns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/GitMiner.yaml b/weapons/GitMiner.yaml index ce0945c..3d7fd64 100644 --- a/weapons/GitMiner.yaml +++ b/weapons/GitMiner.yaml @@ -3,7 +3,7 @@ name: GitMiner description: 'Tool for advanced mining for content on Github ' url: https://github.com/UnkL4b/GitMiner category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Gopherus.yaml b/weapons/Gopherus.yaml index f5f3917..80e5192 100644 --- a/weapons/Gopherus.yaml +++ b/weapons/Gopherus.yaml @@ -4,7 +4,7 @@ description: 'This tool generates gopher link for exploiting SSRF and gaining RC in various servers ' url: https://github.com/tarunkant/Gopherus category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/GraphQLmap.yaml b/weapons/GraphQLmap.yaml index 781878f..67a1426 100644 --- a/weapons/GraphQLmap.yaml +++ b/weapons/GraphQLmap.yaml @@ -4,7 +4,7 @@ description: 'GraphQLmap is a scripting engine to interact with a graphql endpoi for pentesting purposes. ' url: https://github.com/swisskyrepo/GraphQLmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/HRS.yaml b/weapons/HRS.yaml index d8e3fde..e136421 100644 --- a/weapons/HRS.yaml +++ b/weapons/HRS.yaml @@ -4,7 +4,7 @@ description: HTTP Request Smuggling demonstration Perl script, for variants 1, 2 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. url: https://github.com/SafeBreach-Labs/HRS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/HUNT.yaml b/weapons/HUNT.yaml index 2356c56..e51c48c 100644 --- a/weapons/HUNT.yaml +++ b/weapons/HUNT.yaml @@ -3,7 +3,7 @@ name: HUNT description: url: https://github.com/bugcrowd/HUNT category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/Hack-Tools.yaml b/weapons/Hack-Tools.yaml index 1ff710d..8a81641 100644 --- a/weapons/Hack-Tools.yaml +++ b/weapons/Hack-Tools.yaml @@ -3,7 +3,7 @@ name: Hack-Tools description: "The all-in-one Red Team extension for Web Pentester \U0001F6E0" url: https://github.com/LasCC/Hack-Tools category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/HydraRecon.yaml b/weapons/HydraRecon.yaml index 41fd775..7642aac 100644 --- a/weapons/HydraRecon.yaml +++ b/weapons/HydraRecon.yaml @@ -3,7 +3,7 @@ name: HydraRecon description: All In One, Fast, Easy Recon Tool url: https://github.com/aufzayed/HydraRecon category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/IntruderPayloads.yaml b/weapons/IntruderPayloads.yaml index 4ba9172..02df0f1 100644 --- a/weapons/IntruderPayloads.yaml +++ b/weapons/IntruderPayloads.yaml @@ -3,7 +3,7 @@ name: IntruderPayloads description: url: https://github.com/1N3/IntruderPayloads category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/JSFScan.sh.yaml b/weapons/JSFScan.sh.yaml index c11febf..aab7b35 100644 --- a/weapons/JSFScan.sh.yaml +++ b/weapons/JSFScan.sh.yaml @@ -3,7 +3,7 @@ name: JSFScan.sh description: 'Automation for javascript recon in bug bounty. ' url: https://github.com/KathanP19/JSFScan.sh category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/LFISuite.yaml b/weapons/LFISuite.yaml index 3433f5f..3fa0c08 100644 --- a/weapons/LFISuite.yaml +++ b/weapons/LFISuite.yaml @@ -3,7 +3,7 @@ name: LFISuite description: 'Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ' url: https://github.com/D35m0nd142/LFISuite category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/LinkFinder.yaml b/weapons/LinkFinder.yaml index 9072cbc..0565ab1 100644 --- a/weapons/LinkFinder.yaml +++ b/weapons/LinkFinder.yaml @@ -3,7 +3,7 @@ name: LinkFinder description: 'A python script that finds endpoints in JavaScript files ' url: https://github.com/GerbenJavado/LinkFinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/MM3_ProxySwitch.yaml b/weapons/MM3_ProxySwitch.yaml index 20e1533..d9d195b 100644 --- a/weapons/MM3_ProxySwitch.yaml +++ b/weapons/MM3_ProxySwitch.yaml @@ -3,7 +3,7 @@ name: MM3 ProxySwitch description: Proxy Switch in Firefox and Chrome url: https://proxy-offline-browser.com/ProxySwitch/ category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/NoSQLMap.yaml b/weapons/NoSQLMap.yaml index 6f36a2f..b571303 100644 --- a/weapons/NoSQLMap.yaml +++ b/weapons/NoSQLMap.yaml @@ -4,7 +4,7 @@ description: 'Automated NoSQL database enumeration and web application exploitat tool. ' url: https://github.com/codingo/NoSQLMap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/OneForAll.yaml b/weapons/OneForAll.yaml index 6087e4b..38937ea 100644 --- a/weapons/OneForAll.yaml +++ b/weapons/OneForAll.yaml @@ -3,7 +3,7 @@ name: OneForAll description: 'OneForAll是一款功能强大的子域收集工具 ' url: https://github.com/shmilylty/OneForAll category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/OpenRedireX.yaml b/weapons/OpenRedireX.yaml index 718aa7a..2634a9a 100644 --- a/weapons/OpenRedireX.yaml +++ b/weapons/OpenRedireX.yaml @@ -3,7 +3,7 @@ name: OpenRedireX description: A Fuzzer for OpenRedirect issues url: https://github.com/devanshbatham/OpenRedireX category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Osmedeus.yaml b/weapons/Osmedeus.yaml index 3963021..3836ad4 100644 --- a/weapons/Osmedeus.yaml +++ b/weapons/Osmedeus.yaml @@ -4,7 +4,7 @@ description: 'Fully automated offensive security framework for reconnaissance an vulnerability scanning ' url: https://github.com/j3ssie/Osmedeus category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/PPScan.yaml b/weapons/PPScan.yaml index cf87d6f..f84cda2 100644 --- a/weapons/PPScan.yaml +++ b/weapons/PPScan.yaml @@ -3,7 +3,7 @@ name: PPScan description: Client Side Prototype Pollution Scanner url: https://github.com/msrkp/PPScan category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ParamSpider.yaml b/weapons/ParamSpider.yaml index 2074160..7ee674f 100644 --- a/weapons/ParamSpider.yaml +++ b/weapons/ParamSpider.yaml @@ -3,7 +3,7 @@ name: ParamSpider description: 'Mining parameters from dark corners of Web Archives ' url: https://github.com/devanshbatham/ParamSpider category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Parth.yaml b/weapons/Parth.yaml index 53958af..2a3efc1 100644 --- a/weapons/Parth.yaml +++ b/weapons/Parth.yaml @@ -3,7 +3,7 @@ name: Parth description: 'Heuristic Vulnerable Parameter Scanner ' url: https://github.com/s0md3v/Parth category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/PayloadsAllTheThings.yaml b/weapons/PayloadsAllTheThings.yaml index 972bfb8..1f8299f 100644 --- a/weapons/PayloadsAllTheThings.yaml +++ b/weapons/PayloadsAllTheThings.yaml @@ -4,7 +4,7 @@ description: 'A list of useful payloads and bypass for Web Application Security Pentest/CTF ' url: https://github.com/swisskyrepo/PayloadsAllTheThings category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml index 057953c..8c1d0aa 100644 --- a/weapons/Phoenix.yaml +++ b/weapons/Phoenix.yaml @@ -3,7 +3,7 @@ name: Phoenix description: " hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://www.hahwul.com/p/phoenix.html category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Photon.yaml b/weapons/Photon.yaml index c5549af..b3fddb6 100644 --- a/weapons/Photon.yaml +++ b/weapons/Photon.yaml @@ -3,7 +3,7 @@ name: Photon description: 'Incredibly fast crawler designed for OSINT. ' url: https://github.com/s0md3v/Photon category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/PoC-in-GitHub.yaml b/weapons/PoC-in-GitHub.yaml index 7186460..ede7bf5 100644 --- a/weapons/PoC-in-GitHub.yaml +++ b/weapons/PoC-in-GitHub.yaml @@ -3,7 +3,7 @@ name: PoC-in-GitHub description: "\U0001F4E1 PoC auto collect from GitHub. Be careful malware." url: https://github.com/nomi-sec/PoC-in-GitHub category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/RustScan.yaml b/weapons/RustScan.yaml index b3b1b3a..b5b5383 100644 --- a/weapons/RustScan.yaml +++ b/weapons/RustScan.yaml @@ -3,7 +3,7 @@ name: RustScan description: 'Faster Nmap Scanning with Rust ' url: https://github.com/brandonskerritt/RustScan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/S3Scanner.yaml b/weapons/S3Scanner.yaml index 2df652a..635cf53 100644 --- a/weapons/S3Scanner.yaml +++ b/weapons/S3Scanner.yaml @@ -3,7 +3,7 @@ name: S3Scanner description: 'Scan for open AWS S3 buckets and dump the contents ' url: https://github.com/sa7mon/S3Scanner category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml index 2806dbd..00e8d6d 100644 --- a/weapons/SQLNinja.yaml +++ b/weapons/SQLNinja.yaml @@ -3,7 +3,7 @@ name: SQLNinja description: " SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SQL_Ninja.yaml b/weapons/SQL_Ninja.yaml index e94dab2..30f3f09 100644 --- a/weapons/SQL_Ninja.yaml +++ b/weapons/SQL_Ninja.yaml @@ -3,7 +3,7 @@ name: SQL Ninja description: SQL Injection scanner url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SSRFmap.yaml b/weapons/SSRFmap.yaml index c1a40c3..77dc7b6 100644 --- a/weapons/SSRFmap.yaml +++ b/weapons/SSRFmap.yaml @@ -3,7 +3,7 @@ name: SSRFmap description: 'Automatic SSRF fuzzer and exploitation tool ' url: https://github.com/swisskyrepo/SSRFmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/STEWS.yaml b/weapons/STEWS.yaml index cb37cb8..102c178 100644 --- a/weapons/STEWS.yaml +++ b/weapons/STEWS.yaml @@ -3,7 +3,7 @@ name: STEWS description: A Security Tool for Enumerating WebSockets url: https://github.com/PalindromeLabs/STEWS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SecLists.yaml b/weapons/SecLists.yaml index 9126247..d9e63fa 100644 --- a/weapons/SecLists.yaml +++ b/weapons/SecLists.yaml @@ -6,7 +6,7 @@ description: 'SecLists is the security tester''s companion. It''s a collection o payloads, web shells, and many more. ' url: https://github.com/danielmiessler/SecLists category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SecretFinder.yaml b/weapons/SecretFinder.yaml index 5473a97..b86c7a4 100644 --- a/weapons/SecretFinder.yaml +++ b/weapons/SecretFinder.yaml @@ -4,7 +4,7 @@ description: 'SecretFinder - A python script for find sensitive data (apikeys, a and search anything on javascript files ' url: https://github.com/m4ll0k/SecretFinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml index 83f6d82..199a442 100644 --- a/weapons/SecurityTrails.yaml +++ b/weapons/SecurityTrails.yaml @@ -3,7 +3,7 @@ name: SecurityTrails description: " Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://securitytrails.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml index 8171e9d..442c45e 100644 --- a/weapons/SequenceDiagram.yaml +++ b/weapons/SequenceDiagram.yaml @@ -3,7 +3,7 @@ name: SequenceDiagram description: " Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://sequencediagram.org category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml index a6230bc..746898e 100644 --- a/weapons/Shodan.yaml +++ b/weapons/Shodan.yaml @@ -3,7 +3,7 @@ name: Shodan description: " World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://www.shodan.io/ category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Silver.yaml b/weapons/Silver.yaml index 6bcdb09..1a17081 100644 --- a/weapons/Silver.yaml +++ b/weapons/Silver.yaml @@ -3,7 +3,7 @@ name: Silver description: 'Mass scan IPs for vulnerable services ' url: https://github.com/s0md3v/Silver category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Sn1per.yaml b/weapons/Sn1per.yaml index 226e2a7..e8de3b0 100644 --- a/weapons/Sn1per.yaml +++ b/weapons/Sn1per.yaml @@ -3,7 +3,7 @@ name: Sn1per description: 'Automated pentest framework for offensive security experts ' url: https://github.com/1N3/Sn1per category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Stepper.yaml b/weapons/Stepper.yaml index fa0e658..144b40e 100644 --- a/weapons/Stepper.yaml +++ b/weapons/Stepper.yaml @@ -3,7 +3,7 @@ name: Stepper description: url: https://github.com/CoreyD97/Stepper category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/Striker.yaml b/weapons/Striker.yaml index ca7f239..ceb24d4 100644 --- a/weapons/Striker.yaml +++ b/weapons/Striker.yaml @@ -3,7 +3,7 @@ name: Striker description: 'Striker is an offensive information and vulnerability scanner. ' url: https://github.com/s0md3v/Striker category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SubOver.yaml b/weapons/SubOver.yaml index bdd8cba..3002d26 100644 --- a/weapons/SubOver.yaml +++ b/weapons/SubOver.yaml @@ -3,7 +3,7 @@ name: SubOver description: A Powerful Subdomain Takeover Tool url: https://github.com/Ice3man543/SubOver category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Sublist3r.yaml b/weapons/Sublist3r.yaml index 0479114..b7d24dd 100644 --- a/weapons/Sublist3r.yaml +++ b/weapons/Sublist3r.yaml @@ -3,7 +3,7 @@ name: Sublist3r description: 'Fast subdomains enumeration tool for penetration testers ' url: https://github.com/aboul3la/Sublist3r category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Taipan.yaml b/weapons/Taipan.yaml index d02b531..077c48f 100644 --- a/weapons/Taipan.yaml +++ b/weapons/Taipan.yaml @@ -3,7 +3,7 @@ name: Taipan description: Web application vulnerability scanner url: https://github.com/enkomio/Taipan category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/TukTuk.yaml b/weapons/TukTuk.yaml index e2b55ee..70b89ee 100644 --- a/weapons/TukTuk.yaml +++ b/weapons/TukTuk.yaml @@ -3,7 +3,7 @@ name: TukTuk description: 'Tool for catching and logging different types of requests. ' url: https://github.com/ArturSS7/TukTuk category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/User-Agent_Switcher.yaml b/weapons/User-Agent_Switcher.yaml index 0fb2ec3..a8ee6f9 100644 --- a/weapons/User-Agent_Switcher.yaml +++ b/weapons/User-Agent_Switcher.yaml @@ -3,7 +3,7 @@ name: User-Agent Switcher description: quick and easy way to switch between user-agents. url: https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae category: browser-addon -types: [] +type: platform: - chrome lang: [] diff --git a/weapons/VHostScan.yaml b/weapons/VHostScan.yaml index a26a6fc..84aae21 100644 --- a/weapons/VHostScan.yaml +++ b/weapons/VHostScan.yaml @@ -5,7 +5,7 @@ description: 'A virtual host scanner that performs reverse lookups, can be used default pages. ' url: https://github.com/codingo/VHostScan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Wayback_Machine.yaml b/weapons/Wayback_Machine.yaml index 4267aeb..41ee9af 100644 --- a/weapons/Wayback_Machine.yaml +++ b/weapons/Wayback_Machine.yaml @@ -3,7 +3,7 @@ name: Wayback Machine description: History of website url: https://apps.apple.com/us/app/wayback-machine/id1472432422 category: browser-addon -types: [] +type: platform: - safari lang: [] diff --git a/weapons/Web-Cache-Vulnerability-Scanner.yaml b/weapons/Web-Cache-Vulnerability-Scanner.yaml index 9fd2379..efe619c 100644 --- a/weapons/Web-Cache-Vulnerability-Scanner.yaml +++ b/weapons/Web-Cache-Vulnerability-Scanner.yaml @@ -4,7 +4,7 @@ description: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). url: https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/XSRFProbe.yaml b/weapons/XSRFProbe.yaml index c5e069e..a41f391 100644 --- a/weapons/XSRFProbe.yaml +++ b/weapons/XSRFProbe.yaml @@ -3,7 +3,7 @@ name: XSRFProbe description: The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. url: https://github.com/0xInfection/XSRFProbe category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/XSStrike.yaml b/weapons/XSStrike.yaml index 54b25a5..49a3800 100644 --- a/weapons/XSStrike.yaml +++ b/weapons/XSStrike.yaml @@ -3,7 +3,7 @@ name: XSStrike description: 'Most advanced XSS scanner. ' url: https://github.com/s0md3v/XSStrike category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/XSpear.yaml b/weapons/XSpear.yaml index 5148926..bde6169 100644 --- a/weapons/XSpear.yaml +++ b/weapons/XSpear.yaml @@ -3,7 +3,7 @@ name: XSpear description: 'Powerfull XSS Scanning and Parameter analysis tool&gem ' url: https://github.com/hahwul/XSpear category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/XXEinjector.yaml b/weapons/XXEinjector.yaml index 82b4129..9b8b34e 100644 --- a/weapons/XXEinjector.yaml +++ b/weapons/XXEinjector.yaml @@ -4,7 +4,7 @@ description: Tool for automatic exploitation of XXE vulnerability using direct a different out of band methods. url: https://github.com/enjoiz/XXEinjector category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/a2sv.yaml b/weapons/a2sv.yaml index 743fad1..8a7ef78 100644 --- a/weapons/a2sv.yaml +++ b/weapons/a2sv.yaml @@ -3,7 +3,7 @@ name: a2sv description: 'Auto Scanning to SSL Vulnerability ' url: https://github.com/hahwul/a2sv category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/altdns.yaml b/weapons/altdns.yaml index fe8ba86..9afb35b 100644 --- a/weapons/altdns.yaml +++ b/weapons/altdns.yaml @@ -4,7 +4,7 @@ description: 'Generates permutations, alterations and mutations of subdomains an then resolves them ' url: https://github.com/infosec-au/altdns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/anew.yaml b/weapons/anew.yaml index b5a3058..d562597 100644 --- a/weapons/anew.yaml +++ b/weapons/anew.yaml @@ -3,7 +3,7 @@ name: anew description: A tool for adding new lines to files, skipping duplicates url: https://github.com/tomnomnom/anew category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/apkleaks.yaml b/weapons/apkleaks.yaml index 790088e..a9f137f 100644 --- a/weapons/apkleaks.yaml +++ b/weapons/apkleaks.yaml @@ -3,7 +3,7 @@ name: apkleaks description: 'Scanning APK file for URIs, endpoints & secrets. ' url: https://github.com/dwisiswant0/apkleaks category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/aquatone.yaml b/weapons/aquatone.yaml index 9d680f0..4eeac56 100644 --- a/weapons/aquatone.yaml +++ b/weapons/aquatone.yaml @@ -3,7 +3,7 @@ name: aquatone description: 'A Tool for Domain Flyovers ' url: https://github.com/michenriksen/aquatone category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/arachni.yaml b/weapons/arachni.yaml index 2953c65..a78eac0 100644 --- a/weapons/arachni.yaml +++ b/weapons/arachni.yaml @@ -3,9 +3,10 @@ name: arachni description: 'Web Application Security Scanner Framework ' url: https://github.com/Arachni/arachni category: tool -types: [] +type: platform: - linux - macos +- windows lang: [] tags: [] diff --git a/weapons/assetfinder.yaml b/weapons/assetfinder.yaml index 8465f3e..e0c22ad 100644 --- a/weapons/assetfinder.yaml +++ b/weapons/assetfinder.yaml @@ -3,7 +3,7 @@ name: assetfinder description: 'Find domains and subdomains related to a given domain ' url: https://github.com/tomnomnom/assetfinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/attack-surface-detector-zap.yaml b/weapons/attack-surface-detector-zap.yaml index 16e0e95..de27bd2 100644 --- a/weapons/attack-surface-detector-zap.yaml +++ b/weapons/attack-surface-detector-zap.yaml @@ -3,7 +3,7 @@ name: attack-surface-detector-zap description: url: https://github.com/secdec/attack-surface-detector-zap category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/auto-repeater.yaml b/weapons/auto-repeater.yaml index cda212a..7abafaa 100644 --- a/weapons/auto-repeater.yaml +++ b/weapons/auto-repeater.yaml @@ -3,7 +3,7 @@ name: auto-repeater description: url: https://github.com/PortSwigger/auto-repeater category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/autochrome.yaml b/weapons/autochrome.yaml index b993fb0..1ba3a16 100644 --- a/weapons/autochrome.yaml +++ b/weapons/autochrome.yaml @@ -3,7 +3,7 @@ name: autochrome description: This tool downloads, installs, and configures a shiny new copy of Chromium. url: https://github.com/nccgroup/autochrome category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/axiom.yaml b/weapons/axiom.yaml index 85b4d70..5d31727 100644 --- a/weapons/axiom.yaml +++ b/weapons/axiom.yaml @@ -3,9 +3,10 @@ name: axiom description: 'A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ' url: https://github.com/pry0cc/axiom category: tool -types: [] +type: platform: - linux - macos +- windows lang: [] tags: [] diff --git a/weapons/bat.yaml b/weapons/bat.yaml index cd6db31..4f156cf 100644 --- a/weapons/bat.yaml +++ b/weapons/bat.yaml @@ -3,7 +3,10 @@ name: bat description: A cat(1) clone with wings. url: https://github.com/sharkdp/bat category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/boast.yaml b/weapons/boast.yaml index 983cfd4..98896d3 100644 --- a/weapons/boast.yaml +++ b/weapons/boast.yaml @@ -3,7 +3,10 @@ name: boast description: The BOAST Outpost for AppSec Testing (v0.1.0) url: https://github.com/marcoagner/boast category: tool -types: [] -platform: [] +types: OAST +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/bountyplz.yaml b/weapons/bountyplz.yaml index cc32026..53bccfe 100644 --- a/weapons/bountyplz.yaml +++ b/weapons/bountyplz.yaml @@ -4,8 +4,10 @@ description: 'Automated security reporting from markdown templates (HackerOne an Bugcrowd are currently the platforms supported) ' url: https://github.com/fransr/bountyplz category: tool -types: [] +type: platform: +- linux - macos +- windows lang: [] tags: [] diff --git a/weapons/burl.yaml b/weapons/burl.yaml index bed931e..d7131fb 100644 --- a/weapons/burl.yaml +++ b/weapons/burl.yaml @@ -3,7 +3,7 @@ name: burl description: 'A Broken-URL Checker ' url: https://github.com/tomnomnom/burl category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/burp-exporter.yaml b/weapons/burp-exporter.yaml index f4714a4..86f58f8 100644 --- a/weapons/burp-exporter.yaml +++ b/weapons/burp-exporter.yaml @@ -3,7 +3,7 @@ name: burp-exporter description: url: https://github.com/artssec/burp-exporter category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/burp-piper.yaml b/weapons/burp-piper.yaml index a203041..0926a13 100644 --- a/weapons/burp-piper.yaml +++ b/weapons/burp-piper.yaml @@ -3,7 +3,7 @@ name: burp-piper description: url: https://github.com/silentsignal/burp-piper category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/burp-retire-js.yaml b/weapons/burp-retire-js.yaml index fb5c4f3..4a06a03 100644 --- a/weapons/burp-retire-js.yaml +++ b/weapons/burp-retire-js.yaml @@ -3,7 +3,7 @@ name: burp-retire-js description: url: https://github.com/h3xstream/burp-retire-js category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/burp-send-to.yaml b/weapons/burp-send-to.yaml index 4f2e5b4..fc30cd9 100644 --- a/weapons/burp-send-to.yaml +++ b/weapons/burp-send-to.yaml @@ -3,7 +3,7 @@ name: burp-send-to description: url: https://github.com/bytebutcher/burp-send-to category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/c-jwt-cracker.yaml b/weapons/c-jwt-cracker.yaml index 07107a1..a0ceb03 100644 --- a/weapons/c-jwt-cracker.yaml +++ b/weapons/c-jwt-cracker.yaml @@ -3,7 +3,7 @@ name: c-jwt-cracker description: 'JWT brute force cracker written in C ' url: https://github.com/brendan-rius/c-jwt-cracker category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/can-i-take-over-xyz.yaml b/weapons/can-i-take-over-xyz.yaml index 35104d6..f981da2 100644 --- a/weapons/can-i-take-over-xyz.yaml +++ b/weapons/can-i-take-over-xyz.yaml @@ -4,7 +4,10 @@ description: '"Can I take over XYZ?" — a list of services and how to claim (su with dangling DNS records.' url: https://github.com/EdOverflow/can-i-take-over-xyz category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/cariddi.yaml b/weapons/cariddi.yaml index 8dd81ee..0f95d91 100644 --- a/weapons/cariddi.yaml +++ b/weapons/cariddi.yaml @@ -4,7 +4,10 @@ description: Take a list of domains and scan for endpoints, secrets, api keys, f extensions, tokens and more... url: https://github.com/edoardottt/cariddi category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/cc.py.yaml b/weapons/cc.py.yaml index 8f179eb..c5ef3c3 100644 --- a/weapons/cc.py.yaml +++ b/weapons/cc.py.yaml @@ -3,7 +3,7 @@ name: cc.py description: 'Extracting URLs of a specific target based on the results of "commoncrawl.org" ' url: https://github.com/si9int/cc.py category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/cf-check.yaml b/weapons/cf-check.yaml index 8dff280..837cc83 100644 --- a/weapons/cf-check.yaml +++ b/weapons/cf-check.yaml @@ -3,7 +3,7 @@ name: cf-check description: 'Cloudflare Checker written in Go ' url: https://github.com/dwisiswant0/cf-check category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/chaos-client.yaml b/weapons/chaos-client.yaml index 4afbe07..055bda0 100644 --- a/weapons/chaos-client.yaml +++ b/weapons/chaos-client.yaml @@ -3,7 +3,7 @@ name: chaos-client description: 'Go client to communicate with Chaos DNS API. ' url: https://github.com/projectdiscovery/chaos-client category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/clear-cache.yaml b/weapons/clear-cache.yaml index 5c0b09e..6d9f6d2 100644 --- a/weapons/clear-cache.yaml +++ b/weapons/clear-cache.yaml @@ -3,7 +3,7 @@ name: clear-cache description: Add-on to clear browser cache with a single click or via the F9 key. url: https://github.com/TenSoja/clear-cache category: browser-addon -types: [] +type: platform: - firefox lang: [] diff --git a/weapons/collaborator-everywhere.yaml b/weapons/collaborator-everywhere.yaml index c0ce829..9a9e5c1 100644 --- a/weapons/collaborator-everywhere.yaml +++ b/weapons/collaborator-everywhere.yaml @@ -3,7 +3,7 @@ name: collaborator-everywhere description: url: https://github.com/PortSwigger/collaborator-everywhere category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/commix.yaml b/weapons/commix.yaml index 994c4ed..98a18ae 100644 --- a/weapons/commix.yaml +++ b/weapons/commix.yaml @@ -3,7 +3,10 @@ name: commix description: Automated All-in-One OS Command Injection Exploitation Tool. url: https://github.com/commixproject/commix category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/community-scripts.yaml b/weapons/community-scripts.yaml index 2be8d95..3a1eb50 100644 --- a/weapons/community-scripts.yaml +++ b/weapons/community-scripts.yaml @@ -3,7 +3,7 @@ name: community-scripts description: url: https://github.com/zaproxy/community-scripts category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/confused.yaml b/weapons/confused.yaml index 11253a8..8461021 100644 --- a/weapons/confused.yaml +++ b/weapons/confused.yaml @@ -4,7 +4,10 @@ description: Tool to check for dependency confusion vulnerabilities in multiple management systems url: https://github.com/visma-prodsec/confused category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/cookie-quick-manager.yaml b/weapons/cookie-quick-manager.yaml index 6a743e2..906837d 100644 --- a/weapons/cookie-quick-manager.yaml +++ b/weapons/cookie-quick-manager.yaml @@ -4,7 +4,7 @@ description: An addon to manage (view, search, create, edit, remove, backup, res cookies on Firefox. url: https://github.com/ysard/cookie-quick-manager category: browser-addon -types: [] +type: platform: - firefox lang: [] diff --git a/weapons/corsair_scan.yaml b/weapons/corsair_scan.yaml index fdf0028..b1a1a32 100644 --- a/weapons/corsair_scan.yaml +++ b/weapons/corsair_scan.yaml @@ -4,7 +4,10 @@ description: Corsair_scan is a security tool to test Cross-Origin Resource Shari (CORS). url: https://github.com/Santandersecurityresearch/corsair_scan category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/crawlergo.yaml b/weapons/crawlergo.yaml index 2e1fc32..7b7000b 100644 --- a/weapons/crawlergo.yaml +++ b/weapons/crawlergo.yaml @@ -3,7 +3,10 @@ name: crawlergo description: A powerful browser crawler for web vulnerability scanners url: https://github.com/Qianlitp/crawlergo category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/crlfuzz.yaml b/weapons/crlfuzz.yaml index 0f0a462..85596ed 100644 --- a/weapons/crlfuzz.yaml +++ b/weapons/crlfuzz.yaml @@ -3,7 +3,7 @@ name: crlfuzz description: 'A fast tool to scan CRLF vulnerability written in Go ' url: https://github.com/dwisiswant0/crlfuzz category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/csp-auditor.yaml b/weapons/csp-auditor.yaml index 476ab7f..a1cf30a 100644 --- a/weapons/csp-auditor.yaml +++ b/weapons/csp-auditor.yaml @@ -3,7 +3,7 @@ name: csp-auditor description: url: https://github.com/GoSecure/csp-auditor category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/curl.yaml b/weapons/curl.yaml index c0282a1..1ef1392 100644 --- a/weapons/curl.yaml +++ b/weapons/curl.yaml @@ -6,7 +6,7 @@ description: A command line tool and library for transferring data with URL synt features url: https://github.com/curl/curl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dalfox.yaml b/weapons/dalfox.yaml index a60dcd1..30a0652 100644 --- a/weapons/dalfox.yaml +++ b/weapons/dalfox.yaml @@ -4,7 +4,7 @@ description: "\U0001F318\U0001F98A DalFox(Finder Of XSS) / Parameter Analysis an XSS Scanning tool based on golang " url: https://github.com/hahwul/dalfox category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/dirsearch.yaml b/weapons/dirsearch.yaml index 6a6f9a9..8e50b90 100644 --- a/weapons/dirsearch.yaml +++ b/weapons/dirsearch.yaml @@ -3,7 +3,7 @@ name: dirsearch description: 'Web path scanner ' url: https://github.com/maurosoria/dirsearch category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ditto.yaml b/weapons/ditto.yaml index aa090d1..9116adb 100644 --- a/weapons/ditto.yaml +++ b/weapons/ditto.yaml @@ -3,7 +3,7 @@ name: ditto description: A tool for IDN homograph attacks and detection. url: https://github.com/evilsocket/ditto category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dmut.yaml b/weapons/dmut.yaml index b145a7e..f445d70 100644 --- a/weapons/dmut.yaml +++ b/weapons/dmut.yaml @@ -4,7 +4,7 @@ description: A tool to perform permutations, mutations and alteration of subdoma in golang. url: https://github.com/bp0lr/dmut category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dnsobserver.yaml b/weapons/dnsobserver.yaml index 35ceb1c..dee816c 100644 --- a/weapons/dnsobserver.yaml +++ b/weapons/dnsobserver.yaml @@ -5,7 +5,7 @@ description: 'A handy DNS service written in Go to aid in the detection of sever DNS interactions and sends lookup notifications via Slack. ' url: https://github.com/allyomalley/dnsobserver category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dnsprobe.yaml b/weapons/dnsprobe.yaml index 86505fc..74cd7ef 100644 --- a/weapons/dnsprobe.yaml +++ b/weapons/dnsprobe.yaml @@ -4,7 +4,7 @@ description: 'DNSProb (beta) is a tool built on top of retryabledns that allows to perform multiple dns queries of your choice with a list of user supplied resolvers. ' url: https://github.com/projectdiscovery/dnsprobe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/dnsvalidator.yaml b/weapons/dnsvalidator.yaml index ef76021..450e2f1 100644 --- a/weapons/dnsvalidator.yaml +++ b/weapons/dnsvalidator.yaml @@ -4,7 +4,7 @@ description: Maintains a list of IPv4 DNS servers by verifying them against base servers, and ensuring accurate responses. url: https://github.com/vortexau/dnsvalidator category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dnsx.yaml b/weapons/dnsx.yaml index 7655a0a..d3f83f3 100644 --- a/weapons/dnsx.yaml +++ b/weapons/dnsx.yaml @@ -4,7 +4,7 @@ description: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple queries of your choice with a list of user-supplied resolvers. url: https://github.com/projectdiscovery/dnsx category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/docem.yaml b/weapons/docem.yaml index 4dc0f07..06086de 100644 --- a/weapons/docem.yaml +++ b/weapons/docem.yaml @@ -4,7 +4,7 @@ description: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE steroids) url: https://github.com/whitel1st/docem category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/domdig.yaml b/weapons/domdig.yaml index 5cee306..34b93a6 100644 --- a/weapons/domdig.yaml +++ b/weapons/domdig.yaml @@ -3,7 +3,7 @@ name: domdig description: 'DOM XSS scanner for Single Page Applications ' url: https://github.com/fcavallarin/domdig category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/dontgo403.yaml b/weapons/dontgo403.yaml index 74f7378..f9c2d76 100644 --- a/weapons/dontgo403.yaml +++ b/weapons/dontgo403.yaml @@ -3,7 +3,7 @@ name: dontgo403 description: Tool to bypass 40X response codes. url: https://github.com/devploit/dontgo403 category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dotdotpwn.yaml b/weapons/dotdotpwn.yaml index 3a6fdb7..567ef35 100644 --- a/weapons/dotdotpwn.yaml +++ b/weapons/dotdotpwn.yaml @@ -3,7 +3,7 @@ name: dotdotpwn description: 'DotDotPwn - The Directory Traversal Fuzzer ' url: https://github.com/wireghoul/dotdotpwn category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/eval_villain.yaml b/weapons/eval_villain.yaml index 03e3eee..f18161e 100644 --- a/weapons/eval_villain.yaml +++ b/weapons/eval_villain.yaml @@ -3,7 +3,7 @@ name: eval_villain description: A Firefox Web Extension to improve the discovery of DOM XSS. url: https://github.com/swoops/eval_villain category: browser-addon -types: [] +type: platform: - firefox lang: [] diff --git a/weapons/ezXSS.yaml b/weapons/ezXSS.yaml index 6fec55a..516912c 100644 --- a/weapons/ezXSS.yaml +++ b/weapons/ezXSS.yaml @@ -4,7 +4,7 @@ description: 'ezXSS is an easy way for penetration testers and bug bounty hunter to test (blind) Cross Site Scripting. ' url: https://github.com/ssl/ezXSS category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/femida.yaml b/weapons/femida.yaml index 3d3a4cb..247db74 100644 --- a/weapons/femida.yaml +++ b/weapons/femida.yaml @@ -3,7 +3,7 @@ name: femida description: url: https://github.com/wish-i-was/femida category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/feroxbuster.yaml b/weapons/feroxbuster.yaml index 0a02f90..ff682f2 100644 --- a/weapons/feroxbuster.yaml +++ b/weapons/feroxbuster.yaml @@ -3,7 +3,7 @@ name: feroxbuster description: A fast, simple, recursive content discovery tool written in Rust. url: https://github.com/epi052/feroxbuster category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ffuf.yaml b/weapons/ffuf.yaml index 81505be..5483a73 100644 --- a/weapons/ffuf.yaml +++ b/weapons/ffuf.yaml @@ -3,7 +3,7 @@ name: ffuf description: 'Fast web fuzzer written in Go ' url: https://github.com/ffuf/ffuf category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/fhc.yaml b/weapons/fhc.yaml index 53a8d65..13872f7 100644 --- a/weapons/fhc.yaml +++ b/weapons/fhc.yaml @@ -3,7 +3,7 @@ name: fhc description: Fast HTTP Checker. url: https://github.com/Edu4rdSHL/fhc category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/findom-xss.yaml b/weapons/findom-xss.yaml index 5bb0472..834bbe8 100644 --- a/weapons/findom-xss.yaml +++ b/weapons/findom-xss.yaml @@ -3,7 +3,7 @@ name: findom-xss description: 'A fast DOM based XSS vulnerability scanner with simplicity. ' url: https://github.com/dwisiswant0/findom-xss category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/findomain.yaml b/weapons/findomain.yaml index 0bf58d8..8cfedfd 100644 --- a/weapons/findomain.yaml +++ b/weapons/findomain.yaml @@ -4,7 +4,7 @@ description: 'The fastest and cross-platform subdomain enumerator, do not waste time. ' url: https://github.com/Edu4rdSHL/findomain category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/fockcache.yaml b/weapons/fockcache.yaml index 58c9cb8..9b4e5d0 100644 --- a/weapons/fockcache.yaml +++ b/weapons/fockcache.yaml @@ -3,7 +3,7 @@ name: fockcache description: FockCache - Minimalized Test Cache Poisoning url: https://github.com/tismayil/fockcache category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/fuzzparam.yaml b/weapons/fuzzparam.yaml index 641ae89..e583bc2 100644 --- a/weapons/fuzzparam.yaml +++ b/weapons/fuzzparam.yaml @@ -3,7 +3,7 @@ name: fuzzparam description: A fast go based param miner to fuzz possible parameters a URL can have. url: https://github.com/0xsapra/fuzzparam category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/fzf.yaml b/weapons/fzf.yaml index 9cd16fb..c71d013 100644 --- a/weapons/fzf.yaml +++ b/weapons/fzf.yaml @@ -3,7 +3,7 @@ name: fzf description: A command-line fuzzy finder url: https://github.com/junegunn/fzf category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gau.yaml b/weapons/gau.yaml index 6998bff..2c8b5a8 100644 --- a/weapons/gau.yaml +++ b/weapons/gau.yaml @@ -4,7 +4,7 @@ description: Fetch known URLs from AlienVault's Open Threat Exchange, the Waybac Machine, and Common Crawl. url: https://github.com/lc/gau category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gauplus.yaml b/weapons/gauplus.yaml index 352f8b9..06a61ae 100644 --- a/weapons/gauplus.yaml +++ b/weapons/gauplus.yaml @@ -4,7 +4,7 @@ description: A modified version of gau for personal usage. Support workers, prox and some extra things. url: https://github.com/bp0lr/gauplus category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gee.yaml b/weapons/gee.yaml index 0884af7..eef84c0 100644 --- a/weapons/gee.yaml +++ b/weapons/gee.yaml @@ -5,7 +5,7 @@ description: "\U0001F3F5 Gee is tool of stdin to each files and stdout. It is si was written as go" url: https://github.com/hahwul/gee category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/getJS.yaml b/weapons/getJS.yaml index 23491bd..78bfa67 100644 --- a/weapons/getJS.yaml +++ b/weapons/getJS.yaml @@ -3,7 +3,7 @@ name: getJS description: A tool to fastly get all javascript sources/files url: https://github.com/003random/getJS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gf.yaml b/weapons/gf.yaml index 6749963..43626a6 100644 --- a/weapons/gf.yaml +++ b/weapons/gf.yaml @@ -3,7 +3,7 @@ name: gf description: 'A wrapper around grep, to help you grep for things ' url: https://github.com/tomnomnom/gf category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gitGraber.yaml b/weapons/gitGraber.yaml index 5eaecf3..399384f 100644 --- a/weapons/gitGraber.yaml +++ b/weapons/gitGraber.yaml @@ -3,7 +3,7 @@ name: gitGraber description: 'gitGraber ' url: https://github.com/hisxo/gitGraber category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/github-endpoints.yaml b/weapons/github-endpoints.yaml index 25066f7..d46f5f4 100644 --- a/weapons/github-endpoints.yaml +++ b/weapons/github-endpoints.yaml @@ -3,7 +3,7 @@ name: github-endpoints description: Find endpoints on GitHub. url: https://github.com/gwen001/github-endpoints category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/github-regexp.yaml b/weapons/github-regexp.yaml index 203e367..49655e4 100644 --- a/weapons/github-regexp.yaml +++ b/weapons/github-regexp.yaml @@ -3,7 +3,7 @@ name: github-regexp description: Basically a regexp over a GitHub search. url: https://github.com/gwen001/github-regexp category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/github-search.yaml b/weapons/github-search.yaml index da1b29d..fbf5f03 100644 --- a/weapons/github-search.yaml +++ b/weapons/github-search.yaml @@ -3,7 +3,7 @@ name: github-search description: 'Tools to perform basic search on GitHub. ' url: https://github.com/gwen001/github-search category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/github-subdomains.yaml b/weapons/github-subdomains.yaml index 416ebe3..6e9031a 100644 --- a/weapons/github-subdomains.yaml +++ b/weapons/github-subdomains.yaml @@ -3,7 +3,7 @@ name: github-subdomains description: Find subdomains on GitHub url: https://github.com/gwen001/github-subdomains category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gitleaks.yaml b/weapons/gitleaks.yaml index 085007b..fd1cc78 100644 --- a/weapons/gitleaks.yaml +++ b/weapons/gitleaks.yaml @@ -3,7 +3,7 @@ name: gitleaks description: "Scan git repos (or files) for secrets using regex and entropy \U0001F511" url: https://github.com/zricethezav/gitleaks category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gitls.yaml b/weapons/gitls.yaml index eaac3e4..4fea465 100644 --- a/weapons/gitls.yaml +++ b/weapons/gitls.yaml @@ -3,7 +3,7 @@ name: gitls description: Listing git repository from URL/User/Org url: https://github.com/hahwul/gitls category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gitrob.yaml b/weapons/gitrob.yaml index 83a7aa7..ee6b984 100644 --- a/weapons/gitrob.yaml +++ b/weapons/gitrob.yaml @@ -3,7 +3,7 @@ name: gitrob description: 'Reconnaissance tool for GitHub organizations ' url: https://github.com/michenriksen/gitrob category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/go-dork.yaml b/weapons/go-dork.yaml index 6966923..866316b 100644 --- a/weapons/go-dork.yaml +++ b/weapons/go-dork.yaml @@ -3,7 +3,7 @@ name: go-dork description: 'The fastest dork scanner written in Go. ' url: https://github.com/dwisiswant0/go-dork category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gobuster.yaml b/weapons/gobuster.yaml index 9f31f52..b20c48e 100644 --- a/weapons/gobuster.yaml +++ b/weapons/gobuster.yaml @@ -3,7 +3,7 @@ name: gobuster description: 'Directory/File, DNS and VHost busting tool written in Go ' url: https://github.com/OJ/gobuster category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gospider.yaml b/weapons/gospider.yaml index b0a4733..f3902f4 100644 --- a/weapons/gospider.yaml +++ b/weapons/gospider.yaml @@ -3,7 +3,7 @@ name: gospider description: 'Gospider - Fast web spider written in Go ' url: https://github.com/jaeles-project/gospider category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gotator.yaml b/weapons/gotator.yaml index e62aeda..34d243b 100644 --- a/weapons/gotator.yaml +++ b/weapons/gotator.yaml @@ -3,7 +3,7 @@ name: gotator description: Gotator is a tool to generate DNS wordlists through permutations. url: https://github.com/Josue87/gotator category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gotestwaf.yaml b/weapons/gotestwaf.yaml index cd285cf..54cb25f 100644 --- a/weapons/gotestwaf.yaml +++ b/weapons/gotestwaf.yaml @@ -4,7 +4,7 @@ description: An open-source project in Golang to test different web application (WAF) for detection logic and bypasses url: https://github.com/wallarm/gotestwaf category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gowitness.yaml b/weapons/gowitness.yaml index 11849b1..c857848 100644 --- a/weapons/gowitness.yaml +++ b/weapons/gowitness.yaml @@ -4,7 +4,7 @@ description: "\U0001F50D gowitness - a golang, web screenshot utility using Chro Headless " url: https://github.com/sensepost/gowitness category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/graphql-voyager.yaml b/weapons/graphql-voyager.yaml index 9d12e34..286a1cb 100644 --- a/weapons/graphql-voyager.yaml +++ b/weapons/graphql-voyager.yaml @@ -3,7 +3,7 @@ name: graphql-voyager description: "\U0001F6F0️ Represent any GraphQL API as an interactive graph " url: https://github.com/APIs-guru/graphql-voyager category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/grc.yaml b/weapons/grc.yaml index 0113914..02c56e6 100644 --- a/weapons/grc.yaml +++ b/weapons/grc.yaml @@ -3,7 +3,7 @@ name: grc description: generic colouriser url: https://github.com/garabik/grc category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/grex.yaml b/weapons/grex.yaml index 792d6e3..29b4bba 100644 --- a/weapons/grex.yaml +++ b/weapons/grex.yaml @@ -4,7 +4,7 @@ description: A command-line tool and library for generating regular expressions user-provided test cases url: https://github.com/pemistahl/grex category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gron.yaml b/weapons/gron.yaml index cac3d58..fbb0593 100644 --- a/weapons/gron.yaml +++ b/weapons/gron.yaml @@ -3,7 +3,7 @@ name: gron description: 'Make JSON greppable! ' url: https://github.com/tomnomnom/gron category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/h2csmuggler.yaml b/weapons/h2csmuggler.yaml index 861ef8f..3aa2995 100644 --- a/weapons/h2csmuggler.yaml +++ b/weapons/h2csmuggler.yaml @@ -3,7 +3,7 @@ name: h2csmuggler description: HTTP Request Smuggling Detection Tool url: https://github.com/assetnote/h2csmuggler category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hacks.yaml b/weapons/hacks.yaml index 729882d..6d8d328 100644 --- a/weapons/hacks.yaml +++ b/weapons/hacks.yaml @@ -3,7 +3,7 @@ name: hacks description: 'A collection of hacks and one-off scripts ' url: https://github.com/tomnomnom/hacks category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hakcheckurl.yaml b/weapons/hakcheckurl.yaml index 49511d9..3ecb07a 100644 --- a/weapons/hakcheckurl.yaml +++ b/weapons/hakcheckurl.yaml @@ -3,7 +3,7 @@ name: hakcheckurl description: Takes a list of URLs and returns their HTTP response codes url: https://github.com/hakluke/hakcheckurl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/hakrawler.yaml b/weapons/hakrawler.yaml index 193b3c3..19e7c5a 100644 --- a/weapons/hakrawler.yaml +++ b/weapons/hakrawler.yaml @@ -4,7 +4,7 @@ description: 'Simple, fast web crawler designed for easy, quick discovery of end and assets within a web application ' url: https://github.com/hakluke/hakrawler category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hakrevdns.yaml b/weapons/hakrevdns.yaml index fa7b879..eb70eec 100644 --- a/weapons/hakrevdns.yaml +++ b/weapons/hakrevdns.yaml @@ -3,7 +3,7 @@ name: hakrevdns description: 'Small, fast tool for performing reverse DNS lookups en masse. ' url: https://github.com/hakluke/hakrevdns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/haktrails.yaml b/weapons/haktrails.yaml index 782d958..53cfe86 100644 --- a/weapons/haktrails.yaml +++ b/weapons/haktrails.yaml @@ -3,7 +3,7 @@ name: haktrails description: Golang client for querying SecurityTrails API data url: https://github.com/hakluke/haktrails category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/hashcat.yaml b/weapons/hashcat.yaml index 0df7ee6..28e6099 100644 --- a/weapons/hashcat.yaml +++ b/weapons/hashcat.yaml @@ -3,7 +3,7 @@ name: hashcat description: 'World''s fastest and most advanced password recovery utility ' url: https://github.com/hashcat/hashcat/ category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/headi.yaml b/weapons/headi.yaml index a90b73b..70e550f 100644 --- a/weapons/headi.yaml +++ b/weapons/headi.yaml @@ -3,7 +3,7 @@ name: headi description: Customisable and automated HTTP header injection url: https://github.com/mlcsec/headi category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/hetty.yaml b/weapons/hetty.yaml index d1c66c2..65ef483 100644 --- a/weapons/hetty.yaml +++ b/weapons/hetty.yaml @@ -5,7 +5,7 @@ description: Hetty is an HTTP toolkit for security research. It aims to become a features tailored to the needs of the infosec and bug bounty community. url: https://github.com/dstotijn/hetty category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hinject.yaml b/weapons/hinject.yaml index 1b6233b..f95b7a5 100644 --- a/weapons/hinject.yaml +++ b/weapons/hinject.yaml @@ -3,7 +3,7 @@ name: hinject description: 'Host Header Injection Checker ' url: https://github.com/dwisiswant0/hinject category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/htcat.yaml b/weapons/htcat.yaml index ff6e227..89e6c39 100644 --- a/weapons/htcat.yaml +++ b/weapons/htcat.yaml @@ -3,7 +3,7 @@ name: htcat description: 'Parallel and Pipelined HTTP GET Utility ' url: https://github.com/htcat/htcat category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/http-request-smuggler.yaml b/weapons/http-request-smuggler.yaml index 2cbc389..4b5d09f 100644 --- a/weapons/http-request-smuggler.yaml +++ b/weapons/http-request-smuggler.yaml @@ -3,7 +3,7 @@ name: http-request-smuggler description: url: https://github.com/PortSwigger/http-request-smuggler category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/http-request-smuggling.yaml b/weapons/http-request-smuggling.yaml index bceaa99..dd63c11 100644 --- a/weapons/http-request-smuggling.yaml +++ b/weapons/http-request-smuggling.yaml @@ -3,7 +3,7 @@ name: http-request-smuggling description: HTTP Request Smuggling Detection Tool url: https://github.com/anshumanpattnaik/http-request-smuggling category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/http-script-generator.yaml b/weapons/http-script-generator.yaml index bc36948..5a20a45 100644 --- a/weapons/http-script-generator.yaml +++ b/weapons/http-script-generator.yaml @@ -3,7 +3,7 @@ name: http-script-generator description: url: https://github.com/h3xstream/http-script-generator category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/http2smugl.yaml b/weapons/http2smugl.yaml index a507772..be67019 100644 --- a/weapons/http2smugl.yaml +++ b/weapons/http2smugl.yaml @@ -4,7 +4,7 @@ description: This tool helps to detect and exploit HTTP request smuggling in cas it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. url: https://github.com/neex/http2smugl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/httpie.yaml b/weapons/httpie.yaml index 33bcf5e..eb4784a 100644 --- a/weapons/httpie.yaml +++ b/weapons/httpie.yaml @@ -5,7 +5,7 @@ description: "As easy as /aitch-tee-tee-pie/ \U0001F967 Modern, user-friendly co & more. https://twitter.com/httpie" url: https://github.com/httpie/httpie category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/httprobe.yaml b/weapons/httprobe.yaml index 56a9a4e..911f3f3 100644 --- a/weapons/httprobe.yaml +++ b/weapons/httprobe.yaml @@ -3,7 +3,7 @@ name: httprobe description: 'Take a list of domains and probe for working HTTP and HTTPS servers ' url: https://github.com/tomnomnom/httprobe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/httptoolkit.yaml b/weapons/httptoolkit.yaml index c39ec57..eb49a6e 100644 --- a/weapons/httptoolkit.yaml +++ b/weapons/httptoolkit.yaml @@ -4,7 +4,7 @@ description: HTTP Toolkit is a beautiful & open-source tool for debugging, testi and building with HTTP(S) on Windows, Linux & Mac url: https://github.com/httptoolkit/httptoolkit category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/httpx.yaml b/weapons/httpx.yaml index 4904d31..1ce18cc 100644 --- a/weapons/httpx.yaml +++ b/weapons/httpx.yaml @@ -5,7 +5,7 @@ description: 'httpx is a fast and multi-purpose HTTP toolkit allow to run multip with increased threads. ' url: https://github.com/projectdiscovery/httpx category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hurl.yaml b/weapons/hurl.yaml index f574e36..c5e6bd5 100644 --- a/weapons/hurl.yaml +++ b/weapons/hurl.yaml @@ -3,7 +3,7 @@ name: hurl description: Hurl, run and test HTTP requests. url: https://github.com/Orange-OpenSource/hurl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/inql.yaml b/weapons/inql.yaml index 5c3b625..6cc1788 100644 --- a/weapons/inql.yaml +++ b/weapons/inql.yaml @@ -3,7 +3,7 @@ name: inql description: url: https://github.com/doyensec/inql category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/interactsh.yaml b/weapons/interactsh.yaml index 69c828c..2cfbdce 100644 --- a/weapons/interactsh.yaml +++ b/weapons/interactsh.yaml @@ -3,7 +3,7 @@ name: interactsh description: An OOB interaction gathering server and client library url: https://github.com/projectdiscovery/interactsh category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/intrigue-core.yaml b/weapons/intrigue-core.yaml index 5c10f54..b67af7d 100644 --- a/weapons/intrigue-core.yaml +++ b/weapons/intrigue-core.yaml @@ -3,7 +3,7 @@ name: intrigue-core description: 'Discover Your Attack Surface ' url: https://github.com/intrigueio/intrigue-core category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/jaeles.yaml b/weapons/jaeles.yaml index b3ea758..193161f 100644 --- a/weapons/jaeles.yaml +++ b/weapons/jaeles.yaml @@ -3,7 +3,7 @@ name: jaeles description: 'The Swiss Army knife for automated Web Application Testing ' url: https://github.com/jaeles-project/jaeles category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/jsfuck.yaml b/weapons/jsfuck.yaml index 3bd94d1..4188b42 100644 --- a/weapons/jsfuck.yaml +++ b/weapons/jsfuck.yaml @@ -3,7 +3,7 @@ name: jsfuck description: Write any JavaScript with 6 Characters url: https://github.com/aemkei/jsfuck category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/jsonwebtoken.github.io.yaml b/weapons/jsonwebtoken.github.io.yaml index 0cf8f23..f915769 100644 --- a/weapons/jsonwebtoken.github.io.yaml +++ b/weapons/jsonwebtoken.github.io.yaml @@ -3,7 +3,7 @@ name: jsonwebtoken.github.io description: JWT En/Decode and Verify url: https://github.com/jsonwebtoken/jsonwebtoken.github.io category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/jsprime.yaml b/weapons/jsprime.yaml index c6a1e64..25a9050 100644 --- a/weapons/jsprime.yaml +++ b/weapons/jsprime.yaml @@ -3,7 +3,7 @@ name: jsprime description: a javascript static security analysis tool url: https://github.com/dpnishant/jsprime category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/jwt-cracker.yaml b/weapons/jwt-cracker.yaml index 7a95c3f..6e3c298 100644 --- a/weapons/jwt-cracker.yaml +++ b/weapons/jwt-cracker.yaml @@ -3,7 +3,7 @@ name: jwt-cracker description: 'Simple HS256 JWT token brute force cracker ' url: https://github.com/lmammino/jwt-cracker category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/jwt-hack.yaml b/weapons/jwt-hack.yaml index 82c25dd..13cce9c 100644 --- a/weapons/jwt-hack.yaml +++ b/weapons/jwt-hack.yaml @@ -4,7 +4,7 @@ description: "\U0001F529 jwt-hack is tool for hacking / security testing to JWT. for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)" url: https://github.com/hahwul/jwt-hack category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/kiterunner.yaml b/weapons/kiterunner.yaml index 48b0bb1..9e61a84 100644 --- a/weapons/kiterunner.yaml +++ b/weapons/kiterunner.yaml @@ -3,7 +3,7 @@ name: kiterunner description: Contextual Content Discovery Tool url: https://github.com/assetnote/kiterunner category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/knife.yaml b/weapons/knife.yaml index e0d8633..fb2808b 100644 --- a/weapons/knife.yaml +++ b/weapons/knife.yaml @@ -3,7 +3,7 @@ name: knife description: A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 url: https://github.com/bit4woo/knife category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/knock.yaml b/weapons/knock.yaml index 040b0bf..87cde91 100644 --- a/weapons/knock.yaml +++ b/weapons/knock.yaml @@ -3,7 +3,7 @@ name: knock description: 'Knock Subdomain Scan ' url: https://github.com/guelfoweb/knock category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/lazyrecon.yaml b/weapons/lazyrecon.yaml index 25f1a2f..0752c0d 100644 --- a/weapons/lazyrecon.yaml +++ b/weapons/lazyrecon.yaml @@ -4,7 +4,7 @@ description: 'This script is intended to automate your reconnaissance process in organized fashion ' url: https://github.com/nahamsec/lazyrecon category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/longtongue.yaml b/weapons/longtongue.yaml index 3f537c8..29ae2c5 100644 --- a/weapons/longtongue.yaml +++ b/weapons/longtongue.yaml @@ -3,7 +3,7 @@ name: longtongue description: Customized Password/Passphrase List inputting Target Info url: https://github.com/edoardottt/longtongue category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/masscan.yaml b/weapons/masscan.yaml index 42ed8a3..29ae625 100644 --- a/weapons/masscan.yaml +++ b/weapons/masscan.yaml @@ -4,7 +4,7 @@ description: 'TCP port scanner, spews SYN packets asynchronously, scanning entir Internet in under 5 minutes. ' url: https://github.com/robertdavidgraham/masscan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/medusa.yaml b/weapons/medusa.yaml index 9c5cc0f..0684780 100644 --- a/weapons/medusa.yaml +++ b/weapons/medusa.yaml @@ -3,7 +3,7 @@ name: medusa description: 'Fastest recursive HTTP fuzzer, like a Ferrari. ' url: https://github.com/riza/medusa category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/meg.yaml b/weapons/meg.yaml index 9cfd64a..49ac20c 100644 --- a/weapons/meg.yaml +++ b/weapons/meg.yaml @@ -3,7 +3,7 @@ name: meg description: 'Fetch many paths for many hosts - without killing the hosts ' url: https://github.com/tomnomnom/meg category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/megplus.yaml b/weapons/megplus.yaml index e1f4431..858468e 100644 --- a/weapons/megplus.yaml +++ b/weapons/megplus.yaml @@ -3,7 +3,7 @@ name: megplus description: 'Automated reconnaissance wrapper — TomNomNom''s meg on steroids. [DEPRECATED] ' url: https://github.com/EdOverflow/megplus category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/naabu.yaml b/weapons/naabu.yaml index b227115..557ed7c 100644 --- a/weapons/naabu.yaml +++ b/weapons/naabu.yaml @@ -5,7 +5,7 @@ description: 'A fast port scanner written in go with focus on reliability and si in bug bounties and pentests ' url: https://github.com/projectdiscovery/naabu category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nikto.yaml b/weapons/nikto.yaml index debb6a9..228edd1 100644 --- a/weapons/nikto.yaml +++ b/weapons/nikto.yaml @@ -3,7 +3,7 @@ name: nikto description: 'Nikto web server scanner ' url: https://github.com/sullo/nikto category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nmap.yaml b/weapons/nmap.yaml index 6c2dbb4..08344f4 100644 --- a/weapons/nmap.yaml +++ b/weapons/nmap.yaml @@ -3,7 +3,7 @@ name: nmap description: 'Nmap - the Network Mapper. Github mirror of official SVN repository. ' url: https://github.com/nmap/nmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nosqli.yaml b/weapons/nosqli.yaml index 8a398b8..2dab1c8 100644 --- a/weapons/nosqli.yaml +++ b/weapons/nosqli.yaml @@ -3,7 +3,7 @@ name: nosqli description: NoSql Injection CLI tool url: https://github.com/Charlie-belmer/nosqli category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nuclei.yaml b/weapons/nuclei.yaml index 95c951f..8aef515 100644 --- a/weapons/nuclei.yaml +++ b/weapons/nuclei.yaml @@ -4,7 +4,7 @@ description: 'Nuclei is a fast tool for configurable targeted scanning based on offering massive extensibility and ease of use. ' url: https://github.com/projectdiscovery/nuclei category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ob_hacky_slack.yaml b/weapons/ob_hacky_slack.yaml index 7be0fc0..6abce65 100644 --- a/weapons/ob_hacky_slack.yaml +++ b/weapons/ob_hacky_slack.yaml @@ -3,7 +3,7 @@ name: ob_hacky_slack description: Hacky Slack - a bash script that sends beautiful messages to Slack url: https://github.com/openbridge/ob_hacky_slack category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/owasp-zap-jwt-addon.yaml b/weapons/owasp-zap-jwt-addon.yaml index f8b53ba..8263679 100644 --- a/weapons/owasp-zap-jwt-addon.yaml +++ b/weapons/owasp-zap-jwt-addon.yaml @@ -3,7 +3,7 @@ name: owasp-zap-jwt-addon description: url: https://github.com/SasanLabs/owasp-zap-jwt-addon category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/oxml_xxe.yaml b/weapons/oxml_xxe.yaml index b5ceca5..167c867 100644 --- a/weapons/oxml_xxe.yaml +++ b/weapons/oxml_xxe.yaml @@ -3,7 +3,7 @@ name: oxml_xxe description: 'A tool for embedding XXE/XML exploits into different filetypes ' url: https://github.com/BuffaloWill/oxml_xxe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/pagodo.yaml b/weapons/pagodo.yaml index 7db2d2a..88a1ab3 100644 --- a/weapons/pagodo.yaml +++ b/weapons/pagodo.yaml @@ -4,7 +4,7 @@ description: pagodo (Passive Google Dork) - Automate Google Hacking Database scr and searching url: https://github.com/opsdisk/pagodo category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/param-miner.yaml b/weapons/param-miner.yaml index 7bcc573..b3a4760 100644 --- a/weapons/param-miner.yaml +++ b/weapons/param-miner.yaml @@ -3,7 +3,7 @@ name: param-miner description: url: https://github.com/PortSwigger/param-miner category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/parameth.yaml b/weapons/parameth.yaml index 6cd81e3..ca72e9e 100644 --- a/weapons/parameth.yaml +++ b/weapons/parameth.yaml @@ -3,7 +3,7 @@ name: parameth description: This tool can be used to brute discover GET and POST parameters url: https://github.com/maK-/parameth category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/pentest-tools.yaml b/weapons/pentest-tools.yaml index 490b9bf..0f96953 100644 --- a/weapons/pentest-tools.yaml +++ b/weapons/pentest-tools.yaml @@ -3,7 +3,7 @@ name: pentest-tools description: 'Custom pentesting tools ' url: https://github.com/gwen001/pentest-tools category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/pet.yaml b/weapons/pet.yaml index b1895b3..b326659 100644 --- a/weapons/pet.yaml +++ b/weapons/pet.yaml @@ -3,7 +3,7 @@ name: pet description: Simple command-line snippet manager, written in Go. url: https://github.com/knqyf263/pet category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/plution.yaml b/weapons/plution.yaml index 9a7707d..0a46894 100644 --- a/weapons/plution.yaml +++ b/weapons/plution.yaml @@ -3,7 +3,7 @@ name: plution description: Prototype pollution scanner using headless chrome url: https://github.com/raverrr/plution category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/postMessage-tracker.yaml b/weapons/postMessage-tracker.yaml index dd1846d..e41a81a 100644 --- a/weapons/postMessage-tracker.yaml +++ b/weapons/postMessage-tracker.yaml @@ -4,7 +4,7 @@ description: A Chrome Extension to track postMessage usage (url, domain and stac both by logging using CORS and also visually as an extension-icon url: https://github.com/fransr/postMessage-tracker category: browser-addon -types: [] +type: platform: - chrome lang: [] diff --git a/weapons/ppfuzz.yaml b/weapons/ppfuzz.yaml index 2698546..38a943c 100644 --- a/weapons/ppfuzz.yaml +++ b/weapons/ppfuzz.yaml @@ -4,7 +4,7 @@ description: "A fast tool to scan client-side prototype pollution vulnerability in Rust. \U0001F980" url: https://github.com/dwisiswant0/ppfuzz category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ppmap.yaml b/weapons/ppmap.yaml index 6ca421c..5d9c111 100644 --- a/weapons/ppmap.yaml +++ b/weapons/ppmap.yaml @@ -4,7 +4,7 @@ description: A scanner/exploitation tool written in GO, which leverages client-s Prototype Pollution to XSS by exploiting known gadgets. url: https://github.com/kleiton0x00/ppmap category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/proxify.yaml b/weapons/proxify.yaml index 2b7ad24..105b50b 100644 --- a/weapons/proxify.yaml +++ b/weapons/proxify.yaml @@ -4,7 +4,7 @@ description: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipul and replay url: https://github.com/projectdiscovery/proxify category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/puredns.yaml b/weapons/puredns.yaml index ff9db20..9cabfb2 100644 --- a/weapons/puredns.yaml +++ b/weapons/puredns.yaml @@ -4,7 +4,7 @@ description: Puredns is a fast domain resolver and subdomain bruteforcing tool t can accurately filter out wildcard subdomains and DNS poisoned entries. url: https://github.com/d3mondev/puredns category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/pwncat.yaml b/weapons/pwncat.yaml index 8cff32f..26245e5 100644 --- a/weapons/pwncat.yaml +++ b/weapons/pwncat.yaml @@ -5,7 +5,7 @@ description: 'pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind a with Python (PSE) ' url: https://github.com/cytopia/pwncat category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/qsreplace.yaml b/weapons/qsreplace.yaml index 579723b..17ab3ae 100644 --- a/weapons/qsreplace.yaml +++ b/weapons/qsreplace.yaml @@ -4,7 +4,7 @@ description: 'Accept URLs on stdin, replace all query string values with a user- value ' url: https://github.com/tomnomnom/qsreplace category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/quickjack.yaml b/weapons/quickjack.yaml index fbc8708..b408483 100644 --- a/weapons/quickjack.yaml +++ b/weapons/quickjack.yaml @@ -4,7 +4,7 @@ description: Quickjack is a point-and-click tool for intuitively producing advan clickjacking and frame slicing attacks. url: https://github.com/samyk/quickjack category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/rapidscan.yaml b/weapons/rapidscan.yaml index ae70793..4cae278 100644 --- a/weapons/rapidscan.yaml +++ b/weapons/rapidscan.yaml @@ -3,7 +3,7 @@ name: rapidscan description: 'The Multi-Tool Web Vulnerability Scanner. ' url: https://github.com/skavngr/rapidscan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/recon_profile.yaml b/weapons/recon_profile.yaml index 6a2f724..18e12fb 100644 --- a/weapons/recon_profile.yaml +++ b/weapons/recon_profile.yaml @@ -3,7 +3,7 @@ name: recon_profile description: 'Recon profile (bash profile) for bugbounty ' url: https://github.com/nahamsec/recon_profile category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/reconftw.yaml b/weapons/reconftw.yaml index a8b061b..b3c80a6 100644 --- a/weapons/reconftw.yaml +++ b/weapons/reconftw.yaml @@ -4,7 +4,7 @@ description: reconFTW is a tool designed to perform automated recon on a target by running the best set of tools to perform scanning and finding out vulnerabilities url: https://github.com/six2dez/reconftw category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/reflect.yaml b/weapons/reflect.yaml index 2ad9594..756cf38 100644 --- a/weapons/reflect.yaml +++ b/weapons/reflect.yaml @@ -3,7 +3,7 @@ name: reflect description: url: https://github.com/TypeError/reflect category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/reflected-parameters.yaml b/weapons/reflected-parameters.yaml index 14245f0..f3e9547 100644 --- a/weapons/reflected-parameters.yaml +++ b/weapons/reflected-parameters.yaml @@ -3,7 +3,7 @@ name: reflected-parameters description: url: https://github.com/PortSwigger/reflected-parameters category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/rengine.yaml b/weapons/rengine.yaml index 9b7be01..2079239 100644 --- a/weapons/rengine.yaml +++ b/weapons/rengine.yaml @@ -5,7 +5,7 @@ description: 'reNgine is an automated reconnaissance framework meant for gatheri scan engines, which can be used to scan the websites, endpoints, and gather information. ' url: https://github.com/yogeshojha/rengine category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/rusolver.yaml b/weapons/rusolver.yaml index afd97ef..f744407 100644 --- a/weapons/rusolver.yaml +++ b/weapons/rusolver.yaml @@ -3,7 +3,7 @@ name: rusolver description: Fast and accurate DNS resolver. url: https://github.com/Edu4rdSHL/rusolver category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/s3reverse.yaml b/weapons/s3reverse.yaml index b84bb80..f41ef4b 100644 --- a/weapons/s3reverse.yaml +++ b/weapons/s3reverse.yaml @@ -4,7 +4,7 @@ description: 'The format of various s3 buckets is convert in one format. for bug and security testing. ' url: https://github.com/hahwul/s3reverse category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/safecopy.yaml b/weapons/safecopy.yaml index a9f903a..48bded6 100644 --- a/weapons/safecopy.yaml +++ b/weapons/safecopy.yaml @@ -3,7 +3,7 @@ name: safecopy description: url: https://github.com/yashrs/safecopy category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/scilla.yaml b/weapons/scilla.yaml index 980ae98..cd4cb49 100644 --- a/weapons/scilla.yaml +++ b/weapons/scilla.yaml @@ -4,7 +4,7 @@ description: "\U0001F3F4‍☠️ Information Gathering tool \U0001F3F4‍☠️ enumeration" url: https://github.com/edoardottt/scilla category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/security-crawl-maze.yaml b/weapons/security-crawl-maze.yaml index 9348bb8..a075bb4 100644 --- a/weapons/security-crawl-maze.yaml +++ b/weapons/security-crawl-maze.yaml @@ -5,7 +5,7 @@ description: Security Crawl Maze is a comprehensive testbed for web security cra valid HTML document. url: https://github.com/google/security-crawl-maze category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/security-research-pocs.yaml b/weapons/security-research-pocs.yaml index db6f2d5..431eaa1 100644 --- a/weapons/security-research-pocs.yaml +++ b/weapons/security-research-pocs.yaml @@ -4,7 +4,7 @@ description: Proof-of-concept codes created as part of security research done by Security Team. url: https://github.com/google/security-research-pocs category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/shuffledns.yaml b/weapons/shuffledns.yaml index cd0d857..9df208a 100644 --- a/weapons/shuffledns.yaml +++ b/weapons/shuffledns.yaml @@ -5,7 +5,7 @@ description: 'shuffleDNS is a wrapper around massdns written in go that allows y with wildcard handling and easy input-output support. ' url: https://github.com/projectdiscovery/shuffledns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/singularity.yaml b/weapons/singularity.yaml index 38d70bc..a9a6d45 100644 --- a/weapons/singularity.yaml +++ b/weapons/singularity.yaml @@ -3,7 +3,7 @@ name: singularity description: A DNS rebinding attack framework. url: https://github.com/nccgroup/singularity category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/slackcat.yaml b/weapons/slackcat.yaml index 79edd05..96eea41 100644 --- a/weapons/slackcat.yaml +++ b/weapons/slackcat.yaml @@ -3,7 +3,7 @@ name: slackcat description: CLI utility to post files and command output to slack url: https://github.com/bcicen/slackcat category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/smuggler.yaml b/weapons/smuggler.yaml index 15ccf7d..b70ed28 100644 --- a/weapons/smuggler.yaml +++ b/weapons/smuggler.yaml @@ -4,7 +4,7 @@ description: 'Smuggler - An HTTP Request Smuggling / Desync testing tool written Python 3 ' url: https://github.com/defparam/smuggler category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/sn0int.yaml b/weapons/sn0int.yaml index 3ab07df..0108586 100644 --- a/weapons/sn0int.yaml +++ b/weapons/sn0int.yaml @@ -3,7 +3,7 @@ name: sn0int description: Semi-automatic OSINT framework and package manager url: https://github.com/kpcyrd/sn0int category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/spiderfoot.yaml b/weapons/spiderfoot.yaml index e9dba3f..32ed9a1 100644 --- a/weapons/spiderfoot.yaml +++ b/weapons/spiderfoot.yaml @@ -3,7 +3,7 @@ name: spiderfoot description: SpiderFoot automates OSINT collection so that you can focus on analysis. url: https://github.com/smicallef/spiderfoot category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/sqliv.yaml b/weapons/sqliv.yaml index 3cfc29a..663f0cb 100644 --- a/weapons/sqliv.yaml +++ b/weapons/sqliv.yaml @@ -3,7 +3,7 @@ name: sqliv description: massive SQL injection vulnerability scanner url: https://github.com/the-robot/sqliv category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/sqlmap.yaml b/weapons/sqlmap.yaml index ef2ddfc..a723383 100644 --- a/weapons/sqlmap.yaml +++ b/weapons/sqlmap.yaml @@ -3,7 +3,7 @@ name: sqlmap description: Automatic SQL injection and database takeover tool url: https://github.com/sqlmapproject/sqlmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ssrf-sheriff.yaml b/weapons/ssrf-sheriff.yaml index 898b695..e5db311 100644 --- a/weapons/ssrf-sheriff.yaml +++ b/weapons/ssrf-sheriff.yaml @@ -3,7 +3,7 @@ name: ssrf-sheriff description: 'A simple SSRF-testing sheriff written in Go ' url: https://github.com/teknogeek/ssrf-sheriff category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subfinder.yaml b/weapons/subfinder.yaml index 2e1a4b2..86f148c 100644 --- a/weapons/subfinder.yaml +++ b/weapons/subfinder.yaml @@ -5,7 +5,7 @@ description: 'Subfinder is a subdomain discovery tool that discovers valid subdo safe for penetration testing. ' url: https://github.com/projectdiscovery/subfinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subgen.yaml b/weapons/subgen.yaml index 441dfda..307ff31 100644 --- a/weapons/subgen.yaml +++ b/weapons/subgen.yaml @@ -4,7 +4,7 @@ description: A really simple utility to concate wordlists to a domain name - to into your favourite resolver! url: https://github.com/pry0cc/subgen category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/subjack.yaml b/weapons/subjack.yaml index e52dbf5..d69d5d6 100644 --- a/weapons/subjack.yaml +++ b/weapons/subjack.yaml @@ -3,7 +3,7 @@ name: subjack description: 'Subdomain Takeover tool written in Go ' url: https://github.com/haccer/subjack category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subjs.yaml b/weapons/subjs.yaml index f1607c6..74101b3 100644 --- a/weapons/subjs.yaml +++ b/weapons/subjs.yaml @@ -3,7 +3,7 @@ name: subjs description: Fetches javascript file from a list of URLS or subdomains. url: https://github.com/lc/subjs category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/subs_all.yaml b/weapons/subs_all.yaml index b452cb1..e348658 100644 --- a/weapons/subs_all.yaml +++ b/weapons/subs_all.yaml @@ -3,7 +3,7 @@ name: subs_all description: 'Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ' url: https://github.com/emadshanab/subs_all category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subzy.yaml b/weapons/subzy.yaml index 0b3a428..fc5f347 100644 --- a/weapons/subzy.yaml +++ b/weapons/subzy.yaml @@ -3,7 +3,7 @@ name: subzy description: Subdomain takeover vulnerability checker url: https://github.com/LukaSikic/subzy category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/taborator.yaml b/weapons/taborator.yaml index e18439a..2ea9860 100644 --- a/weapons/taborator.yaml +++ b/weapons/taborator.yaml @@ -3,7 +3,7 @@ name: taborator description: url: https://github.com/hackvertor/taborator category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/template-generator.yaml b/weapons/template-generator.yaml index 95c0c11..0e46d7f 100644 --- a/weapons/template-generator.yaml +++ b/weapons/template-generator.yaml @@ -6,7 +6,7 @@ description: 'A simple variable based template editor using handlebarjs+strapdow generate the list of files in the dropdown of templates. ' url: https://github.com/fransr/template-generator category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/testssl.sh.yaml b/weapons/testssl.sh.yaml index daaa991..6011d62 100644 --- a/weapons/testssl.sh.yaml +++ b/weapons/testssl.sh.yaml @@ -3,7 +3,7 @@ name: testssl.sh description: 'Testing TLS/SSL encryption anywhere on any port ' url: https://github.com/drwetter/testssl.sh category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/thc-hydra.yaml b/weapons/thc-hydra.yaml index eb16807..86cfc14 100644 --- a/weapons/thc-hydra.yaml +++ b/weapons/thc-hydra.yaml @@ -3,7 +3,7 @@ name: thc-hydra description: 'hydra ' url: https://github.com/vanhauser-thc/thc-hydra category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/tiscripts.yaml b/weapons/tiscripts.yaml index b20e22f..30f8e97 100644 --- a/weapons/tiscripts.yaml +++ b/weapons/tiscripts.yaml @@ -3,7 +3,7 @@ name: tiscripts description: Turbo Intruder Scripts url: https://github.com/defparam/tiscripts category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/tplmap.yaml b/weapons/tplmap.yaml index d00e1e5..967d5ff 100644 --- a/weapons/tplmap.yaml +++ b/weapons/tplmap.yaml @@ -4,7 +4,7 @@ description: Server-Side Template Injection and Code Injection Detection and Exp Tool url: https://github.com/epinna/tplmap category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/turbo-intruder.yaml b/weapons/turbo-intruder.yaml index deca9d5..d577328 100644 --- a/weapons/turbo-intruder.yaml +++ b/weapons/turbo-intruder.yaml @@ -3,7 +3,7 @@ name: turbo-intruder description: url: https://github.com/PortSwigger/turbo-intruder category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/uncover.yaml b/weapons/uncover.yaml index 211824e..c67a74f 100644 --- a/weapons/uncover.yaml +++ b/weapons/uncover.yaml @@ -4,7 +4,7 @@ description: Quickly discover exposed hosts on the internet using multiple searc engine. url: https://github.com/projectdiscovery/uncover category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/unfurl.yaml b/weapons/unfurl.yaml index 2e6c31a..f058dcf 100644 --- a/weapons/unfurl.yaml +++ b/weapons/unfurl.yaml @@ -3,7 +3,7 @@ name: unfurl description: 'Pull out bits of URLs provided on stdin ' url: https://github.com/tomnomnom/unfurl category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/urlgrab.yaml b/weapons/urlgrab.yaml index e5e2088..51aa54f 100644 --- a/weapons/urlgrab.yaml +++ b/weapons/urlgrab.yaml @@ -4,7 +4,7 @@ description: 'A golang utility to spider through a website searching for additio links. ' url: https://github.com/IAmStoxe/urlgrab category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/urlhunter.yaml b/weapons/urlhunter.yaml index 17a1e61..0090924 100644 --- a/weapons/urlhunter.yaml +++ b/weapons/urlhunter.yaml @@ -4,7 +4,7 @@ description: a recon tool that allows searching on URLs that are exposed via sho services url: https://github.com/utkusen/urlhunter category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/urlprobe.yaml b/weapons/urlprobe.yaml index da500d0..752d840 100644 --- a/weapons/urlprobe.yaml +++ b/weapons/urlprobe.yaml @@ -3,7 +3,7 @@ name: urlprobe description: 'Urls status code & content length checker ' url: https://github.com/1ndianl33t/urlprobe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/uro.yaml b/weapons/uro.yaml index 894a46a..2f7d1c0 100644 --- a/weapons/uro.yaml +++ b/weapons/uro.yaml @@ -3,7 +3,7 @@ name: uro description: declutters url lists for crawling/pentesting url: https://github.com/s0md3v/uro category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/waybackurls.yaml b/weapons/waybackurls.yaml index 3dbcdb9..03341e5 100644 --- a/weapons/waybackurls.yaml +++ b/weapons/waybackurls.yaml @@ -3,7 +3,7 @@ name: waybackurls description: 'Fetch all the URLs that the Wayback Machine knows about for a domain ' url: https://github.com/tomnomnom/waybackurls category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/weaponised-XSS-payloads.yaml b/weapons/weaponised-XSS-payloads.yaml index e240a84..b1bbffd 100644 --- a/weapons/weaponised-XSS-payloads.yaml +++ b/weapons/weaponised-XSS-payloads.yaml @@ -3,7 +3,7 @@ name: weaponised-XSS-payloads description: XSS payloads designed to turn alert(1) into P1 url: https://github.com/hakluke/weaponised-XSS-payloads category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/web_cache_poison.yaml b/weapons/web_cache_poison.yaml index ccd3286..4e0bcd3 100644 --- a/weapons/web_cache_poison.yaml +++ b/weapons/web_cache_poison.yaml @@ -3,7 +3,7 @@ name: web_cache_poison description: web cache poison - Top 1 web hacking technique of 2019 url: https://github.com/fngoo/web_cache_poison category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/websocket-connection-smuggler.yaml b/weapons/websocket-connection-smuggler.yaml index 72a1a18..716fdad 100644 --- a/weapons/websocket-connection-smuggler.yaml +++ b/weapons/websocket-connection-smuggler.yaml @@ -3,7 +3,7 @@ name: websocket-connection-smuggler description: websocket-connection-smuggler url: https://github.com/hahwul/websocket-connection-smuggler category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wfuzz.yaml b/weapons/wfuzz.yaml index 7bc6163..8d6e491 100644 --- a/weapons/wfuzz.yaml +++ b/weapons/wfuzz.yaml @@ -3,7 +3,7 @@ name: wfuzz description: 'Web application fuzzer ' url: https://github.com/xmendez/wfuzz category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/wprecon.yaml b/weapons/wprecon.yaml index debe825..5bf0152 100644 --- a/weapons/wprecon.yaml +++ b/weapons/wprecon.yaml @@ -4,7 +4,7 @@ description: Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recog tool in CMS Wordpress, 100% developed in Go. url: https://github.com/blackcrw/wprecon category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wpscan.yaml b/weapons/wpscan.yaml index e9b5ed3..7fed8af 100644 --- a/weapons/wpscan.yaml +++ b/weapons/wpscan.yaml @@ -5,7 +5,7 @@ description: 'WPScan is a free, for non-commercial use, black box WordPress Vuln of their WordPress websites. ' url: https://github.com/wpscanteam/wpscan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ws-smuggler.yaml b/weapons/ws-smuggler.yaml index b942fd8..71aaf4e 100644 --- a/weapons/ws-smuggler.yaml +++ b/weapons/ws-smuggler.yaml @@ -3,7 +3,7 @@ name: ws-smuggler description: WebSocket Connection Smuggler url: https://github.com/hahwul/ws-smuggler category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wssip.yaml b/weapons/wssip.yaml index 167f108..4ac33f7 100644 --- a/weapons/wssip.yaml +++ b/weapons/wssip.yaml @@ -4,7 +4,7 @@ description: Application for capturing, modifying and sending custom WebSocket d from client to server and vice versa. url: https://github.com/nccgroup/wssip category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wuzz.yaml b/weapons/wuzz.yaml index 3c49953..bf41784 100644 --- a/weapons/wuzz.yaml +++ b/weapons/wuzz.yaml @@ -3,7 +3,7 @@ name: wuzz description: 'Interactive cli tool for HTTP inspection ' url: https://github.com/asciimoo/wuzz category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/x8.yaml b/weapons/x8.yaml index d797bd0..278ec58 100644 --- a/weapons/x8.yaml +++ b/weapons/x8.yaml @@ -3,7 +3,7 @@ name: x8 description: Hidden parameters discovery suite url: https://github.com/Sh1Yo/x8 category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/xsinator.com.yaml b/weapons/xsinator.com.yaml index 0f6b109..e51c54b 100644 --- a/weapons/xsinator.com.yaml +++ b/weapons/xsinator.com.yaml @@ -3,7 +3,7 @@ name: xsinator.com description: XS-Leak Browser Test Suite url: https://github.com/RUB-NDS/xsinator.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/xss-cheatsheet-data.yaml b/weapons/xss-cheatsheet-data.yaml index a418c51..9f9ede0 100644 --- a/weapons/xss-cheatsheet-data.yaml +++ b/weapons/xss-cheatsheet-data.yaml @@ -4,7 +4,7 @@ description: 'This repository contains all the XSS cheatsheet data to allow cont from the community. ' url: https://github.com/PortSwigger/xss-cheatsheet-data category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/xsscrapy.yaml b/weapons/xsscrapy.yaml index 7f44232..2fe0d91 100644 --- a/weapons/xsscrapy.yaml +++ b/weapons/xsscrapy.yaml @@ -4,7 +4,7 @@ description: 'XSS/SQLi spider. Give it a URL and it''ll test every link it finds XSS and some SQLi. ' url: https://github.com/DanMcInerney/xsscrapy category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/xsser.yaml b/weapons/xsser.yaml index ff6a24e..54c05ec 100644 --- a/weapons/xsser.yaml +++ b/weapons/xsser.yaml @@ -4,7 +4,7 @@ description: 'Cross Site "Scripter" (aka XSSer) is an automatic -framework- to d exploit and report XSS vulnerabilities in web-based applications. ' url: https://github.com/epsylon/xsser category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/xssor2.yaml b/weapons/xssor2.yaml index 3972040..ddfd33f 100644 --- a/weapons/xssor2.yaml +++ b/weapons/xssor2.yaml @@ -3,7 +3,7 @@ name: xssor2 description: XSS'OR - Hack with JavaScript. url: https://github.com/evilcos/xssor2 category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/xxeserv.yaml b/weapons/xxeserv.yaml index 6f9b786..3980b54 100644 --- a/weapons/xxeserv.yaml +++ b/weapons/xxeserv.yaml @@ -3,7 +3,7 @@ name: xxeserv description: A mini webserver with FTP support for XXE payloads url: https://github.com/staaldraad/xxeserv category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ysoserial.net.yaml b/weapons/ysoserial.net.yaml index 1720dd3..473989b 100644 --- a/weapons/ysoserial.net.yaml +++ b/weapons/ysoserial.net.yaml @@ -3,7 +3,7 @@ name: ysoserial.net description: 'Deserialization payload generator for a variety of .NET formatters ' url: https://github.com/pwntester/ysoserial.net category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ysoserial.yaml b/weapons/ysoserial.yaml index 74801c8..5222bd4 100644 --- a/weapons/ysoserial.yaml +++ b/weapons/ysoserial.yaml @@ -4,7 +4,7 @@ description: 'A proof-of-concept tool for generating payloads that exploit unsaf Java object deserialization. ' url: https://github.com/frohoff/ysoserial category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/zap-cli.yaml b/weapons/zap-cli.yaml index a3b84c1..de8d172 100644 --- a/weapons/zap-cli.yaml +++ b/weapons/zap-cli.yaml @@ -3,7 +3,7 @@ name: zap-cli description: 'A simple tool for interacting with OWASP ZAP from the commandline. ' url: https://github.com/Grunny/zap-cli category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/zap-hud.yaml b/weapons/zap-hud.yaml index 267208a..abe4482 100644 --- a/weapons/zap-hud.yaml +++ b/weapons/zap-hud.yaml @@ -3,7 +3,7 @@ name: zap-hud description: url: https://github.com/zaproxy/zap-hud category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/zaproxy.yaml b/weapons/zaproxy.yaml index a3aab88..8c3d4aa 100644 --- a/weapons/zaproxy.yaml +++ b/weapons/zaproxy.yaml @@ -3,7 +3,7 @@ name: zaproxy description: The OWASP ZAP core project url: https://github.com/zaproxy/zaproxy category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/zdns.yaml b/weapons/zdns.yaml index a05627f..b7db6ab 100644 --- a/weapons/zdns.yaml +++ b/weapons/zdns.yaml @@ -3,7 +3,7 @@ name: zdns description: Fast CLI DNS Lookup Tool url: https://github.com/zmap/zdns category: tool -types: [] +type: platform: [] lang: [] tags: []