From f613267a87447745c2d58fc558d29608978b7258 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 16:26:26 +0900 Subject: [PATCH] Update --- CONTRIBUTING.md | 22 +- README.md | 613 +++++++++--------- images/c#.png | Bin 0 -> 1002 bytes images/c.png | Bin 0 -> 1118 bytes images/go.png | Bin 0 -> 629 bytes images/html.png | Bin 0 -> 813 bytes images/java.png | Bin 0 -> 898 bytes images/javascript.png | Bin 0 -> 759 bytes images/kotlin.png | Bin 0 -> 1064 bytes images/perl.png | Bin 0 -> 872 bytes images/php.png | Bin 0 -> 780 bytes images/python.png | Bin 0 -> 757 bytes images/ruby.png | Bin 0 -> 1192 bytes images/rust.png | Bin 0 -> 1223 bytes images/shell.png | Bin 0 -> 592 bytes images/typescript.png | Bin 0 -> 757 bytes scripts/erb.rb | 4 +- scripts/for_migration/apply_platform.rb | 14 + scripts/{ => for_migration}/fetch_lang.rb | 0 scripts/{ => for_migration}/migration.rb | 0 scripts/validate_weapons.rb | 22 + weapons/230-OOB.yaml | 7 +- weapons/3klCon.yaml | 6 +- weapons/AWSBucketDump.yaml | 7 +- weapons/Amass.yaml | 7 +- weapons/Arjun.yaml | 7 +- weapons/Assetnote_Wordlists.yaml | 7 +- weapons/Atlas.yaml | 4 +- weapons/AuthMatrix.yaml | 11 +- weapons/Autorize.yaml | 11 +- weapons/Blacklist3r.yaml | 4 +- weapons/BruteX.yaml | 4 +- weapons/Bug-Bounty-Toolz.yaml | 4 +- weapons/BurpBounty.yaml | 8 +- weapons/BurpCustomizer.yaml | 8 +- weapons/BurpJSLinkFinder.yaml | 8 +- weapons/BurpSuite-Secret_Finder.yaml | 6 +- weapons/BurpSuite.yaml | 4 +- weapons/BurpSuiteHTTPSmuggler.yaml | 8 +- weapons/BurpSuiteLoggerPlusPlus.yaml | 8 +- weapons/CSP_Evaluator.yaml | 9 +- weapons/CT_subdomains.yaml | 9 +- weapons/Chaos_Web.yaml | 2 +- .../Chromium-based-XSS-Taint-Tracking.yaml | 9 +- weapons/CorsMe.yaml | 4 +- weapons/Corsy.yaml | 4 +- weapons/CyberChef.yaml | 9 +- weapons/DNSDumpster.yaml | 7 +- weapons/DOMPurify.yaml | 12 +- weapons/DSSS.yaml | 9 +- weapons/Dark_Reader.yaml | 7 +- weapons/Dark_Reader_for_Safari.yaml | 6 +- weapons/DeepViolet.yaml | 12 +- weapons/DirDar.yaml | 12 +- weapons/DotGit.yaml | 9 +- weapons/Edit-This-Cookie.yaml | 8 +- weapons/Emissary.yaml | 9 +- weapons/FavFreak.yaml | 4 +- weapons/Findsploit.yaml | 9 +- weapons/Gf-Patterns.yaml | 4 +- weapons/GitMiner.yaml | 4 +- weapons/Gopherus.yaml | 4 +- weapons/GraphQLmap.yaml | 4 +- weapons/HRS.yaml | 9 +- weapons/HUNT.yaml | 9 +- weapons/Hack-Tools.yaml | 9 +- weapons/HydraRecon.yaml | 9 +- weapons/IntruderPayloads.yaml | 8 +- weapons/JSFScan.sh.yaml | 5 +- weapons/LFISuite.yaml | 4 +- weapons/LinkFinder.yaml | 4 +- weapons/MM3_ProxySwitch.yaml | 7 +- weapons/NoSQLMap.yaml | 4 +- weapons/OneForAll.yaml | 4 +- weapons/OpenRedireX.yaml | 9 +- weapons/Osmedeus.yaml | 4 +- weapons/PPScan.yaml | 9 +- weapons/ParamSpider.yaml | 7 +- weapons/Parth.yaml | 7 +- weapons/PayloadsAllTheThings.yaml | 9 +- weapons/Phoenix.yaml | 7 +- weapons/Photon.yaml | 4 +- weapons/PoC-in-GitHub.yaml | 9 +- weapons/RustScan.yaml | 4 +- weapons/S3Scanner.yaml | 7 +- weapons/SQLNinja.yaml | 7 +- weapons/SQL_Ninja.yaml | 7 +- weapons/SSRFmap.yaml | 7 +- weapons/STEWS.yaml | 9 +- weapons/SecLists.yaml | 4 +- weapons/SecretFinder.yaml | 4 +- weapons/SecurityTrails.yaml | 7 +- weapons/SequenceDiagram.yaml | 7 +- weapons/Shodan.yaml | 7 +- weapons/Silver.yaml | 4 +- weapons/Sn1per.yaml | 4 +- weapons/Stepper.yaml | 8 +- weapons/Striker.yaml | 4 +- weapons/SubOver.yaml | 12 +- weapons/Sublist3r.yaml | 7 +- weapons/Taipan.yaml | 9 +- weapons/TukTuk.yaml | 7 +- weapons/User-Agent_Switcher.yaml | 6 +- weapons/VHostScan.yaml | 4 +- weapons/Wayback_Machine.yaml | 6 +- weapons/Web-Cache-Vulnerability-Scanner.yaml | 9 +- weapons/XSRFProbe.yaml | 9 +- weapons/XSStrike.yaml | 7 +- weapons/XSpear.yaml | 7 +- weapons/XXEinjector.yaml | 12 +- weapons/a2sv.yaml | 7 +- weapons/altdns.yaml | 7 +- weapons/anew.yaml | 4 +- weapons/apkleaks.yaml | 7 +- weapons/aquatone.yaml | 7 +- weapons/arachni.yaml | 4 +- weapons/assetfinder.yaml | 7 +- weapons/attack-surface-detector-zap.yaml | 8 +- weapons/auto-repeater.yaml | 8 +- weapons/autochrome.yaml | 9 +- weapons/axiom.yaml | 7 +- weapons/bat.yaml | 4 +- weapons/boast.yaml | 7 +- weapons/bountyplz.yaml | 7 +- weapons/burl.yaml | 7 +- weapons/burp-exporter.yaml | 8 +- weapons/burp-piper.yaml | 8 +- weapons/burp-retire-js.yaml | 9 +- weapons/burp-send-to.yaml | 8 +- weapons/c-jwt-cracker.yaml | 7 +- weapons/can-i-take-over-xyz.yaml | 4 +- weapons/cariddi.yaml | 4 +- weapons/cc.py.yaml | 4 +- weapons/cf-check.yaml | 4 +- weapons/chaos-client.yaml | 4 +- weapons/clear-cache.yaml | 8 +- weapons/collaborator-everywhere.yaml | 8 +- weapons/commix.yaml | 4 +- weapons/community-scripts.yaml | 8 +- weapons/confused.yaml | 4 +- weapons/cookie-quick-manager.yaml | 8 +- weapons/corsair_scan.yaml | 4 +- weapons/crawlergo.yaml | 4 +- weapons/crlfuzz.yaml | 4 +- weapons/csp-auditor.yaml | 12 +- weapons/curl.yaml | 9 +- weapons/dalfox.yaml | 7 +- weapons/dirsearch.yaml | 4 +- weapons/ditto.yaml | 9 +- weapons/dmut.yaml | 12 +- weapons/dnsobserver.yaml | 13 +- weapons/dnsprobe.yaml | 7 +- weapons/dnsvalidator.yaml | 12 +- weapons/dnsx.yaml | 12 +- weapons/docem.yaml | 13 +- weapons/domdig.yaml | 7 +- weapons/dontgo403.yaml | 12 +- weapons/dotdotpwn.yaml | 4 +- weapons/eval_villain.yaml | 11 +- weapons/ezXSS.yaml | 7 +- weapons/femida.yaml | 8 +- weapons/feroxbuster.yaml | 9 +- weapons/ffuf.yaml | 4 +- weapons/fhc.yaml | 9 +- weapons/findom-xss.yaml | 7 +- weapons/findomain.yaml | 7 +- weapons/fockcache.yaml | 9 +- weapons/fuzzparam.yaml | 9 +- weapons/fzf.yaml | 4 +- weapons/gau.yaml | 4 +- weapons/gauplus.yaml | 9 +- weapons/gee.yaml | 9 +- weapons/getJS.yaml | 9 +- weapons/gf.yaml | 4 +- weapons/gitGraber.yaml | 4 +- weapons/github-endpoints.yaml | 9 +- weapons/github-regexp.yaml | 9 +- weapons/github-search.yaml | 4 +- weapons/github-subdomains.yaml | 9 +- weapons/gitleaks.yaml | 9 +- weapons/gitls.yaml | 9 +- weapons/gitrob.yaml | 4 +- weapons/go-dork.yaml | 4 +- weapons/gobuster.yaml | 4 +- weapons/gospider.yaml | 4 +- weapons/gotator.yaml | 9 +- weapons/gotestwaf.yaml | 9 +- weapons/gowitness.yaml | 4 +- weapons/graphql-voyager.yaml | 4 +- weapons/grc.yaml | 9 +- weapons/grex.yaml | 9 +- weapons/gron.yaml | 4 +- weapons/h2csmuggler.yaml | 4 +- weapons/hacks.yaml | 4 +- weapons/hakcheckurl.yaml | 9 +- weapons/hakrawler.yaml | 4 +- weapons/hakrevdns.yaml | 4 +- weapons/haktrails.yaml | 9 +- weapons/hashcat.yaml | 9 +- weapons/headi.yaml | 9 +- weapons/hetty.yaml | 4 +- weapons/hinject.yaml | 4 +- weapons/htcat.yaml | 4 +- weapons/http-request-smuggler.yaml | 8 +- weapons/http-request-smuggling.yaml | 9 +- weapons/http-script-generator.yaml | 9 +- weapons/http2smugl.yaml | 9 +- weapons/httpie.yaml | 9 +- weapons/httprobe.yaml | 4 +- weapons/httptoolkit.yaml | 9 +- weapons/httpx.yaml | 4 +- weapons/hurl.yaml | 9 +- weapons/inql.yaml | 8 +- weapons/interactsh.yaml | 12 +- weapons/intrigue-core.yaml | 4 +- weapons/jaeles.yaml | 4 +- weapons/jsfuck.yaml | 12 +- weapons/jsonwebtoken.github.io.yaml | 12 +- weapons/jsprime.yaml | 9 +- weapons/jwt-cracker.yaml | 7 +- weapons/jwt-hack.yaml | 7 +- weapons/kiterunner.yaml | 9 +- weapons/knife.yaml | 8 +- weapons/knock.yaml | 7 +- weapons/lazyrecon.yaml | 4 +- weapons/longtongue.yaml | 9 +- weapons/masscan.yaml | 4 +- weapons/medusa.yaml | 4 +- weapons/meg.yaml | 4 +- weapons/megplus.yaml | 4 +- weapons/naabu.yaml | 4 +- weapons/nikto.yaml | 4 +- weapons/nmap.yaml | 5 +- weapons/nosqli.yaml | 4 +- weapons/nuclei.yaml | 4 +- weapons/ob_hacky_slack.yaml | 9 +- weapons/owasp-zap-jwt-addon.yaml | 11 +- weapons/oxml_xxe.yaml | 4 +- weapons/pagodo.yaml | 9 +- weapons/param-miner.yaml | 11 +- weapons/parameth.yaml | 9 +- weapons/pentest-tools.yaml | 4 +- weapons/pet.yaml | 5 +- weapons/plution.yaml | 9 +- weapons/postMessage-tracker.yaml | 8 +- weapons/ppfuzz.yaml | 9 +- weapons/ppmap.yaml | 9 +- weapons/proxify.yaml | 9 +- weapons/puredns.yaml | 9 +- weapons/pwncat.yaml | 5 +- weapons/qsreplace.yaml | 4 +- weapons/quickjack.yaml | 9 +- weapons/rapidscan.yaml | 4 +- weapons/recon_profile.yaml | 4 +- weapons/reconftw.yaml | 9 +- weapons/reflect.yaml | 10 +- weapons/reflected-parameters.yaml | 8 +- weapons/rengine.yaml | 4 +- weapons/rusolver.yaml | 12 +- weapons/s3reverse.yaml | 7 +- weapons/safecopy.yaml | 8 +- weapons/scilla.yaml | 4 +- weapons/security-crawl-maze.yaml | 9 +- weapons/security-research-pocs.yaml | 9 +- weapons/shuffledns.yaml | 4 +- weapons/singularity.yaml | 9 +- weapons/slackcat.yaml | 9 +- weapons/smuggler.yaml | 4 +- weapons/sn0int.yaml | 9 +- weapons/spiderfoot.yaml | 9 +- weapons/sqliv.yaml | 12 +- weapons/sqlmap.yaml | 5 +- weapons/ssrf-sheriff.yaml | 4 +- weapons/subfinder.yaml | 7 +- weapons/subgen.yaml | 12 +- weapons/subjack.yaml | 7 +- weapons/subjs.yaml | 9 +- weapons/subs_all.yaml | 7 +- weapons/subzy.yaml | 12 +- weapons/taborator.yaml | 11 +- weapons/template-generator.yaml | 4 +- weapons/testssl.sh.yaml | 4 +- weapons/thc-hydra.yaml | 4 +- weapons/tiscripts.yaml | 9 +- weapons/tplmap.yaml | 9 +- weapons/turbo-intruder.yaml | 8 +- weapons/uncover.yaml | 9 +- weapons/unfurl.yaml | 4 +- weapons/urlgrab.yaml | 4 +- weapons/urlhunter.yaml | 9 +- weapons/urlprobe.yaml | 4 +- weapons/uro.yaml | 9 +- weapons/waybackurls.yaml | 4 +- weapons/weaponised-XSS-payloads.yaml | 9 +- weapons/web_cache_poison.yaml | 9 +- weapons/websocket-connection-smuggler.yaml | 9 +- weapons/wfuzz.yaml | 4 +- weapons/wprecon.yaml | 9 +- weapons/wpscan.yaml | 4 +- weapons/ws-smuggler.yaml | 9 +- weapons/wssip.yaml | 9 +- weapons/wuzz.yaml | 4 +- weapons/x8.yaml | 9 +- weapons/xsinator.com.yaml | 9 +- weapons/xss-cheatsheet-data.yaml | 7 +- weapons/xsscrapy.yaml | 7 +- weapons/xsser.yaml | 7 +- weapons/xssor2.yaml | 12 +- weapons/xxeserv.yaml | 9 +- weapons/ysoserial.net.yaml | 4 +- weapons/ysoserial.yaml | 4 +- weapons/zap-cli.yaml | 4 +- weapons/zap-hud.yaml | 8 +- weapons/zaproxy.yaml | 9 +- weapons/zdns.yaml | 12 +- 315 files changed, 1634 insertions(+), 1121 deletions(-) create mode 100644 images/c#.png create mode 100644 images/c.png create mode 100644 images/go.png create mode 100644 images/html.png create mode 100644 images/java.png create mode 100644 images/javascript.png create mode 100644 images/kotlin.png create mode 100644 images/perl.png create mode 100644 images/php.png create mode 100644 images/python.png create mode 100644 images/ruby.png create mode 100644 images/rust.png create mode 100644 images/shell.png create mode 100644 images/typescript.png create mode 100644 scripts/for_migration/apply_platform.rb rename scripts/{ => for_migration}/fetch_lang.rb (100%) rename scripts/{ => for_migration}/migration.rb (100%) create mode 100644 scripts/validate_weapons.rb diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 53e663f..a7e24c5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,19 +10,19 @@ name: App Name description: App Description url: App URL # https://github.com/hahwul/dalfox category: tool # tool / tool-addon / browser-addon / bookmarklet -type: # fuzzer / scanner / enum / etc... +type: # recon / fuzzer / scanner / exploit / utils / etc platform: -- linux # linux -- macos # macos application -- windows # windows application -- firefox # firefox addon -- safari # safari addon -- chrome # chrome addon -- zap # zap addon -- burpsuite # burpsuite addon +- linux # linux +- macos # macos application +- windows # windows application +- firefox # firefox addon +- safari # safari addon +- chrome # chrome addon +- zap # zap addon +- burpsuite # burpsuite addon # If supported crossplatform, you write out all three (linux/macos/windows) -lang: [] -tags: [] +lang: [] # go / python / ruby / rust / etc... +tags: [] # xss / sqli / ssrf / oast / etc... ``` ![1415](https://user-images.githubusercontent.com/13212227/98445635-00db1e00-215c-11eb-8a59-d7d21dd98db0.png) diff --git a/README.md b/README.md index 0fa4124..40317ac 100644 --- a/README.md +++ b/README.md @@ -24,319 +24,322 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons -- OS: Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) -- Browser-Addon: Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) -- Tool-Addon: ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) +*Attributes* +| | Attributes | +|-------|---------------------------------------------------| +| Types | `Army-Knife` `Recon` `Fuzzer` `Scanner` `Exploit` `Utils` `Etc`| +| Tags | `infra` `param` `subdomains` `dns` `domain` `apk` `jwt` `ssrf` `s3` `sqli` `aaa` `403` `xss` `ssl` `csp` `xxe` `url` `oast` `wordlist` `report` | +| Langs | `Go` `Shell` `Java` `Python` `C` `Rust` `Ruby` `JavaScript` `Perl` `PHP` `C#` `TypeScript` `BlitzBasic` `Kotlin` `HTML` `CSS` `C++` | ### Tools -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | -||[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)|| -||[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|| -||[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|x|| -||[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)|| -||[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|| -||[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)|| -||[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|| -||[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|x|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|| -||[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|x|| -||[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|| -||[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)|| -||[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|x|| -||[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|| -||[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|| -||[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)|| -||[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|| -||[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)|| -||[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|| -||[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)|| -||[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|| -||[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)|| -||[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)|| -||[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|x|| -||[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|| -||[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)|| -||[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)|| -||[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)|| -||[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|| -||[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|| -||[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|| -||[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|| -||[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|| -||[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|| -||[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)|| -||[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|| -||[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)|| -||[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)|| -||[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|| -||[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)|| -||[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|| -||[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|| -||[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|x|| -||[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)|| -||[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)|| -||[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|| -||[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)|| -||[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|| -||[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|| -||[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)|| -||[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)|| -||[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)|| -||[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|| -||[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|x|| -||[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|| -||[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)|| -||[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|| -||[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)|| -||[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)|| -||[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)|| -||[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|| -||[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|x|| -||[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)|| -||[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|| -||[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|| -||[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|| -||[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)|| -||[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|| -||[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)|| -||[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|| -||[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)|| -||[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)|| -||[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)|| -||[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)|| -||[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|| -||[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|| -||[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|x|| -||[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)|| -||[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|| -||[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|| -||[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|| -||[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|| -||[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|| -||[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)|| -||[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|| -||[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|| -||[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)|| -||[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|| -||[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)|| -||[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|| -||[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)|| -||[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)|| -||[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)|| -||[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|| -||[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|x|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|| -||[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|| -||[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|| -||[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|| -||[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|| -||[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)|| -||[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|| -||[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)|| -||[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)|| -||[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)|| -||[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)|| -||[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)|| -||[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|| -||[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | +|Army-Knife|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Army-Knife|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|`infra`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Army-Knife|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)||![](./images/java.png)| +|Army-Knife|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)||![](./images/go.png)| +|Army-Knife|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![](./images/python.png)| +|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)||![](./images/go.png)| +|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|||| +|Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|`dns`|![](./images/go.png)| +|Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|`dns`|![](./images/rust.png)| +|Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![](./images/go.png)| +|Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/shell.png)| +|Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![](./images/python.png)| +|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)||![](./images/python.png)| +|Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![](./images/rust.png)| +|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|`dns`|![](./images/python.png)| +|Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|`domain`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|`dns`|![](./images/go.png)| +|Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![](./images/shell.png)| +|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)||![](./images/rust.png)| +|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![](./images/go.png)| +|Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|||| +|Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![](./images/go.png)| +|Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|||| +|Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![](./images/python.png)| +|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)||![](./images/go.png)| +|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)||![](./images/go.png)| +|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|`apk`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)||![](./images/python.png)| +|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)||| +|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![](./images/rust.png)| +|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![](./images/python.png)| +|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)||![](./images/go.png)| +|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)||| +|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|`subdomains`|| +|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||| +|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)||![](./images/go.png)| +|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![](./images/go.png)| +|Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|`ssrf`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| +|Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![](./images/c.png)| +|Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![](./images/rust.png)| +|Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)||![](./images/rust.png)| +|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![](./images/perl.png)| +|Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![](./images/python.png)| +|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)| +|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|`sqli`|![](./images/python.png)| +|Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|`403`|![](./images/go.png)| +|Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)||![](./images/go.png)| +|Scanner|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)||![](./images/go.png)| +|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)||![](./images/go.png)| +|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)||![](./images/go.png)| +|Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![](./images/go.png)| +|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)||![](./images/javascript.png)| +|Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![](./images/go.png)| +|Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|`ssl`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Scanner|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|`ssl`|![](./images/java.png)| +|Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|`403`|![](./images/go.png)| +|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![](./images/go.png)| +|Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![](./images/javascript.png)| +|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/c.png)| +|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)||![](./images/go.png)| +|Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![](./images/go.png)| +|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)||![](./images/go.png)| +|Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)||| +|Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)||![](./images/go.png)| +|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|`xss`|![](./images/javascript.png)| +|Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| +|Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)||![](./images/shell.png)| +|Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)||![](./images/javascript.png)| +|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)||| +|Scanner|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)||| +|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||| +|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Exploit|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|||| +|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|||| +|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![](./images/python.png)| +|Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![](./images/go.png)| +|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|`xxe`|![](./images/ruby.png)| +|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![](./images/javascript.png)| +|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|`url`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|||| +|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![](./images/python.png)| +|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/php.png)| +|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)||![](./images/shell.png)| +|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)||![](./images/go.png)| +|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c#.png)| +|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![](./images/go.png)| +|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)||| +|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)||![](./images/javascript.png)| +|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![](./images/c.png)| +|Utils|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|||| +|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|`xss`|![](./images/javascript.png)| +|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![](./images/javascript.png)| +|Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![](./images/rust.png)| +|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|`oast`|![](./images/go.png)| +|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|`oast` `dns`|![](./images/go.png)| +|Utils|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)||| +|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/shell.png)| +|Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|`xss`|![](./images/javascript.png)| +|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|`xxe` `xss`|![](./images/python.png)| +|Utils|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)||![](./images/html.png)| +|Utils|[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|||| +|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![](./images/go.png)| +|Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|`xxe`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/go.png)| +|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)||![](./images/shell.png)| +|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)||![](./images/go.png)| +|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![](./images/go.png)| +|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![](./images/go.png)| +|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![](./images/go.png)| +|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![](./images/go.png)| +|Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|`wordlist`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/css.png)| +|Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|`report`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![](./images/javascript.png)| +|Utils|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)||![](./images/c++.png)| +|Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![](./images/javascript.png)| +|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)||| +|Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||| +|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||| +|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||| +|Utils|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)||| +|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| ### Bookmarklets -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | ### Browser Addons -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | -||[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|![firefox](./images/firefox.png)| -||[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|x|![safari](./images/safari.png)| -||[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|x|![chrome](./images/chrome.png)| -||[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|![chrome](./images/chrome.png)| -||[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|x|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|x|![safari](./images/safari.png)| -||[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|x|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|![chrome](./images/chrome.png)| -||[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)|![firefox](./images/firefox.png)| -||[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|![firefox](./images/firefox.png)| +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | +|Recon|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|||![safari](./images/safari.png)| +|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|`jwt`|![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)||![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/typescript.png)| +|Utils|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|||![safari](./images/safari.png)| +|Utils|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|||![chrome](./images/chrome.png)| +|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)||![chrome](./images/chrome.png)![](./images/javascript.png)| +|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +|Utils|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|||![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)||![chrome](./images/chrome.png)![](./images/javascript.png)| +|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|`xss`|![firefox](./images/firefox.png)![](./images/javascript.png)| ### Burpsuite and ZAP Addons -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | -||[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|![burp](./images/burp.png)| -||[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|![burp](./images/burp.png)| -||[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)|![burp](./images/burp.png)| -||[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|![burp](./images/burp.png)| -||[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|![zap](./images/zap.png)| -||[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|![burp](./images/burp.png)| -||[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)|![burp](./images/burp.png)| -||[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)|![burp](./images/burp.png)| -||[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)|![burp](./images/burp.png)| -||[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)|![burp](./images/burp.png)| -||[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)|![burp](./images/burp.png)| -||[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)|![burp](./images/burp.png)| -||[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|![burp](./images/burp.png)| -||[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)|![burp](./images/burp.png)| -||[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)|![burp](./images/burp.png)| -||[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|![burp](./images/burp.png)| -||[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)|![zap](./images/zap.png)| -||[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)|![burp](./images/burp.png)| -||[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)|![burp](./images/burp.png)| -||[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)|![burp](./images/burp.png)| -||[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)|![burp](./images/burp.png)| -||[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|![burp](./images/burp.png)| -||[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|![burp](./images/burp.png)| -||[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[reflect](https://github.com/TypeError/reflect)||![](https://img.shields.io/github/stars/TypeError/reflect?label=%20)|![zap](./images/zap.png)| -||[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|![zap](./images/zap.png)| -||[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)|![burp](./images/burp.png)| -||[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)|![zap](./images/zap.png)| -||[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|![burp](./images/burp.png)| -||[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)|![burp](./images/burp.png)| +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | +|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Recon|[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/python.png)| +|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)||![zap](./images/zap.png)![](./images/java.png)| +|Recon|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)||![burp](./images/burp.png)| +|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/javascript.png)| +|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|`param`|![burp](./images/burp.png)![](./images/java.png)| +|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|`aaa`|![burp](./images/burp.png)![](./images/python.png)| +|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|`aaa`|![burp](./images/burp.png)![](./images/python.png)| +|Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|`csp`|![burp](./images/burp.png)![zap](./images/zap.png)![](./images/java.png)| +|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)||![burp](./images/burp.png)| +|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|`oast`|![burp](./images/burp.png)![](./images/java.png)| +|Utils|[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)||![burp](./images/burp.png)![](./images/blitzbasic.png)| +|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![burp](./images/burp.png)![](./images/kotlin.png)| +|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![burp](./images/burp.png)| +|Utils|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)||![burp](./images/burp.png)![](./images/blitzbasic.png)| +|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/java.png)| +|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![zap](./images/zap.png)![](./images/java.png)| +|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[reflect](https://github.com/TypeError/reflect)||![](https://img.shields.io/github/stars/TypeError/reflect?label=%20)||![zap](./images/zap.png)| +|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|`jwt`|![zap](./images/zap.png)![](./images/java.png)| +|Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![burp](./images/burp.png)![](./images/kotlin.png)| +|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![zap](./images/zap.png)![](./images/javascript.png)| +|Utils|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)||![burp](./images/burp.png)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 diff --git a/images/c#.png b/images/c#.png new file mode 100644 index 0000000000000000000000000000000000000000..46ca24ffe1f1ed68fcd494c2fbdb06cc3c4dec6c GIT binary patch literal 1002 zcmVPx#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+1R7pfZR5%fJRBcF8Q5b&iwrZQ- z)6kk|RQe+{%FIGTGqePWipnVZp&13G_6_Bapg>R(`=s_G&61L=)CkG^WHLWenuOA9 z$|Tb@vox1mEA_5>uHJiho1Gu`yzlcq=Q;0r?|Tjf_aVKKQC+hlC}M|uNI*u$J~rjv zPbHig0R<>mXJ5jF?47a4Z@FTu&9Dg3>2!;rw)4Tc^2WR(F2V|~4%xIO_u!*WsYL3* z1s2IA*m@`kL8}y?T(xo^0=hsxQjxw9cW=_Dsa=Cz4_ zSeLAFh1_gY_fP1aeHGz)V?#0Z@X`RypnMKdDgKCv_Z1QU=ZqNbXe|B0hTEGBc;8`y z%vH?OPqv_#!!`>iv#r8QD$-VmD=|&kP?E1@;&TNig8WE1rsi#8{2ZS~bl+BoZUsx?(f(G8>TWqe1qyEs!miAR=xV zC&M0@bv#vzc#s&q+6j?Q9Fx(4`pS1~`&_L^K}>Q8@~czft&&5N+YWuxuplV+6xYXM z`o#-Q*=(pN*5Z#%XvE8DwRmDUjEj3}us%V}ijf8U868uzyZ|u*S1Mp0u;clQDh%|S z*q97Tcp-$bDV(|ykAP(!IDaP*{>*H%PUAy|MG%}~et_#Bt#e>ot}DdcF*_#Ehod=Z zxOut-UcO6Ec%m6$>z2aMHOg}NpF*yc-70jyL`tEy{|clsp2Bu(aeWTX-AqKY{RGOd z>oGG;^I}AiG&Wlpnx@gHdxJ7vmMAOYd>gf5c7{fv+P&e^x88+OOHMa;H%JYgt!*7t zi&jV0qNJz+N6sd(Hunh#^yW;_+*)tITWt@EDXgX0{PnVpUyyo$BM+&#~niv=R?j2|NTw~bptGA5eztk8#C><4-;TA(Z7e39Th zC=12@*9!QH3(2jRpMPV#We^pFBkH$>1lc8W_=YmVdJ0m}!{`J(`3Wzh92lMJ_J20| Y3%n;Ja`e!k=l}o!07*qoM6N<$g5Nv3(f|Me literal 0 HcmV?d00001 diff --git a/images/c.png b/images/c.png new file mode 100644 index 0000000000000000000000000000000000000000..02f73265dc4e1e2e8c41616e49c443d041bee01b GIT binary patch literal 1118 zcmV-k1flzhP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+1$Vo&&R5%fZRBdQmWfXqyN0T&3 z)1+&PttnQvZqrejI`-iosfZ){Q8wL%KUz=*but_q!yf}j3!{R#AqW$yAOky*mBA3^ z7swR$qt)TM)wQ}6*L3|%o2KcqG`YF=zMk{mM3dFc1Mkg!&pGe&KF>Ml2KXNfHf;`e z_6{HG?7ev`64_Kk>B^&yJT%zdE!4@!hu>C&(nA2%1(17+5M9a8A0PMc-*5dFu=b#H zT{P<6`0Vbjp3RXj=(YnC_m$+hp(rnTvf-Vc%D|WwZk}5jA2Lhg<@7syuX-)bbw;(7 zc1qF(1SP1b&>bOplRY;1q&49n{A6V@#R#<^#!|w_c}j>nfEEWLxY(ynAfc# zowe}&jd={*Ug9)tZw_MTGhz5W8s6Kp7G3?L`243~B=4_4war@2k$|e^(gba|LM*cg z_SugU7@11bpg1-BZfG78B(?4NT6}cr1}ur!m2JCECFrHu!x~-KwY&Xg_(^^ zr=?WBSsDR&=hKbhP)*TG96|@2;5Di@XJ^X z_g1o`;~&z6o7kaC3<>zJclFzfVc^=GDcqi0fMwaM6CUtLKw(=pv6ResG`O2v)&|gX z;TlG#=fDh0%|&E#CeLGu338B0n%orL@X*dKIrH^O%No>&R2mDL04XMyKuuGHP+h!E`b|-;1KKU8L zcasG$B`%CipFMT!G$sekvbv(}gDTBe+e;PON0;d~f$%VRoD$2DaOqX&RGx}{&I(wE z@abC_DS;m4fb3ltb)zb{U4Q!J_k}H3t25~wbIhPagXZWD$B`Gm;%2{54Dhd0lv2;) zn1$KjWA-_swG7r-tDV}(H+Z2nf)ke)*Hfb`eZ6LBB`+NSw{Ezm`kN^MY5%1q@_-L*`+x;hh|pQ>uR$?KaSe(UY+BNMJ~ovx^`bW&^L z1fhLEtk@?)jvtR!oFxbN&l92k~sc7Ph+dHInwmthLZy-BOmjAlx>j#w^W|W5r ztn+xtp!I|A+K2Dw!wt@!Idt~J+t7y%;>pr~#ap8mw3{MMxw#;p~7x?m^026~o;iS|jmW}+NDED;rb6Mw<&;$TQ CC<9#p literal 0 HcmV?d00001 diff --git a/images/html.png b/images/html.png new file mode 100644 index 0000000000000000000000000000000000000000..1cae86df3762d2237ccdc35b13c560cbeea3c50f GIT binary patch literal 813 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VV{wqX6T`Z5GB1G~m(&Q)G+$o^ zEg+kNfw4W4fd!-lh^2s-fq{7eBLg##W(0{XV1mnvEMP{kK?*nB{qUE8foZy@i(`m| z;M^&`8N!Yt$NwA8_6>V19_IAtfYe9kRV#J5oU~XkI)4ms`Jfi$s`6;*yuFozHlANs z*>cWu-m8%jVDp2Ki=;DHoXF z{%h0j_q~06YdEFnfgMjBb374&c6;IWlywyJNXZ?gI2fH1dfmK46T#uf} zZc=VK(P{Xiak0boHixrKRy9mXWn7Ow-|o1V6V=#s>R0ZxOFmBdH(4{hjQ50ZUJj`z&(z(z>_1eHJe)KHP0EdE1r+ZEn+g&g|K0J3*J{M8x*Xt>+dy%(I-# z#joee68eApxlPO|3{$52A7f?K46QfpVYhZWW;ey^RNtD-CwkxRIJxBVr7r0th9}a3 zx3@5tW;J=NYYUTm^M)~E<=KMe@xKDA=D+AUrs=qKZG9zs=+B4t4|UAQG#YB&*rR{quo7nY}`5oL(!!%>vn6`$0R}5d< z?32D=wdjr8zyAKZwrt+-=YPZ*O7Cc1pXcXL&7xVqT)8RW$W&?ZzrS>C_C0k!>-X-A o%7aP~ThqQx0cDHMRK?XZ$Td9unRxAKCn%|Uy85}Sb4q9e07Ow)lmGw# literal 0 HcmV?d00001 diff --git a/images/java.png b/images/java.png new file mode 100644 index 0000000000000000000000000000000000000000..481d970d99702403872d721079d2d0241fd34efe GIT binary patch literal 898 zcmV-|1AY97P)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+0>`6pHR5%f(lwU|wQ5?s==iIGL z=NglxCM6c3g>Hrh^tFLA_WnJ@n8+ZxLidLHdx{OPZo6sfi2h zk0wzqG5<|XolV`{?&)`D>SEKheh<6n{?70FIp6d9T_#}zA=1*cI?l~aF4x>@GQQeI zsJvrhLMk*{vO?`GT%&Ay{a--Cu(Ojun#BHoHy9h0 zxqPbv(5wYr(_w^jxPeLRNk>xBj)K9#VruwlcT`m7zW^C5iAEAKOHa?!U7W{8Oiqr` zdlwC6a1q$8MNzj2aaMES0l`zg(tLm>S_nnlNBzAw_)z0f1p?4LK6WNNf6qlN_>37- z17CnN6E;sbp}pz^+8=&a>w^0syL4d2ui#!QvM(gzXt9oPF2exURDH?&sD zq@O~0qe2EuDs1(LkJqETsRY^C1oI!N-h`p7-hh(UE&jEtE^Ro3vgWI(s92sw@Rij< zzqlnA@TGu>t@KWAm;}KFAjB&ec^7`l+c7%qMpeNO?Ndh#~-J$h?D;%)0B z7H0f?gz=pPsb@z}S2s^(pMEp`cmz8vZQKb+9L%!-rny1iUpg6xBo+M!vOaSB2)DB; zS15uQY}w%oaDQPm4(8v5P+t14)l%(%HC92)zA%jW!eG$K(9F)F{h1aTT?B+2iHvib zu)qhkIO2{+Dc}n%-T86`en#U)oC|c+27fmv;4mM zxnc2)`~1Z}7CzT{{KkMmeXZ9M>-0Zy{ql zx*vQ=>yQhN9%D@C&;O0fihdSl-G2VUCQX!gUzl-@8Qa3yULu1283k7jE3VHfnR`%k zcF{(TIdA+I*4E2RIl!3Oc*s{NedEFvjLM6( zn8Yt{h-y6jTqdJvcERtuu=58Trup71FnYIGF!cVO#dq5_+m^j~yCqR}sm|%P<6KHt zR-`S;+jQo_wv$}tdwVVzv)(GkLBiJO1M`Q4*Qh;nDwQ^}*Tdz81xc#L~Kco$BRzXB#Fay;J2YbY02P= zuM8L7)O{SG(0bk3l4tMfhXLWdPUl5sUzB((`0V9$x$XbHO^@U19&VW%{Je#K`}&C$ z7FSMu4%GkuYhP=A{_0C#54qh}y?;0H@y3VKT#s#f?7hU?Y@L#S?~3wMA54VjmMDGo z33GmO+Gg2gSBp17f24IbM0nK;$W9Vs{wBqHBY0`W|F>T0d?z{!o`pU?xGU<|j{bse kToX0dd74-6R{vec)Y$#jA@Sf%PEexrboFyt=akR{05OL?D*ylh literal 0 HcmV?d00001 diff --git a/images/kotlin.png b/images/kotlin.png new file mode 100644 index 0000000000000000000000000000000000000000..1dd25d995c0426aba9e8b5813c05782d118eabc2 GIT binary patch literal 1064 zcmV+@1lRkCP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+1l1W5CR5%fhRZVDBM-={M=3al2 zCO%(ce695bOd_#QNkYK3v=pj^(p7O0cq`qAVnl)jMJ0Ow&a=_V=&g+h_gSV?J# z3$?g&(M^3~sUYYk5XJZxllwE{cjiV7@gY6rzL`67<~!f{&Y2rPtW;XU-yj=%Lx9hs zwO$}BmEiqkl=p>ey}jT$K*_#PBJc4WYGzbr#wN z0OznaHkcb4nVlY&Ba)_0HDcv57y%+P57_J;Voy4P5A;id1!O}oOEB&``LVExQb&fP z`)4W@zR}2VnM*VbgTg6^sN@fA@dNChyNCuR<3u{ebso?JvUH$JoQBJeesuWeX)X&J zZ{!UoLw`D^a)O|F`x3imej^x}X=*Le{FX3u(8jsMgeQK#_u>?n-++k^Q=V01m`cW$ zpdE9Q7XDGK6qO1KbI*`q^o`Q+WU(@FjGI{`L7KO$C<>v3DJ0LZ_wjW!IC9oO zmZD>F)J=p_tj3%+rw)$&ca-k$fC*++6ovT1=sAWauc6T;)Q|~(UrCEvTYuoeRRO0-`^)V*wn?KHkuY(G^`j2(P1JvG=uf zmqov!>S(2=j=F@B<}HXFQL_>3-ykf zB8vL^jb9Bge$MYQ=gUp4xX{wcYOAbkMF+8Ll&<`A-8Wx1B>A=*Pj64KQQsQlN=Ibu zgymRM5f@gsiDtqmd+3wMoTFzdEos$2N6&Z17c=!m*|zE1en!n-TD=NqKVIv>B+wgM z$WU%T_Aagd+2TT(DNL!Ir5*b(u35R_T(QOXpa3nzSU8srd1nIDn^T9)^@WXf^-axx zN%aFM%2*+H_iSrUdN|@8l<%t?k_^ky8?9f-}DL-K4f8-h3 iqR)M;e*yn*4R{3u5N}Lc{1nRo0000Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+0(n&-?R5%f(RP9SsVH7{--s`T* z-Uvk*hK7a{$2CLmX17uaj&8Gc0?~ez zTY?4%JO<#(&&*qb4%fI_Lpr2L1R7$oW)=S#si@KCyU3iSV>y__7!xxKjkt;Zl?!n; zkIvS5ceg9n613axlK>P|1fvwo*n$iu!{t|#ShKpMRi!M!Q0UbprQ|z-DMkJT;^G2yjI4*^VS1r0?*x zJw(7(UZ?Y{aEWtsEcBL}YHUVgYhupqC8W`jukSk|k--mAbkT$|F>it~sR7E5geCeI5AZi#^ViI!-hC-1EK4(uL zaP!OTO!RcYs=_WHTo(>M{UnMPv4PD%xj z$5&6F?P1sYPsl3hbb9Lq(qRMjkZjiV*eq(3r>0}W2ggQ(Ju;U9-N6%16&HK0-*dLL yF&dlN?(lalx0~_3e*b;BlmBf7D_BQauG%kLR_c6#!uT}+0000X#WBP} zaP1V|4B-KmE=w!7A$scCquW0&urG7)TS);KH z>-L+hCLP(y2mWXIGI~y1HhCStN?^@ey%XowXWZ8@WsPMH5f$uO=YyW!rCX6j=Vg_cW+F8&uOtFH^DVh*Z9Gm7^!_` z_9cs(-rrAq__1Q5*VzM)-#V;JNwD1R6Y3QZI<-b)hPGp%$fRSztsC>gwM4u;&h9yW z+x&8Yg_|Hp$)g(|?T#b|hWN}hxuRe>_r%j84Y6(s?=O>0gw`E(o2Z}T*t#n9SnR%E zlhQn;iy6!FzCS*8!s65}hI!$ETGJ;+|6<&J-2WgGt8Su}Wt;3=#T;H4CEm(U6B7d5 zO;?9`+`7aP`{J!F_u3@^)j3%@%KS&)y0`u@J*zOk?9Kgh2HAgiBO=z=E*6z&juO2j z)^uR)$zw9FdO6Qu3XKruJ#$Im%YVb3V}7e2-w2L8e|pxZR||UINE+-GbcoHFw*1%p zYq7WNCT)A%^ex>?l0#<6^iG9|BD1&Xq(2HQGOBy2@A&!1w;i2JmV#2Er>mdKI;Vst E0L4p1S^xk5 literal 0 HcmV?d00001 diff --git a/images/python.png b/images/python.png new file mode 100644 index 0000000000000000000000000000000000000000..992962b19dd1540a4efac515c24c6d93b8c93f43 GIT binary patch literal 757 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VV{wqX6T`Z5GB1G~m(&Q)G+$o^ zEg+kNfw4W4fd!-lh^2s-fq{7eBLg##W(0{XV1mnvEMP{kK?*nB{qUE8fhpe8#WBP} z@M^GchOnbZo$=(mOENN}1nO7Gb>$v(KDw>rR#w0TZ&8n=|XiYCaz0&wJnhe)hI{ zGsFL13H9C^wtoM4a@RClTb_-Q2cB}&RQ>bLy0XRiyP6#Tt*Ki=d9B$$iCgr`vG?tl z*ubo~v1HQw_G_|SiAR~&vuO1cFJ7OZU*ph{u5EG1g5yHsngg62AxzT^+v0m8{;<4# z{?d4v;DU+Y7HRF5;E;T`Yl{35YrUWzqvt|`p<;zb!8Ye+gex9gV*R=3@baq7)w7lF zPIUL*Ki8_f`jS$gP*rm9qW>C?FKYL2Pflw&5;*IW%i5-8@%f!fLD^BfP8&SVh#ZfK z&N`PNf4|`KzsAE-F}bD(eoBa5<3H#)c$~1PTfA8LXj`mgjedVThydm4tqJF=*C&bDfgNu^Q<1!|g7&?nw`~5uBY~`6n z>%Y#PR9#!UQ}#v_;hl%VWs6~2;N^+jAelF{r5}E)hPD8x_ literal 0 HcmV?d00001 diff --git a/images/ruby.png b/images/ruby.png new file mode 100644 index 0000000000000000000000000000000000000000..fd0830079efab043bfceec9b8ac93c78f12249ed GIT binary patch literal 1192 zcmV;Z1XufsP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+25=lfsR5%fpR9$FXMHoFZcXsdo z8uBNh!S=xxL@J0W)gY80NI@t_O#&KUWPKDYXi+JIJSY??eTbDJ_}B;OlPD?`eM_D~ zECq?gn3!#|>t>Vg-@SYPXU1=KQ!!K@IxyUsoo~*ZbH49e;1R|QU{N@u$q&9}eP}%N z!=clIP3`L&&j`mW$xiz@_ikAS>%T|dpPQmp-O=qN-e`O3YAM9J3IAWf#l=N??)0g- z%C*bqy_MxNA`Xg~l)y;oT|{F?_3cX+nd3NciL}r8hLcTZ<}2|X@n4Llrl!Qp-NvV@ zZ@uL53u12^QFF-Xo&usHPr5YIit@M@_vblTtjtp3xj z*O^Kf*FcJ*(wrefpo6ELCtw%;eiOBQS8clq_vtN~Tk{R~sY47WCnvKLLG60==UcN} z$(|oX011IYX>e{KVkxxNHpwh{Kxv+*M_QUAR4kw<{SV;6!U8`(XkYvF^873a%pxG8 z5(bRcu>!`Y-$Zk54J|K(q6f@TUTciO(tA==X{&m7Xo2z8{+X482PS!SVO!b-lW)+ObAk0u9Mf)fO6xvw|PrI|NuPZ@%5!yPxq1$*}o1D6$zm{oy>= z?iRBPIcQ>Km>7nd=vz{ONm-+9Uscd(oXgdBrX{n`O@J-|Ml@*&mM`Gs>@?)^x2Syn z3DQvqA^F!~99@d{3BnE)Qh;HIo`=$DzVdi6Z@U8p+-*4sNTX?q!Lc!%c-byeHF0 zjJ4*H*ik{zWU#FSg7XB7Z-e~rG2H$5y(5L05{_N?2%|e?@R1S7ziN8v=1qoJYQc;d z#x3%eP#IMxxyA%1X0*@Qsi0`-I-G+hZ>;?$cYgRD+2JDcrkPfM#O4>*A*nokDOrxnW4mD8r_QHD&caCDx(7 z%xDAy;DN2-PmGSXH#~R6uruR)>>niTa1V=SRY z-N-8DcQmRZ5njb{x&uJC(0Al8U~kudz*uEU&P+q{k;dOTkpf8x{ZL*20000Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+2F-b&0R5%fhR9kG6RS=$Y&VSqO zZo787rBq8V)LuZXAZTbIVvHA(LL_*L#>ChNL{T4nFdCnH(S#U%@P>^KCMGIsNP~tq zsZy|k`ckb3)ItdbdfP3#-T!(n&RIegE#f36|D1DXzJKPMGXwDdgrJ#T*OhA;?b%!# z&$xxyeB9b8sLWA>QdCuygLr?MC%ql}&%2AE8~;4q)C{(1I(Jz#*j`AOjSAE{LdcL( zV1gtac}4HTyYa1UPOs1X!2_cZ{2k+}2oG)qV?0$|PZU3-0G8;WFw;{?sb18R2>dvH zTQmRxHK~ZPp?+>^{GNW``b>+?q$E1BbD2y7D1H=CQWEGZ-;HLgclXV9L~(Mu+@(WW z|NcT)?UvQP<|b}Rg?7c!KhQ_}Ucq5kloe^GtF6*Ffcvyk`C7gcnmJ%KxCiXh_JM zPTMVU=oXCUaMOt)ctNcCw3k@+sqa*&(5?h-rTT|s8+Ij^)V&}KV^A>*BsD|?-cm)4 z4heFaNU_ePbO&OTib4#0XPAAF+liJhj}*FjqGp0y4iN&w zXo+xw7}9^D8Nhz#q2{#d=a*6$p(PUCloLaEX2yuh)O{wrY_7i#+^58GP}}tCzFmhgPh1(je#9>Hs>dNKpHRq0Z%u# zCGPIN{l>kaovy@U{EEx%A0FL4Hb+j4jErFOfaXX(c3Z{jO-;tzSei=QufUbN72#!E1Si9{sbS0*O_^fxnBSP002ovPDHLkV1l4BAHV)zg!d&qPU35_DaVjX&0}Pg)dfWtgLBy!sRhdhBZ*Z)k$p9NAr9$ zLp3&O=c!Y}?%kYO`MJ_s?bmy6rzWrU*Q=+d{xtLrw)B_ybm{Y+n^{|boq0d2M)k6Z z{I0w2CN-Ysi=4Js@xBpD!D}0xSxyLh2t<^}eqVhx%hpiAT`@L&_vUWV)TM#jcn*Ki>r3`#l~`qF zEKy+3dC_Cik&SPHwT;=5PkK)Ju|Y&NdYbFsy7>WqYl~Zh5>9q4x?$jPQ-gy^s@Kg# zuHSW;XkX}c&E%5`Dh;hG1aDqS+PL6gf&xP%+v+3t*}Rk1*l(3=b3FWT!m`VnrBraqeI)HajF8V&czfXMFY1ArY$#fT@*ZH(d}XK^BbT36x&3x$ zt>Mx`52j3UD!=@4%9Pm&Ty`^{ zZ&eZ$!!}-aD^Q%o`&z!)HD>e4x@XUK8qYi-A)I=hx%}Okx!=#-`F*Z7pTV(y|H;*I zKNy)8n2Ius)IWMz?Z0qEtxE0%lUWBAPLvUQn{OyQ&$?fIvU;fqm)@}}GU}ZtlsN1Q$!e}T9spTW-emM+UAwPG5yOu zx4<2%xNIsO&D>uhze?n=#C+TTOKn&T@BLh~Ay?zn4gEkL--CB+_`j7OxiImbj=r=> z5$mii>VE601Z|Dk;dnE;;}GLNg}TV+yVl-{*|PQP?Amxot#uC{R`5-3wiYzL7G1#| z_$Q{R`>c;}OjBx_(h~Eu{f8Fpx4G1MF~+*@>$c=ag`88{e&<`eCT~;n;F!KAe15&- zvtQXUbAEOhvzI@((l}+$y_hKlpWerL?VWtT`{hL*9<7ga4{H&2fifaZwR*8eu6pdgfjb^*+*A7cFSxqy=@#<7uS2l!k_QPqg(49 hCkG$@JHJl!fd8bJM | | Langs | <%= langs.uniq.join ' ' %> | @@ -96,6 +96,7 @@ tool_addons = head + "\n" weapons = [] weapons_obj = { + "army-knife" => [], "recon"=> [], "fuzzer"=> [], "scanner"=> [], @@ -147,7 +148,6 @@ weapons.each do | data | popularity = "![](https://img.shields.io/github/stars/#{split_result[1]}?label=%20)" end badge = generate_badge(data['platform']) - badge = badge + generate_tags(data['tags']) line = "|#{data['type']}|#{name}|#{data['description']}|#{popularity}|#{temp_tags.join ' '}|#{badge}#{lang_badge}|" case data['category'].downcase when 'tool' diff --git a/scripts/for_migration/apply_platform.rb b/scripts/for_migration/apply_platform.rb new file mode 100644 index 0000000..3bb8fe1 --- /dev/null +++ b/scripts/for_migration/apply_platform.rb @@ -0,0 +1,14 @@ +require 'yaml' + +Dir.entries("./weapons").each do | name | + if name.strip != "." || name != ".." + begin + data = YAML.load(File.open("./weapons/#{name}")) + data['platform'] = ['linux','macos','windows'] + yaml_data = YAML.dump(data) + File.write("./weapons/#{name}", yaml_data) + rescue => e + puts e + end + end +end \ No newline at end of file diff --git a/scripts/fetch_lang.rb b/scripts/for_migration/fetch_lang.rb similarity index 100% rename from scripts/fetch_lang.rb rename to scripts/for_migration/fetch_lang.rb diff --git a/scripts/migration.rb b/scripts/for_migration/migration.rb similarity index 100% rename from scripts/migration.rb rename to scripts/for_migration/migration.rb diff --git a/scripts/validate_weapons.rb b/scripts/validate_weapons.rb new file mode 100644 index 0000000..27e9aed --- /dev/null +++ b/scripts/validate_weapons.rb @@ -0,0 +1,22 @@ +require 'yaml' + +Dir.entries("./weapons").each do | name | + if name.strip != "." || name != ".." + begin + data = YAML.load(File.open("./weapons/#{name}")) + if data['type'] == "" || data['type'] == nil + puts "./weapons/#{name} :: none-type" + end + if data['lang'] == "" || data['lang'] == nil || data['lang'].length == 0 + if data['url'].include? "github.com" + puts "./weapons/#{name} :: none-lang" + end + end + if data['tags'].length == 0 || data['tags'] == nil + #puts "#{name} :: none-tags" + end + rescue => e + puts e + end + end +end \ No newline at end of file diff --git a/weapons/230-OOB.yaml b/weapons/230-OOB.yaml index 3ed2664..9555b1d 100644 --- a/weapons/230-OOB.yaml +++ b/weapons/230-OOB.yaml @@ -3,10 +3,11 @@ name: 230-OOB description: An Out-of-Band XXE server for retrieving file contents over FTP. url: https://github.com/lc/230-OOB category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xxe diff --git a/weapons/3klCon.yaml b/weapons/3klCon.yaml index 0e0409a..bdd1647 100644 --- a/weapons/3klCon.yaml +++ b/weapons/3klCon.yaml @@ -4,10 +4,10 @@ description: Automation Recon tool which works with Large & Medium scopes. It pe more than 20 tasks and gets back all the results in separated files. url: https://github.com/eslam3kl/3klCon category: tool -type: -platform: +type: Recon +platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/AWSBucketDump.yaml b/weapons/AWSBucketDump.yaml index fc276a4..e0c7269 100644 --- a/weapons/AWSBucketDump.yaml +++ b/weapons/AWSBucketDump.yaml @@ -3,10 +3,11 @@ name: AWSBucketDump description: Security Tool to Look For Interesting Files in S3 Buckets url: https://github.com/jordanpotti/AWSBucketDump category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- s3 diff --git a/weapons/Amass.yaml b/weapons/Amass.yaml index 275fcc5..23faaf2 100644 --- a/weapons/Amass.yaml +++ b/weapons/Amass.yaml @@ -3,10 +3,11 @@ name: Amass description: 'In-depth Attack Surface Mapping and Asset Discovery ' url: https://github.com/OWASP/Amass category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/Arjun.yaml b/weapons/Arjun.yaml index 51e68e4..ae193f4 100644 --- a/weapons/Arjun.yaml +++ b/weapons/Arjun.yaml @@ -3,10 +3,11 @@ name: Arjun description: 'HTTP parameter discovery suite. ' url: https://github.com/s0md3v/Arjun category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- param diff --git a/weapons/Assetnote_Wordlists.yaml b/weapons/Assetnote_Wordlists.yaml index 7ea78a2..cc92dca 100644 --- a/weapons/Assetnote_Wordlists.yaml +++ b/weapons/Assetnote_Wordlists.yaml @@ -3,10 +3,11 @@ name: Assetnote Wordlists description: Automated & Manual Wordlists provided by Assetnote url: https://github.com/assetnote/wordlists category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: CSS +tags: +- wordlist diff --git a/weapons/Atlas.yaml b/weapons/Atlas.yaml index 9b0ee6d..b7a216f 100644 --- a/weapons/Atlas.yaml +++ b/weapons/Atlas.yaml @@ -3,10 +3,10 @@ name: Atlas description: 'Quick SQLMap Tamper Suggester ' url: https://github.com/m4ll0k/Atlas category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/AuthMatrix.yaml b/weapons/AuthMatrix.yaml index 86fda63..3196ec1 100644 --- a/weapons/AuthMatrix.yaml +++ b/weapons/AuthMatrix.yaml @@ -3,8 +3,11 @@ name: AuthMatrix description: url: https://github.com/SecurityInnovation/AuthMatrix category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Python +tags: +- aaa diff --git a/weapons/Autorize.yaml b/weapons/Autorize.yaml index e73e1a5..708b528 100644 --- a/weapons/Autorize.yaml +++ b/weapons/Autorize.yaml @@ -3,8 +3,11 @@ name: Autorize description: url: https://github.com/Quitten/Autorize category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Python +tags: +- aaa diff --git a/weapons/Blacklist3r.yaml b/weapons/Blacklist3r.yaml index 317493c..7d980e0 100644 --- a/weapons/Blacklist3r.yaml +++ b/weapons/Blacklist3r.yaml @@ -3,10 +3,10 @@ name: Blacklist3r description: 'project-blacklist3r ' url: https://github.com/NotSoSecure/Blacklist3r category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: C# tags: [] diff --git a/weapons/BruteX.yaml b/weapons/BruteX.yaml index 1fde598..bae8821 100644 --- a/weapons/BruteX.yaml +++ b/weapons/BruteX.yaml @@ -3,10 +3,10 @@ name: BruteX description: Automatically brute force all services running on a target. url: https://github.com/1N3/BruteX category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/Bug-Bounty-Toolz.yaml b/weapons/Bug-Bounty-Toolz.yaml index 28c4e0f..028db79 100644 --- a/weapons/Bug-Bounty-Toolz.yaml +++ b/weapons/Bug-Bounty-Toolz.yaml @@ -3,10 +3,10 @@ name: Bug-Bounty-Toolz description: 'BBT - Bug Bounty Tools ' url: https://github.com/m4ll0k/Bug-Bounty-Toolz category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/BurpBounty.yaml b/weapons/BurpBounty.yaml index 7e07818..e7956ec 100644 --- a/weapons/BurpBounty.yaml +++ b/weapons/BurpBounty.yaml @@ -3,8 +3,10 @@ name: BurpBounty description: url: https://github.com/wagiro/BurpBounty category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: BlitzBasic tags: [] diff --git a/weapons/BurpCustomizer.yaml b/weapons/BurpCustomizer.yaml index cd2d029..70d5876 100644 --- a/weapons/BurpCustomizer.yaml +++ b/weapons/BurpCustomizer.yaml @@ -3,8 +3,10 @@ name: BurpCustomizer description: Because just a dark theme wasn't enough! url: https://github.com/CoreyD97/BurpCustomizer category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/BurpJSLinkFinder.yaml b/weapons/BurpJSLinkFinder.yaml index 556ac96..e6573f0 100644 --- a/weapons/BurpJSLinkFinder.yaml +++ b/weapons/BurpJSLinkFinder.yaml @@ -3,8 +3,10 @@ name: BurpJSLinkFinder description: url: https://github.com/InitRoot/BurpJSLinkFinder category: tool-addon -type: +type: Recon platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/BurpSuite-Secret_Finder.yaml b/weapons/BurpSuite-Secret_Finder.yaml index ac9a4af..336cca8 100644 --- a/weapons/BurpSuite-Secret_Finder.yaml +++ b/weapons/BurpSuite-Secret_Finder.yaml @@ -3,8 +3,10 @@ name: BurpSuite-Secret_Finder description: url: https://github.com/m4ll0k/BurpSuite-Secret_Finder category: tool-addon -type: +type: Recon platform: -- burpsuite +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BurpSuite.yaml b/weapons/BurpSuite.yaml index 1caab35..85fa8b9 100644 --- a/weapons/BurpSuite.yaml +++ b/weapons/BurpSuite.yaml @@ -3,10 +3,10 @@ name: BurpSuite description: the BurpSuite Project url: https://portswigger.net/burp category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Java tags: [] diff --git a/weapons/BurpSuiteHTTPSmuggler.yaml b/weapons/BurpSuiteHTTPSmuggler.yaml index 7952c28..f1312ed 100644 --- a/weapons/BurpSuiteHTTPSmuggler.yaml +++ b/weapons/BurpSuiteHTTPSmuggler.yaml @@ -3,8 +3,10 @@ name: BurpSuiteHTTPSmuggler description: url: https://github.com/nccgroup/BurpSuiteHTTPSmuggler category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/BurpSuiteLoggerPlusPlus.yaml b/weapons/BurpSuiteLoggerPlusPlus.yaml index 1a496a0..b763350 100644 --- a/weapons/BurpSuiteLoggerPlusPlus.yaml +++ b/weapons/BurpSuiteLoggerPlusPlus.yaml @@ -3,8 +3,10 @@ name: BurpSuiteLoggerPlusPlus description: url: https://github.com/nccgroup/BurpSuiteLoggerPlusPlus category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml index 90a42f5..4dc9aa4 100644 --- a/weapons/CSP_Evaluator.yaml +++ b/weapons/CSP_Evaluator.yaml @@ -1,9 +1,12 @@ --- name: CSP Evaluator -description: "Online CSP Evaluator from google" +description: Online CSP Evaluator from google url: https://csp-evaluator.withgoogle.com category: tool -type: -platform: [] +type: Utils +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/CT_subdomains.yaml b/weapons/CT_subdomains.yaml index 22782a4..f64212d 100644 --- a/weapons/CT_subdomains.yaml +++ b/weapons/CT_subdomains.yaml @@ -4,7 +4,10 @@ description: 'An hourly updated list of subdomains gathered from certificate tra logs ' url: https://github.com/internetwache/CT_subdomains category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml index 7120bad..cf49ebb 100644 --- a/weapons/Chaos_Web.yaml +++ b/weapons/Chaos_Web.yaml @@ -4,7 +4,7 @@ description: " actively scan and maintain internet-wide assets' data. enhance re and analyse changes around DNS for better insights." url: https://chaos.projectdiscovery.io category: tool -type: +type: Recon platform: - linux - macos diff --git a/weapons/Chromium-based-XSS-Taint-Tracking.yaml b/weapons/Chromium-based-XSS-Taint-Tracking.yaml index faf61f0..e5f8f10 100644 --- a/weapons/Chromium-based-XSS-Taint-Tracking.yaml +++ b/weapons/Chromium-based-XSS-Taint-Tracking.yaml @@ -4,7 +4,10 @@ description: Cyclops is a web browser with XSS detection feature, it is chromium xss detection that used to find the flows from a source to a sink. url: https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/CorsMe.yaml b/weapons/CorsMe.yaml index df42b31..c0581f7 100644 --- a/weapons/CorsMe.yaml +++ b/weapons/CorsMe.yaml @@ -3,10 +3,10 @@ name: CorsMe description: 'Cross Origin Resource Sharing MisConfiguration Scanner ' url: https://github.com/Shivangx01b/CorsMe category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/Corsy.yaml b/weapons/Corsy.yaml index 0ba303b..747f22b 100644 --- a/weapons/Corsy.yaml +++ b/weapons/Corsy.yaml @@ -3,10 +3,10 @@ name: Corsy description: 'CORS Misconfiguration Scanner ' url: https://github.com/s0md3v/Corsy category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/CyberChef.yaml b/weapons/CyberChef.yaml index b98c5b0..6782c1a 100644 --- a/weapons/CyberChef.yaml +++ b/weapons/CyberChef.yaml @@ -4,7 +4,10 @@ description: 'The Cyber Swiss Army Knife - a web app for encryption, encoding, c and data analysis ' url: https://github.com/gchq/CyberChef category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml index 3d0ccc7..c91f9e8 100644 --- a/weapons/DNSDumpster.yaml +++ b/weapons/DNSDumpster.yaml @@ -3,7 +3,10 @@ name: DNSDumpster description: " Online dns recon & research, find & lookup dns records" url: https://dnsdumpster.com category: tool -type: -platform: [] +type: Recon +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/DOMPurify.yaml b/weapons/DOMPurify.yaml index dec97ff..15ca57b 100644 --- a/weapons/DOMPurify.yaml +++ b/weapons/DOMPurify.yaml @@ -5,7 +5,11 @@ description: 'DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer fo configurability and hooks. Demo:' url: https://github.com/cure53/DOMPurify category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/DSSS.yaml b/weapons/DSSS.yaml index 4508b8c..a4e5903 100644 --- a/weapons/DSSS.yaml +++ b/weapons/DSSS.yaml @@ -3,7 +3,10 @@ name: DSSS description: Damn Small SQLi Scanner url: https://github.com/stamparm/DSSS category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Dark_Reader.yaml b/weapons/Dark_Reader.yaml index 7c2d0a6..0994c3d 100644 --- a/weapons/Dark_Reader.yaml +++ b/weapons/Dark_Reader.yaml @@ -3,9 +3,10 @@ name: Dark Reader description: Dark mode to any site url: https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh category: browser-addon -type: +type: Utils platform: -- chrome -- firefox +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Dark_Reader_for_Safari.yaml b/weapons/Dark_Reader_for_Safari.yaml index 26fb6d2..342be92 100644 --- a/weapons/Dark_Reader_for_Safari.yaml +++ b/weapons/Dark_Reader_for_Safari.yaml @@ -3,8 +3,10 @@ name: Dark Reader for Safari description: Dark mode to any site url: https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180 category: browser-addon -type: +type: Utils platform: -- safari +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/DeepViolet.yaml b/weapons/DeepViolet.yaml index 6ab741a..059a4e0 100644 --- a/weapons/DeepViolet.yaml +++ b/weapons/DeepViolet.yaml @@ -3,7 +3,11 @@ name: DeepViolet description: Tool for introspection of SSL\TLS sessions url: https://github.com/spoofzu/DeepViolet category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Java +tags: +- ssl diff --git a/weapons/DirDar.yaml b/weapons/DirDar.yaml index b378091..4a73582 100644 --- a/weapons/DirDar.yaml +++ b/weapons/DirDar.yaml @@ -4,7 +4,11 @@ description: DirDar is a tool that searches for (403-Forbidden) directories to b it and get dir listing on it url: https://github.com/M4DM0e/DirDar category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go +tags: +- 403 diff --git a/weapons/DotGit.yaml b/weapons/DotGit.yaml index b5df387..6dcb1f4 100644 --- a/weapons/DotGit.yaml +++ b/weapons/DotGit.yaml @@ -3,9 +3,10 @@ name: DotGit description: An extension for checking if .git is exposed in visited websites url: https://github.com/davtur19/DotGit category: browser-addon -type: +type: Recon platform: -- chrome -- firefox -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/Edit-This-Cookie.yaml b/weapons/Edit-This-Cookie.yaml index a3b6110..66f54b7 100644 --- a/weapons/Edit-This-Cookie.yaml +++ b/weapons/Edit-This-Cookie.yaml @@ -4,8 +4,10 @@ description: EditThisCookie is the famous Google Chrome/Chromium extension for e cookies url: https://github.com/ETCExtensions/Edit-This-Cookie category: browser-addon -type: +type: Utils platform: -- chrome -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/Emissary.yaml b/weapons/Emissary.yaml index 9bf0bfd..3e6b0f7 100644 --- a/weapons/Emissary.yaml +++ b/weapons/Emissary.yaml @@ -4,7 +4,10 @@ description: Send notifications on different channels such as Slack, Telegram, D etc. url: https://github.com/BountyStrike/Emissary category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/FavFreak.yaml b/weapons/FavFreak.yaml index 2e1fcba..32346a8 100644 --- a/weapons/FavFreak.yaml +++ b/weapons/FavFreak.yaml @@ -3,10 +3,10 @@ name: FavFreak description: 'Making Favicon.ico based Recon Great again ! ' url: https://github.com/devanshbatham/FavFreak category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Findsploit.yaml b/weapons/Findsploit.yaml index db5e3b3..99d8b03 100644 --- a/weapons/Findsploit.yaml +++ b/weapons/Findsploit.yaml @@ -3,7 +3,10 @@ name: Findsploit description: Find exploits in local and online databases instantly url: https://github.com/1N3/Findsploit category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/Gf-Patterns.yaml b/weapons/Gf-Patterns.yaml index 2ae6822..170319e 100644 --- a/weapons/Gf-Patterns.yaml +++ b/weapons/Gf-Patterns.yaml @@ -4,10 +4,10 @@ description: 'GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_ parameters grep ' url: https://github.com/1ndianl33t/Gf-Patterns category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: 'null' tags: [] diff --git a/weapons/GitMiner.yaml b/weapons/GitMiner.yaml index 3d7fd64..082af2a 100644 --- a/weapons/GitMiner.yaml +++ b/weapons/GitMiner.yaml @@ -3,10 +3,10 @@ name: GitMiner description: 'Tool for advanced mining for content on Github ' url: https://github.com/UnkL4b/GitMiner category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Gopherus.yaml b/weapons/Gopherus.yaml index 80e5192..8cf9e61 100644 --- a/weapons/Gopherus.yaml +++ b/weapons/Gopherus.yaml @@ -4,10 +4,10 @@ description: 'This tool generates gopher link for exploiting SSRF and gaining RC in various servers ' url: https://github.com/tarunkant/Gopherus category: tool -type: +type: Exploit platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/GraphQLmap.yaml b/weapons/GraphQLmap.yaml index 67a1426..f5e3fd8 100644 --- a/weapons/GraphQLmap.yaml +++ b/weapons/GraphQLmap.yaml @@ -4,10 +4,10 @@ description: 'GraphQLmap is a scripting engine to interact with a graphql endpoi for pentesting purposes. ' url: https://github.com/swisskyrepo/GraphQLmap category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/HRS.yaml b/weapons/HRS.yaml index e136421..9de40f2 100644 --- a/weapons/HRS.yaml +++ b/weapons/HRS.yaml @@ -4,7 +4,10 @@ description: HTTP Request Smuggling demonstration Perl script, for variants 1, 2 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. url: https://github.com/SafeBreach-Labs/HRS category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Perl tags: [] diff --git a/weapons/HUNT.yaml b/weapons/HUNT.yaml index e51c48c..0939c8e 100644 --- a/weapons/HUNT.yaml +++ b/weapons/HUNT.yaml @@ -3,9 +3,10 @@ name: HUNT description: url: https://github.com/bugcrowd/HUNT category: tool-addon -type: +type: Recon platform: -- burpsuite -- zap -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Hack-Tools.yaml b/weapons/Hack-Tools.yaml index 8a81641..73f9947 100644 --- a/weapons/Hack-Tools.yaml +++ b/weapons/Hack-Tools.yaml @@ -3,9 +3,10 @@ name: Hack-Tools description: "The all-in-one Red Team extension for Web Pentester \U0001F6E0" url: https://github.com/LasCC/Hack-Tools category: browser-addon -type: +type: Utils platform: -- chrome -- firefox -lang: [] +- linux +- macos +- windows +lang: TypeScript tags: [] diff --git a/weapons/HydraRecon.yaml b/weapons/HydraRecon.yaml index 7642aac..d001c43 100644 --- a/weapons/HydraRecon.yaml +++ b/weapons/HydraRecon.yaml @@ -3,7 +3,10 @@ name: HydraRecon description: All In One, Fast, Easy Recon Tool url: https://github.com/aufzayed/HydraRecon category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/IntruderPayloads.yaml b/weapons/IntruderPayloads.yaml index 02df0f1..b12cb54 100644 --- a/weapons/IntruderPayloads.yaml +++ b/weapons/IntruderPayloads.yaml @@ -3,8 +3,10 @@ name: IntruderPayloads description: url: https://github.com/1N3/IntruderPayloads category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: BlitzBasic tags: [] diff --git a/weapons/JSFScan.sh.yaml b/weapons/JSFScan.sh.yaml index aab7b35..c2da753 100644 --- a/weapons/JSFScan.sh.yaml +++ b/weapons/JSFScan.sh.yaml @@ -3,9 +3,10 @@ name: JSFScan.sh description: 'Automation for javascript recon in bug bounty. ' url: https://github.com/KathanP19/JSFScan.sh category: tool -type: +type: Recon platform: - linux - macos -lang: [] +- windows +lang: Shell tags: [] diff --git a/weapons/LFISuite.yaml b/weapons/LFISuite.yaml index 3fa0c08..135fb90 100644 --- a/weapons/LFISuite.yaml +++ b/weapons/LFISuite.yaml @@ -3,10 +3,10 @@ name: LFISuite description: 'Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ' url: https://github.com/D35m0nd142/LFISuite category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/LinkFinder.yaml b/weapons/LinkFinder.yaml index 0565ab1..798073b 100644 --- a/weapons/LinkFinder.yaml +++ b/weapons/LinkFinder.yaml @@ -3,10 +3,10 @@ name: LinkFinder description: 'A python script that finds endpoints in JavaScript files ' url: https://github.com/GerbenJavado/LinkFinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/MM3_ProxySwitch.yaml b/weapons/MM3_ProxySwitch.yaml index d9d195b..ab4994a 100644 --- a/weapons/MM3_ProxySwitch.yaml +++ b/weapons/MM3_ProxySwitch.yaml @@ -3,9 +3,10 @@ name: MM3 ProxySwitch description: Proxy Switch in Firefox and Chrome url: https://proxy-offline-browser.com/ProxySwitch/ category: browser-addon -type: +type: Utils platform: -- chrome -- firefox +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/NoSQLMap.yaml b/weapons/NoSQLMap.yaml index b571303..16cfa5a 100644 --- a/weapons/NoSQLMap.yaml +++ b/weapons/NoSQLMap.yaml @@ -4,10 +4,10 @@ description: 'Automated NoSQL database enumeration and web application exploitat tool. ' url: https://github.com/codingo/NoSQLMap category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/OneForAll.yaml b/weapons/OneForAll.yaml index 38937ea..0055c40 100644 --- a/weapons/OneForAll.yaml +++ b/weapons/OneForAll.yaml @@ -3,10 +3,10 @@ name: OneForAll description: 'OneForAll是一款功能强大的子域收集工具 ' url: https://github.com/shmilylty/OneForAll category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/OpenRedireX.yaml b/weapons/OpenRedireX.yaml index 2634a9a..c30d23a 100644 --- a/weapons/OpenRedireX.yaml +++ b/weapons/OpenRedireX.yaml @@ -3,7 +3,10 @@ name: OpenRedireX description: A Fuzzer for OpenRedirect issues url: https://github.com/devanshbatham/OpenRedireX category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Osmedeus.yaml b/weapons/Osmedeus.yaml index 3836ad4..952f579 100644 --- a/weapons/Osmedeus.yaml +++ b/weapons/Osmedeus.yaml @@ -4,10 +4,10 @@ description: 'Fully automated offensive security framework for reconnaissance an vulnerability scanning ' url: https://github.com/j3ssie/Osmedeus category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/PPScan.yaml b/weapons/PPScan.yaml index f84cda2..9c4239b 100644 --- a/weapons/PPScan.yaml +++ b/weapons/PPScan.yaml @@ -3,7 +3,10 @@ name: PPScan description: Client Side Prototype Pollution Scanner url: https://github.com/msrkp/PPScan category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/ParamSpider.yaml b/weapons/ParamSpider.yaml index 7ee674f..746a4d7 100644 --- a/weapons/ParamSpider.yaml +++ b/weapons/ParamSpider.yaml @@ -3,10 +3,11 @@ name: ParamSpider description: 'Mining parameters from dark corners of Web Archives ' url: https://github.com/devanshbatham/ParamSpider category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- param diff --git a/weapons/Parth.yaml b/weapons/Parth.yaml index 2a3efc1..02a4178 100644 --- a/weapons/Parth.yaml +++ b/weapons/Parth.yaml @@ -3,10 +3,11 @@ name: Parth description: 'Heuristic Vulnerable Parameter Scanner ' url: https://github.com/s0md3v/Parth category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- param diff --git a/weapons/PayloadsAllTheThings.yaml b/weapons/PayloadsAllTheThings.yaml index 1f8299f..b14d3a6 100644 --- a/weapons/PayloadsAllTheThings.yaml +++ b/weapons/PayloadsAllTheThings.yaml @@ -4,7 +4,10 @@ description: 'A list of useful payloads and bypass for Web Application Security Pentest/CTF ' url: https://github.com/swisskyrepo/PayloadsAllTheThings category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml index 66fbffd..f029e8b 100644 --- a/weapons/Phoenix.yaml +++ b/weapons/Phoenix.yaml @@ -3,7 +3,10 @@ name: Phoenix description: " hahwul's online tools" url: https://www.hahwul.com/p/phoenix.html category: tool -type: -platform: [] +type: Utils +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Photon.yaml b/weapons/Photon.yaml index b3fddb6..2d8c188 100644 --- a/weapons/Photon.yaml +++ b/weapons/Photon.yaml @@ -3,10 +3,10 @@ name: Photon description: 'Incredibly fast crawler designed for OSINT. ' url: https://github.com/s0md3v/Photon category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/PoC-in-GitHub.yaml b/weapons/PoC-in-GitHub.yaml index ede7bf5..fd0aca2 100644 --- a/weapons/PoC-in-GitHub.yaml +++ b/weapons/PoC-in-GitHub.yaml @@ -3,7 +3,10 @@ name: PoC-in-GitHub description: "\U0001F4E1 PoC auto collect from GitHub. Be careful malware." url: https://github.com/nomi-sec/PoC-in-GitHub category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/RustScan.yaml b/weapons/RustScan.yaml index b5b5383..d37116c 100644 --- a/weapons/RustScan.yaml +++ b/weapons/RustScan.yaml @@ -3,10 +3,10 @@ name: RustScan description: 'Faster Nmap Scanning with Rust ' url: https://github.com/brandonskerritt/RustScan category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Rust tags: [] diff --git a/weapons/S3Scanner.yaml b/weapons/S3Scanner.yaml index 635cf53..4a66cc6 100644 --- a/weapons/S3Scanner.yaml +++ b/weapons/S3Scanner.yaml @@ -3,10 +3,11 @@ name: S3Scanner description: 'Scan for open AWS S3 buckets and dump the contents ' url: https://github.com/sa7mon/S3Scanner category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- s3 diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml index 52bf1bb..ce1365e 100644 --- a/weapons/SQLNinja.yaml +++ b/weapons/SQLNinja.yaml @@ -3,7 +3,10 @@ name: SQLNinja description: " SQL Injection scanner" url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -type: -platform: [] +type: Exploit +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/SQL_Ninja.yaml b/weapons/SQL_Ninja.yaml index 30f3f09..7fd2ec1 100644 --- a/weapons/SQL_Ninja.yaml +++ b/weapons/SQL_Ninja.yaml @@ -3,7 +3,10 @@ name: SQL Ninja description: SQL Injection scanner url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -type: -platform: [] +type: Exploit +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/SSRFmap.yaml b/weapons/SSRFmap.yaml index 77dc7b6..27a8f62 100644 --- a/weapons/SSRFmap.yaml +++ b/weapons/SSRFmap.yaml @@ -3,10 +3,11 @@ name: SSRFmap description: 'Automatic SSRF fuzzer and exploitation tool ' url: https://github.com/swisskyrepo/SSRFmap category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- ssrf diff --git a/weapons/STEWS.yaml b/weapons/STEWS.yaml index 102c178..9d1c11c 100644 --- a/weapons/STEWS.yaml +++ b/weapons/STEWS.yaml @@ -3,7 +3,10 @@ name: STEWS description: A Security Tool for Enumerating WebSockets url: https://github.com/PalindromeLabs/STEWS category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/SecLists.yaml b/weapons/SecLists.yaml index d9e63fa..7e0fab9 100644 --- a/weapons/SecLists.yaml +++ b/weapons/SecLists.yaml @@ -6,10 +6,10 @@ description: 'SecLists is the security tester''s companion. It''s a collection o payloads, web shells, and many more. ' url: https://github.com/danielmiessler/SecLists category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: PHP tags: [] diff --git a/weapons/SecretFinder.yaml b/weapons/SecretFinder.yaml index b86c7a4..dcfcb5b 100644 --- a/weapons/SecretFinder.yaml +++ b/weapons/SecretFinder.yaml @@ -4,10 +4,10 @@ description: 'SecretFinder - A python script for find sensitive data (apikeys, a and search anything on javascript files ' url: https://github.com/m4ll0k/SecretFinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml index 0c2b8b6..14e7382 100644 --- a/weapons/SecurityTrails.yaml +++ b/weapons/SecurityTrails.yaml @@ -3,7 +3,10 @@ name: SecurityTrails description: " Online dns / subdomain / recon tool" url: https://securitytrails.com category: tool -type: -platform: [] +type: Recon +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml index 20f0235..ad52886 100644 --- a/weapons/SequenceDiagram.yaml +++ b/weapons/SequenceDiagram.yaml @@ -3,7 +3,10 @@ name: SequenceDiagram description: " Online tool for creating UML sequence diagrams" url: https://sequencediagram.org category: tool -type: -platform: [] +type: Utils +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml index 7c3dbc0..7e8b11d 100644 --- a/weapons/Shodan.yaml +++ b/weapons/Shodan.yaml @@ -3,7 +3,10 @@ name: Shodan description: " World's first search engine for Internet-connected devices" url: https://www.shodan.io/ category: tool -type: -platform: [] +type: Recon +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Silver.yaml b/weapons/Silver.yaml index 1a17081..852e2f8 100644 --- a/weapons/Silver.yaml +++ b/weapons/Silver.yaml @@ -3,10 +3,10 @@ name: Silver description: 'Mass scan IPs for vulnerable services ' url: https://github.com/s0md3v/Silver category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Sn1per.yaml b/weapons/Sn1per.yaml index e8de3b0..dc4695e 100644 --- a/weapons/Sn1per.yaml +++ b/weapons/Sn1per.yaml @@ -3,10 +3,10 @@ name: Sn1per description: 'Automated pentest framework for offensive security experts ' url: https://github.com/1N3/Sn1per category: tool -type: +type: Exploit platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/Stepper.yaml b/weapons/Stepper.yaml index 144b40e..db3759b 100644 --- a/weapons/Stepper.yaml +++ b/weapons/Stepper.yaml @@ -3,8 +3,10 @@ name: Stepper description: url: https://github.com/CoreyD97/Stepper category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/Striker.yaml b/weapons/Striker.yaml index ceb24d4..e3c4574 100644 --- a/weapons/Striker.yaml +++ b/weapons/Striker.yaml @@ -3,10 +3,10 @@ name: Striker description: 'Striker is an offensive information and vulnerability scanner. ' url: https://github.com/s0md3v/Striker category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/SubOver.yaml b/weapons/SubOver.yaml index 3002d26..ff6eb05 100644 --- a/weapons/SubOver.yaml +++ b/weapons/SubOver.yaml @@ -3,7 +3,11 @@ name: SubOver description: A Powerful Subdomain Takeover Tool url: https://github.com/Ice3man543/SubOver category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/Sublist3r.yaml b/weapons/Sublist3r.yaml index b7d24dd..4ccc96a 100644 --- a/weapons/Sublist3r.yaml +++ b/weapons/Sublist3r.yaml @@ -3,10 +3,11 @@ name: Sublist3r description: 'Fast subdomains enumeration tool for penetration testers ' url: https://github.com/aboul3la/Sublist3r category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- subdomains diff --git a/weapons/Taipan.yaml b/weapons/Taipan.yaml index 077c48f..d33e51f 100644 --- a/weapons/Taipan.yaml +++ b/weapons/Taipan.yaml @@ -3,7 +3,10 @@ name: Taipan description: Web application vulnerability scanner url: https://github.com/enkomio/Taipan category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/TukTuk.yaml b/weapons/TukTuk.yaml index 70b89ee..7ae4ddf 100644 --- a/weapons/TukTuk.yaml +++ b/weapons/TukTuk.yaml @@ -3,10 +3,11 @@ name: TukTuk description: 'Tool for catching and logging different types of requests. ' url: https://github.com/ArturSS7/TukTuk category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- oast diff --git a/weapons/User-Agent_Switcher.yaml b/weapons/User-Agent_Switcher.yaml index a8ee6f9..1232f2f 100644 --- a/weapons/User-Agent_Switcher.yaml +++ b/weapons/User-Agent_Switcher.yaml @@ -3,8 +3,10 @@ name: User-Agent Switcher description: quick and easy way to switch between user-agents. url: https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae category: browser-addon -type: +type: Utils platform: -- chrome +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/VHostScan.yaml b/weapons/VHostScan.yaml index 84aae21..8a43587 100644 --- a/weapons/VHostScan.yaml +++ b/weapons/VHostScan.yaml @@ -5,10 +5,10 @@ description: 'A virtual host scanner that performs reverse lookups, can be used default pages. ' url: https://github.com/codingo/VHostScan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Wayback_Machine.yaml b/weapons/Wayback_Machine.yaml index 41ee9af..d15c821 100644 --- a/weapons/Wayback_Machine.yaml +++ b/weapons/Wayback_Machine.yaml @@ -3,8 +3,10 @@ name: Wayback Machine description: History of website url: https://apps.apple.com/us/app/wayback-machine/id1472432422 category: browser-addon -type: +type: Recon platform: -- safari +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Web-Cache-Vulnerability-Scanner.yaml b/weapons/Web-Cache-Vulnerability-Scanner.yaml index efe619c..d5d3b43 100644 --- a/weapons/Web-Cache-Vulnerability-Scanner.yaml +++ b/weapons/Web-Cache-Vulnerability-Scanner.yaml @@ -4,7 +4,10 @@ description: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). url: https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/XSRFProbe.yaml b/weapons/XSRFProbe.yaml index a41f391..d8a675a 100644 --- a/weapons/XSRFProbe.yaml +++ b/weapons/XSRFProbe.yaml @@ -3,7 +3,10 @@ name: XSRFProbe description: The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. url: https://github.com/0xInfection/XSRFProbe category: tool -type: -platform: [] -lang: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/XSStrike.yaml b/weapons/XSStrike.yaml index 49a3800..f0afba7 100644 --- a/weapons/XSStrike.yaml +++ b/weapons/XSStrike.yaml @@ -3,10 +3,11 @@ name: XSStrike description: 'Most advanced XSS scanner. ' url: https://github.com/s0md3v/XSStrike category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xss diff --git a/weapons/XSpear.yaml b/weapons/XSpear.yaml index bde6169..b2ccfbd 100644 --- a/weapons/XSpear.yaml +++ b/weapons/XSpear.yaml @@ -3,10 +3,11 @@ name: XSpear description: 'Powerfull XSS Scanning and Parameter analysis tool&gem ' url: https://github.com/hahwul/XSpear category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Ruby +tags: +- xss diff --git a/weapons/XXEinjector.yaml b/weapons/XXEinjector.yaml index 9b8b34e..8b95d04 100644 --- a/weapons/XXEinjector.yaml +++ b/weapons/XXEinjector.yaml @@ -4,7 +4,11 @@ description: Tool for automatic exploitation of XXE vulnerability using direct a different out of band methods. url: https://github.com/enjoiz/XXEinjector category: tool -type: -platform: [] -lang: [] -tags: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: Ruby +tags: +- xxe diff --git a/weapons/a2sv.yaml b/weapons/a2sv.yaml index 8a7ef78..9e6f284 100644 --- a/weapons/a2sv.yaml +++ b/weapons/a2sv.yaml @@ -3,10 +3,11 @@ name: a2sv description: 'Auto Scanning to SSL Vulnerability ' url: https://github.com/hahwul/a2sv category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- ssl diff --git a/weapons/altdns.yaml b/weapons/altdns.yaml index 9afb35b..1c66994 100644 --- a/weapons/altdns.yaml +++ b/weapons/altdns.yaml @@ -4,10 +4,11 @@ description: 'Generates permutations, alterations and mutations of subdomains an then resolves them ' url: https://github.com/infosec-au/altdns category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- dns diff --git a/weapons/anew.yaml b/weapons/anew.yaml index d562597..7a325e8 100644 --- a/weapons/anew.yaml +++ b/weapons/anew.yaml @@ -3,10 +3,10 @@ name: anew description: A tool for adding new lines to files, skipping duplicates url: https://github.com/tomnomnom/anew category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/apkleaks.yaml b/weapons/apkleaks.yaml index a9f137f..ae3e605 100644 --- a/weapons/apkleaks.yaml +++ b/weapons/apkleaks.yaml @@ -3,10 +3,11 @@ name: apkleaks description: 'Scanning APK file for URIs, endpoints & secrets. ' url: https://github.com/dwisiswant0/apkleaks category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- apk diff --git a/weapons/aquatone.yaml b/weapons/aquatone.yaml index 4eeac56..710bb3d 100644 --- a/weapons/aquatone.yaml +++ b/weapons/aquatone.yaml @@ -3,10 +3,11 @@ name: aquatone description: 'A Tool for Domain Flyovers ' url: https://github.com/michenriksen/aquatone category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- domain diff --git a/weapons/arachni.yaml b/weapons/arachni.yaml index a78eac0..3b8a27b 100644 --- a/weapons/arachni.yaml +++ b/weapons/arachni.yaml @@ -3,10 +3,10 @@ name: arachni description: 'Web Application Security Scanner Framework ' url: https://github.com/Arachni/arachni category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/assetfinder.yaml b/weapons/assetfinder.yaml index e0c22ad..4d4a75a 100644 --- a/weapons/assetfinder.yaml +++ b/weapons/assetfinder.yaml @@ -3,10 +3,11 @@ name: assetfinder description: 'Find domains and subdomains related to a given domain ' url: https://github.com/tomnomnom/assetfinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/attack-surface-detector-zap.yaml b/weapons/attack-surface-detector-zap.yaml index de27bd2..b156acd 100644 --- a/weapons/attack-surface-detector-zap.yaml +++ b/weapons/attack-surface-detector-zap.yaml @@ -3,8 +3,10 @@ name: attack-surface-detector-zap description: url: https://github.com/secdec/attack-surface-detector-zap category: tool-addon -type: +type: Recon platform: -- zap -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/auto-repeater.yaml b/weapons/auto-repeater.yaml index 7abafaa..4440522 100644 --- a/weapons/auto-repeater.yaml +++ b/weapons/auto-repeater.yaml @@ -3,8 +3,10 @@ name: auto-repeater description: url: https://github.com/PortSwigger/auto-repeater category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/autochrome.yaml b/weapons/autochrome.yaml index 1ba3a16..26bba11 100644 --- a/weapons/autochrome.yaml +++ b/weapons/autochrome.yaml @@ -3,7 +3,10 @@ name: autochrome description: This tool downloads, installs, and configures a shiny new copy of Chromium. url: https://github.com/nccgroup/autochrome category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: HTML tags: [] diff --git a/weapons/axiom.yaml b/weapons/axiom.yaml index 5d31727..1bc71ae 100644 --- a/weapons/axiom.yaml +++ b/weapons/axiom.yaml @@ -3,10 +3,11 @@ name: axiom description: 'A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ' url: https://github.com/pry0cc/axiom category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] -tags: [] +lang: Shell +tags: +- infra diff --git a/weapons/bat.yaml b/weapons/bat.yaml index 4f156cf..41821bb 100644 --- a/weapons/bat.yaml +++ b/weapons/bat.yaml @@ -3,10 +3,10 @@ name: bat description: A cat(1) clone with wings. url: https://github.com/sharkdp/bat category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Rust tags: [] diff --git a/weapons/boast.yaml b/weapons/boast.yaml index 98896d3..6997403 100644 --- a/weapons/boast.yaml +++ b/weapons/boast.yaml @@ -3,10 +3,11 @@ name: boast description: The BOAST Outpost for AppSec Testing (v0.1.0) url: https://github.com/marcoagner/boast category: tool -types: OAST +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- oast diff --git a/weapons/bountyplz.yaml b/weapons/bountyplz.yaml index 53bccfe..e13ec03 100644 --- a/weapons/bountyplz.yaml +++ b/weapons/bountyplz.yaml @@ -4,10 +4,11 @@ description: 'Automated security reporting from markdown templates (HackerOne an Bugcrowd are currently the platforms supported) ' url: https://github.com/fransr/bountyplz category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Shell +tags: +- report diff --git a/weapons/burl.yaml b/weapons/burl.yaml index d7131fb..c0bf48e 100644 --- a/weapons/burl.yaml +++ b/weapons/burl.yaml @@ -3,10 +3,11 @@ name: burl description: 'A Broken-URL Checker ' url: https://github.com/tomnomnom/burl category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- url diff --git a/weapons/burp-exporter.yaml b/weapons/burp-exporter.yaml index 86f58f8..48a2bbb 100644 --- a/weapons/burp-exporter.yaml +++ b/weapons/burp-exporter.yaml @@ -3,8 +3,10 @@ name: burp-exporter description: url: https://github.com/artssec/burp-exporter category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/burp-piper.yaml b/weapons/burp-piper.yaml index 0926a13..90ebc92 100644 --- a/weapons/burp-piper.yaml +++ b/weapons/burp-piper.yaml @@ -3,8 +3,10 @@ name: burp-piper description: url: https://github.com/silentsignal/burp-piper category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Kotlin tags: [] diff --git a/weapons/burp-retire-js.yaml b/weapons/burp-retire-js.yaml index 4a06a03..7390d28 100644 --- a/weapons/burp-retire-js.yaml +++ b/weapons/burp-retire-js.yaml @@ -3,9 +3,10 @@ name: burp-retire-js description: url: https://github.com/h3xstream/burp-retire-js category: tool-addon -type: +type: Recon platform: -- burpsuite -- zap -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/burp-send-to.yaml b/weapons/burp-send-to.yaml index fc30cd9..4607176 100644 --- a/weapons/burp-send-to.yaml +++ b/weapons/burp-send-to.yaml @@ -3,8 +3,10 @@ name: burp-send-to description: url: https://github.com/bytebutcher/burp-send-to category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/c-jwt-cracker.yaml b/weapons/c-jwt-cracker.yaml index a0ceb03..3f7d4a2 100644 --- a/weapons/c-jwt-cracker.yaml +++ b/weapons/c-jwt-cracker.yaml @@ -3,10 +3,11 @@ name: c-jwt-cracker description: 'JWT brute force cracker written in C ' url: https://github.com/brendan-rius/c-jwt-cracker category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: C +tags: +- jwt diff --git a/weapons/can-i-take-over-xyz.yaml b/weapons/can-i-take-over-xyz.yaml index f981da2..3ab8019 100644 --- a/weapons/can-i-take-over-xyz.yaml +++ b/weapons/can-i-take-over-xyz.yaml @@ -4,10 +4,10 @@ description: '"Can I take over XYZ?" — a list of services and how to claim (su with dangling DNS records.' url: https://github.com/EdOverflow/can-i-take-over-xyz category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: 'null' tags: [] diff --git a/weapons/cariddi.yaml b/weapons/cariddi.yaml index 0f95d91..e693b4e 100644 --- a/weapons/cariddi.yaml +++ b/weapons/cariddi.yaml @@ -4,10 +4,10 @@ description: Take a list of domains and scan for endpoints, secrets, api keys, f extensions, tokens and more... url: https://github.com/edoardottt/cariddi category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/cc.py.yaml b/weapons/cc.py.yaml index c5ef3c3..7292da4 100644 --- a/weapons/cc.py.yaml +++ b/weapons/cc.py.yaml @@ -3,10 +3,10 @@ name: cc.py description: 'Extracting URLs of a specific target based on the results of "commoncrawl.org" ' url: https://github.com/si9int/cc.py category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/cf-check.yaml b/weapons/cf-check.yaml index 837cc83..a78e462 100644 --- a/weapons/cf-check.yaml +++ b/weapons/cf-check.yaml @@ -3,10 +3,10 @@ name: cf-check description: 'Cloudflare Checker written in Go ' url: https://github.com/dwisiswant0/cf-check category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/chaos-client.yaml b/weapons/chaos-client.yaml index 055bda0..d8740b2 100644 --- a/weapons/chaos-client.yaml +++ b/weapons/chaos-client.yaml @@ -3,10 +3,10 @@ name: chaos-client description: 'Go client to communicate with Chaos DNS API. ' url: https://github.com/projectdiscovery/chaos-client category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/clear-cache.yaml b/weapons/clear-cache.yaml index 6d9f6d2..c363f3f 100644 --- a/weapons/clear-cache.yaml +++ b/weapons/clear-cache.yaml @@ -3,8 +3,10 @@ name: clear-cache description: Add-on to clear browser cache with a single click or via the F9 key. url: https://github.com/TenSoja/clear-cache category: browser-addon -type: +type: Utils platform: -- firefox -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/collaborator-everywhere.yaml b/weapons/collaborator-everywhere.yaml index 9a9e5c1..382d571 100644 --- a/weapons/collaborator-everywhere.yaml +++ b/weapons/collaborator-everywhere.yaml @@ -3,8 +3,10 @@ name: collaborator-everywhere description: url: https://github.com/PortSwigger/collaborator-everywhere category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/commix.yaml b/weapons/commix.yaml index 98a18ae..34f11c8 100644 --- a/weapons/commix.yaml +++ b/weapons/commix.yaml @@ -3,10 +3,10 @@ name: commix description: Automated All-in-One OS Command Injection Exploitation Tool. url: https://github.com/commixproject/commix category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/community-scripts.yaml b/weapons/community-scripts.yaml index 3a1eb50..cc4e226 100644 --- a/weapons/community-scripts.yaml +++ b/weapons/community-scripts.yaml @@ -3,8 +3,10 @@ name: community-scripts description: url: https://github.com/zaproxy/community-scripts category: tool-addon -type: +type: Utils platform: -- zap -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/confused.yaml b/weapons/confused.yaml index 8461021..645690a 100644 --- a/weapons/confused.yaml +++ b/weapons/confused.yaml @@ -4,10 +4,10 @@ description: Tool to check for dependency confusion vulnerabilities in multiple management systems url: https://github.com/visma-prodsec/confused category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/cookie-quick-manager.yaml b/weapons/cookie-quick-manager.yaml index 906837d..613811e 100644 --- a/weapons/cookie-quick-manager.yaml +++ b/weapons/cookie-quick-manager.yaml @@ -4,8 +4,10 @@ description: An addon to manage (view, search, create, edit, remove, backup, res cookies on Firefox. url: https://github.com/ysard/cookie-quick-manager category: browser-addon -type: +type: Utils platform: -- firefox -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/corsair_scan.yaml b/weapons/corsair_scan.yaml index b1a1a32..47c8e76 100644 --- a/weapons/corsair_scan.yaml +++ b/weapons/corsair_scan.yaml @@ -4,10 +4,10 @@ description: Corsair_scan is a security tool to test Cross-Origin Resource Shari (CORS). url: https://github.com/Santandersecurityresearch/corsair_scan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/crawlergo.yaml b/weapons/crawlergo.yaml index 7b7000b..fd53276 100644 --- a/weapons/crawlergo.yaml +++ b/weapons/crawlergo.yaml @@ -3,10 +3,10 @@ name: crawlergo description: A powerful browser crawler for web vulnerability scanners url: https://github.com/Qianlitp/crawlergo category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/crlfuzz.yaml b/weapons/crlfuzz.yaml index 85596ed..ebe5968 100644 --- a/weapons/crlfuzz.yaml +++ b/weapons/crlfuzz.yaml @@ -3,10 +3,10 @@ name: crlfuzz description: 'A fast tool to scan CRLF vulnerability written in Go ' url: https://github.com/dwisiswant0/crlfuzz category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/csp-auditor.yaml b/weapons/csp-auditor.yaml index a1cf30a..d31177c 100644 --- a/weapons/csp-auditor.yaml +++ b/weapons/csp-auditor.yaml @@ -3,9 +3,11 @@ name: csp-auditor description: url: https://github.com/GoSecure/csp-auditor category: tool-addon -type: +type: Scanner platform: -- burpsuite -- zap -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- csp diff --git a/weapons/curl.yaml b/weapons/curl.yaml index 1ef1392..6522bf0 100644 --- a/weapons/curl.yaml +++ b/weapons/curl.yaml @@ -6,7 +6,10 @@ description: A command line tool and library for transferring data with URL synt features url: https://github.com/curl/curl category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: C tags: [] diff --git a/weapons/dalfox.yaml b/weapons/dalfox.yaml index 30a0652..405ab23 100644 --- a/weapons/dalfox.yaml +++ b/weapons/dalfox.yaml @@ -4,10 +4,11 @@ description: "\U0001F318\U0001F98A DalFox(Finder Of XSS) / Parameter Analysis an XSS Scanning tool based on golang " url: https://github.com/hahwul/dalfox category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- xss diff --git a/weapons/dirsearch.yaml b/weapons/dirsearch.yaml index 8e50b90..ad7de1c 100644 --- a/weapons/dirsearch.yaml +++ b/weapons/dirsearch.yaml @@ -3,10 +3,10 @@ name: dirsearch description: 'Web path scanner ' url: https://github.com/maurosoria/dirsearch category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/ditto.yaml b/weapons/ditto.yaml index 9116adb..0a0d956 100644 --- a/weapons/ditto.yaml +++ b/weapons/ditto.yaml @@ -3,7 +3,10 @@ name: ditto description: A tool for IDN homograph attacks and detection. url: https://github.com/evilsocket/ditto category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/dmut.yaml b/weapons/dmut.yaml index f445d70..1681f22 100644 --- a/weapons/dmut.yaml +++ b/weapons/dmut.yaml @@ -4,7 +4,11 @@ description: A tool to perform permutations, mutations and alteration of subdoma in golang. url: https://github.com/bp0lr/dmut category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/dnsobserver.yaml b/weapons/dnsobserver.yaml index dee816c..d298db4 100644 --- a/weapons/dnsobserver.yaml +++ b/weapons/dnsobserver.yaml @@ -5,7 +5,12 @@ description: 'A handy DNS service written in Go to aid in the detection of sever DNS interactions and sends lookup notifications via Slack. ' url: https://github.com/allyomalley/dnsobserver category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go +tags: +- oast +- dns diff --git a/weapons/dnsprobe.yaml b/weapons/dnsprobe.yaml index 74cd7ef..f633ae3 100644 --- a/weapons/dnsprobe.yaml +++ b/weapons/dnsprobe.yaml @@ -4,10 +4,11 @@ description: 'DNSProb (beta) is a tool built on top of retryabledns that allows to perform multiple dns queries of your choice with a list of user supplied resolvers. ' url: https://github.com/projectdiscovery/dnsprobe category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- dns diff --git a/weapons/dnsvalidator.yaml b/weapons/dnsvalidator.yaml index 450e2f1..b4bcdd0 100644 --- a/weapons/dnsvalidator.yaml +++ b/weapons/dnsvalidator.yaml @@ -4,7 +4,11 @@ description: Maintains a list of IPv4 DNS servers by verifying them against base servers, and ensuring accurate responses. url: https://github.com/vortexau/dnsvalidator category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python +tags: +- dns diff --git a/weapons/dnsx.yaml b/weapons/dnsx.yaml index d3f83f3..462b779 100644 --- a/weapons/dnsx.yaml +++ b/weapons/dnsx.yaml @@ -4,7 +4,11 @@ description: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple queries of your choice with a list of user-supplied resolvers. url: https://github.com/projectdiscovery/dnsx category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- dns diff --git a/weapons/docem.yaml b/weapons/docem.yaml index 06086de..aa599dc 100644 --- a/weapons/docem.yaml +++ b/weapons/docem.yaml @@ -4,7 +4,12 @@ description: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE steroids) url: https://github.com/whitel1st/docem category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python +tags: +- xxe +- xss diff --git a/weapons/domdig.yaml b/weapons/domdig.yaml index 34b93a6..9b67bc5 100644 --- a/weapons/domdig.yaml +++ b/weapons/domdig.yaml @@ -3,10 +3,11 @@ name: domdig description: 'DOM XSS scanner for Single Page Applications ' url: https://github.com/fcavallarin/domdig category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: JavaScript +tags: +- xss diff --git a/weapons/dontgo403.yaml b/weapons/dontgo403.yaml index f9c2d76..014a3ec 100644 --- a/weapons/dontgo403.yaml +++ b/weapons/dontgo403.yaml @@ -3,7 +3,11 @@ name: dontgo403 description: Tool to bypass 40X response codes. url: https://github.com/devploit/dontgo403 category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go +tags: +- 403 diff --git a/weapons/dotdotpwn.yaml b/weapons/dotdotpwn.yaml index 567ef35..4c7fa2f 100644 --- a/weapons/dotdotpwn.yaml +++ b/weapons/dotdotpwn.yaml @@ -3,10 +3,10 @@ name: dotdotpwn description: 'DotDotPwn - The Directory Traversal Fuzzer ' url: https://github.com/wireghoul/dotdotpwn category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Perl tags: [] diff --git a/weapons/eval_villain.yaml b/weapons/eval_villain.yaml index f18161e..a78e5f2 100644 --- a/weapons/eval_villain.yaml +++ b/weapons/eval_villain.yaml @@ -3,8 +3,11 @@ name: eval_villain description: A Firefox Web Extension to improve the discovery of DOM XSS. url: https://github.com/swoops/eval_villain category: browser-addon -type: +type: Utils platform: -- firefox -lang: [] -tags: [] +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/ezXSS.yaml b/weapons/ezXSS.yaml index 516912c..d8ee884 100644 --- a/weapons/ezXSS.yaml +++ b/weapons/ezXSS.yaml @@ -4,10 +4,11 @@ description: 'ezXSS is an easy way for penetration testers and bug bounty hunter to test (blind) Cross Site Scripting. ' url: https://github.com/ssl/ezXSS category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: PHP +tags: +- xss diff --git a/weapons/femida.yaml b/weapons/femida.yaml index 247db74..86eafff 100644 --- a/weapons/femida.yaml +++ b/weapons/femida.yaml @@ -3,8 +3,10 @@ name: femida description: url: https://github.com/wish-i-was/femida category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/feroxbuster.yaml b/weapons/feroxbuster.yaml index ff682f2..9a09909 100644 --- a/weapons/feroxbuster.yaml +++ b/weapons/feroxbuster.yaml @@ -3,7 +3,10 @@ name: feroxbuster description: A fast, simple, recursive content discovery tool written in Rust. url: https://github.com/epi052/feroxbuster category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/ffuf.yaml b/weapons/ffuf.yaml index 5483a73..a77803b 100644 --- a/weapons/ffuf.yaml +++ b/weapons/ffuf.yaml @@ -3,10 +3,10 @@ name: ffuf description: 'Fast web fuzzer written in Go ' url: https://github.com/ffuf/ffuf category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/fhc.yaml b/weapons/fhc.yaml index 13872f7..d2ecdf5 100644 --- a/weapons/fhc.yaml +++ b/weapons/fhc.yaml @@ -3,7 +3,10 @@ name: fhc description: Fast HTTP Checker. url: https://github.com/Edu4rdSHL/fhc category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/findom-xss.yaml b/weapons/findom-xss.yaml index 834bbe8..1371683 100644 --- a/weapons/findom-xss.yaml +++ b/weapons/findom-xss.yaml @@ -3,10 +3,11 @@ name: findom-xss description: 'A fast DOM based XSS vulnerability scanner with simplicity. ' url: https://github.com/dwisiswant0/findom-xss category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Shell +tags: +- xss diff --git a/weapons/findomain.yaml b/weapons/findomain.yaml index 8cfedfd..638900b 100644 --- a/weapons/findomain.yaml +++ b/weapons/findomain.yaml @@ -4,10 +4,11 @@ description: 'The fastest and cross-platform subdomain enumerator, do not waste time. ' url: https://github.com/Edu4rdSHL/findomain category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Rust +tags: +- subdomains diff --git a/weapons/fockcache.yaml b/weapons/fockcache.yaml index 9b4e5d0..b816e54 100644 --- a/weapons/fockcache.yaml +++ b/weapons/fockcache.yaml @@ -3,7 +3,10 @@ name: fockcache description: FockCache - Minimalized Test Cache Poisoning url: https://github.com/tismayil/fockcache category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/fuzzparam.yaml b/weapons/fuzzparam.yaml index e583bc2..b88bd0b 100644 --- a/weapons/fuzzparam.yaml +++ b/weapons/fuzzparam.yaml @@ -3,7 +3,10 @@ name: fuzzparam description: A fast go based param miner to fuzz possible parameters a URL can have. url: https://github.com/0xsapra/fuzzparam category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/fzf.yaml b/weapons/fzf.yaml index c71d013..0050443 100644 --- a/weapons/fzf.yaml +++ b/weapons/fzf.yaml @@ -3,10 +3,10 @@ name: fzf description: A command-line fuzzy finder url: https://github.com/junegunn/fzf category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gau.yaml b/weapons/gau.yaml index 2c8b5a8..d4ca1e0 100644 --- a/weapons/gau.yaml +++ b/weapons/gau.yaml @@ -4,10 +4,10 @@ description: Fetch known URLs from AlienVault's Open Threat Exchange, the Waybac Machine, and Common Crawl. url: https://github.com/lc/gau category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gauplus.yaml b/weapons/gauplus.yaml index 06a61ae..d9d1d66 100644 --- a/weapons/gauplus.yaml +++ b/weapons/gauplus.yaml @@ -4,7 +4,10 @@ description: A modified version of gau for personal usage. Support workers, prox and some extra things. url: https://github.com/bp0lr/gauplus category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gee.yaml b/weapons/gee.yaml index eef84c0..47c2a55 100644 --- a/weapons/gee.yaml +++ b/weapons/gee.yaml @@ -5,7 +5,10 @@ description: "\U0001F3F5 Gee is tool of stdin to each files and stdout. It is si was written as go" url: https://github.com/hahwul/gee category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/getJS.yaml b/weapons/getJS.yaml index 78bfa67..46a02de 100644 --- a/weapons/getJS.yaml +++ b/weapons/getJS.yaml @@ -3,7 +3,10 @@ name: getJS description: A tool to fastly get all javascript sources/files url: https://github.com/003random/getJS category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gf.yaml b/weapons/gf.yaml index 43626a6..fa305ab 100644 --- a/weapons/gf.yaml +++ b/weapons/gf.yaml @@ -3,10 +3,10 @@ name: gf description: 'A wrapper around grep, to help you grep for things ' url: https://github.com/tomnomnom/gf category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gitGraber.yaml b/weapons/gitGraber.yaml index 399384f..4b14166 100644 --- a/weapons/gitGraber.yaml +++ b/weapons/gitGraber.yaml @@ -3,10 +3,10 @@ name: gitGraber description: 'gitGraber ' url: https://github.com/hisxo/gitGraber category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/github-endpoints.yaml b/weapons/github-endpoints.yaml index d46f5f4..33134cd 100644 --- a/weapons/github-endpoints.yaml +++ b/weapons/github-endpoints.yaml @@ -3,7 +3,10 @@ name: github-endpoints description: Find endpoints on GitHub. url: https://github.com/gwen001/github-endpoints category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/github-regexp.yaml b/weapons/github-regexp.yaml index 49655e4..cbbf1f6 100644 --- a/weapons/github-regexp.yaml +++ b/weapons/github-regexp.yaml @@ -3,7 +3,10 @@ name: github-regexp description: Basically a regexp over a GitHub search. url: https://github.com/gwen001/github-regexp category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/github-search.yaml b/weapons/github-search.yaml index fbf5f03..8bc6f49 100644 --- a/weapons/github-search.yaml +++ b/weapons/github-search.yaml @@ -3,10 +3,10 @@ name: github-search description: 'Tools to perform basic search on GitHub. ' url: https://github.com/gwen001/github-search category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: JavaScript tags: [] diff --git a/weapons/github-subdomains.yaml b/weapons/github-subdomains.yaml index 6e9031a..7cf0df3 100644 --- a/weapons/github-subdomains.yaml +++ b/weapons/github-subdomains.yaml @@ -3,7 +3,10 @@ name: github-subdomains description: Find subdomains on GitHub url: https://github.com/gwen001/github-subdomains category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gitleaks.yaml b/weapons/gitleaks.yaml index fd1cc78..b331263 100644 --- a/weapons/gitleaks.yaml +++ b/weapons/gitleaks.yaml @@ -3,7 +3,10 @@ name: gitleaks description: "Scan git repos (or files) for secrets using regex and entropy \U0001F511" url: https://github.com/zricethezav/gitleaks category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gitls.yaml b/weapons/gitls.yaml index 4fea465..00860df 100644 --- a/weapons/gitls.yaml +++ b/weapons/gitls.yaml @@ -3,7 +3,10 @@ name: gitls description: Listing git repository from URL/User/Org url: https://github.com/hahwul/gitls category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gitrob.yaml b/weapons/gitrob.yaml index ee6b984..443232b 100644 --- a/weapons/gitrob.yaml +++ b/weapons/gitrob.yaml @@ -3,10 +3,10 @@ name: gitrob description: 'Reconnaissance tool for GitHub organizations ' url: https://github.com/michenriksen/gitrob category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/go-dork.yaml b/weapons/go-dork.yaml index 866316b..0330463 100644 --- a/weapons/go-dork.yaml +++ b/weapons/go-dork.yaml @@ -3,10 +3,10 @@ name: go-dork description: 'The fastest dork scanner written in Go. ' url: https://github.com/dwisiswant0/go-dork category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gobuster.yaml b/weapons/gobuster.yaml index b20c48e..6dd2c11 100644 --- a/weapons/gobuster.yaml +++ b/weapons/gobuster.yaml @@ -3,10 +3,10 @@ name: gobuster description: 'Directory/File, DNS and VHost busting tool written in Go ' url: https://github.com/OJ/gobuster category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gospider.yaml b/weapons/gospider.yaml index f3902f4..7739129 100644 --- a/weapons/gospider.yaml +++ b/weapons/gospider.yaml @@ -3,10 +3,10 @@ name: gospider description: 'Gospider - Fast web spider written in Go ' url: https://github.com/jaeles-project/gospider category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gotator.yaml b/weapons/gotator.yaml index 34d243b..e926c1e 100644 --- a/weapons/gotator.yaml +++ b/weapons/gotator.yaml @@ -3,7 +3,10 @@ name: gotator description: Gotator is a tool to generate DNS wordlists through permutations. url: https://github.com/Josue87/gotator category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gotestwaf.yaml b/weapons/gotestwaf.yaml index 54cb25f..162db21 100644 --- a/weapons/gotestwaf.yaml +++ b/weapons/gotestwaf.yaml @@ -4,7 +4,10 @@ description: An open-source project in Golang to test different web application (WAF) for detection logic and bypasses url: https://github.com/wallarm/gotestwaf category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gowitness.yaml b/weapons/gowitness.yaml index c857848..1953f8c 100644 --- a/weapons/gowitness.yaml +++ b/weapons/gowitness.yaml @@ -4,10 +4,10 @@ description: "\U0001F50D gowitness - a golang, web screenshot utility using Chro Headless " url: https://github.com/sensepost/gowitness category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/graphql-voyager.yaml b/weapons/graphql-voyager.yaml index 286a1cb..cc88d6d 100644 --- a/weapons/graphql-voyager.yaml +++ b/weapons/graphql-voyager.yaml @@ -3,10 +3,10 @@ name: graphql-voyager description: "\U0001F6F0️ Represent any GraphQL API as an interactive graph " url: https://github.com/APIs-guru/graphql-voyager category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Typescript tags: [] diff --git a/weapons/grc.yaml b/weapons/grc.yaml index 02c56e6..7a7946a 100644 --- a/weapons/grc.yaml +++ b/weapons/grc.yaml @@ -3,7 +3,10 @@ name: grc description: generic colouriser url: https://github.com/garabik/grc category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/grex.yaml b/weapons/grex.yaml index 29b4bba..515a061 100644 --- a/weapons/grex.yaml +++ b/weapons/grex.yaml @@ -4,7 +4,10 @@ description: A command-line tool and library for generating regular expressions user-provided test cases url: https://github.com/pemistahl/grex category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/gron.yaml b/weapons/gron.yaml index fbb0593..4364d46 100644 --- a/weapons/gron.yaml +++ b/weapons/gron.yaml @@ -3,10 +3,10 @@ name: gron description: 'Make JSON greppable! ' url: https://github.com/tomnomnom/gron category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/h2csmuggler.yaml b/weapons/h2csmuggler.yaml index 3aa2995..67b4834 100644 --- a/weapons/h2csmuggler.yaml +++ b/weapons/h2csmuggler.yaml @@ -3,10 +3,10 @@ name: h2csmuggler description: HTTP Request Smuggling Detection Tool url: https://github.com/assetnote/h2csmuggler category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hacks.yaml b/weapons/hacks.yaml index 6d8d328..593297e 100644 --- a/weapons/hacks.yaml +++ b/weapons/hacks.yaml @@ -3,10 +3,10 @@ name: hacks description: 'A collection of hacks and one-off scripts ' url: https://github.com/tomnomnom/hacks category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hakcheckurl.yaml b/weapons/hakcheckurl.yaml index 3ecb07a..8eecb9c 100644 --- a/weapons/hakcheckurl.yaml +++ b/weapons/hakcheckurl.yaml @@ -3,7 +3,10 @@ name: hakcheckurl description: Takes a list of URLs and returns their HTTP response codes url: https://github.com/hakluke/hakcheckurl category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/hakrawler.yaml b/weapons/hakrawler.yaml index 19e7c5a..6681319 100644 --- a/weapons/hakrawler.yaml +++ b/weapons/hakrawler.yaml @@ -4,10 +4,10 @@ description: 'Simple, fast web crawler designed for easy, quick discovery of end and assets within a web application ' url: https://github.com/hakluke/hakrawler category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hakrevdns.yaml b/weapons/hakrevdns.yaml index eb70eec..37d4578 100644 --- a/weapons/hakrevdns.yaml +++ b/weapons/hakrevdns.yaml @@ -3,10 +3,10 @@ name: hakrevdns description: 'Small, fast tool for performing reverse DNS lookups en masse. ' url: https://github.com/hakluke/hakrevdns category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/haktrails.yaml b/weapons/haktrails.yaml index 53cfe86..5f553da 100644 --- a/weapons/haktrails.yaml +++ b/weapons/haktrails.yaml @@ -3,7 +3,10 @@ name: haktrails description: Golang client for querying SecurityTrails API data url: https://github.com/hakluke/haktrails category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/hashcat.yaml b/weapons/hashcat.yaml index 28e6099..9555943 100644 --- a/weapons/hashcat.yaml +++ b/weapons/hashcat.yaml @@ -3,7 +3,10 @@ name: hashcat description: 'World''s fastest and most advanced password recovery utility ' url: https://github.com/hashcat/hashcat/ category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: C tags: [] diff --git a/weapons/headi.yaml b/weapons/headi.yaml index 70e550f..4af14d4 100644 --- a/weapons/headi.yaml +++ b/weapons/headi.yaml @@ -3,7 +3,10 @@ name: headi description: Customisable and automated HTTP header injection url: https://github.com/mlcsec/headi category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/hetty.yaml b/weapons/hetty.yaml index 65ef483..02ff272 100644 --- a/weapons/hetty.yaml +++ b/weapons/hetty.yaml @@ -5,10 +5,10 @@ description: Hetty is an HTTP toolkit for security research. It aims to become a features tailored to the needs of the infosec and bug bounty community. url: https://github.com/dstotijn/hetty category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hinject.yaml b/weapons/hinject.yaml index f95b7a5..38c0a28 100644 --- a/weapons/hinject.yaml +++ b/weapons/hinject.yaml @@ -3,10 +3,10 @@ name: hinject description: 'Host Header Injection Checker ' url: https://github.com/dwisiswant0/hinject category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/htcat.yaml b/weapons/htcat.yaml index 89e6c39..11ae040 100644 --- a/weapons/htcat.yaml +++ b/weapons/htcat.yaml @@ -3,10 +3,10 @@ name: htcat description: 'Parallel and Pipelined HTTP GET Utility ' url: https://github.com/htcat/htcat category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/http-request-smuggler.yaml b/weapons/http-request-smuggler.yaml index 4b5d09f..94e346e 100644 --- a/weapons/http-request-smuggler.yaml +++ b/weapons/http-request-smuggler.yaml @@ -3,8 +3,10 @@ name: http-request-smuggler description: url: https://github.com/PortSwigger/http-request-smuggler category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/http-request-smuggling.yaml b/weapons/http-request-smuggling.yaml index dd63c11..a46cee8 100644 --- a/weapons/http-request-smuggling.yaml +++ b/weapons/http-request-smuggling.yaml @@ -3,7 +3,10 @@ name: http-request-smuggling description: HTTP Request Smuggling Detection Tool url: https://github.com/anshumanpattnaik/http-request-smuggling category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/http-script-generator.yaml b/weapons/http-script-generator.yaml index 5a20a45..1df0d12 100644 --- a/weapons/http-script-generator.yaml +++ b/weapons/http-script-generator.yaml @@ -3,9 +3,10 @@ name: http-script-generator description: url: https://github.com/h3xstream/http-script-generator category: tool-addon -type: +type: Utils platform: -- burpsuite -- zap -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/http2smugl.yaml b/weapons/http2smugl.yaml index be67019..3eab091 100644 --- a/weapons/http2smugl.yaml +++ b/weapons/http2smugl.yaml @@ -4,7 +4,10 @@ description: This tool helps to detect and exploit HTTP request smuggling in cas it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. url: https://github.com/neex/http2smugl category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/httpie.yaml b/weapons/httpie.yaml index eb4784a..1c30cb7 100644 --- a/weapons/httpie.yaml +++ b/weapons/httpie.yaml @@ -5,7 +5,10 @@ description: "As easy as /aitch-tee-tee-pie/ \U0001F967 Modern, user-friendly co & more. https://twitter.com/httpie" url: https://github.com/httpie/httpie category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/httprobe.yaml b/weapons/httprobe.yaml index 911f3f3..c1c8f81 100644 --- a/weapons/httprobe.yaml +++ b/weapons/httprobe.yaml @@ -3,10 +3,10 @@ name: httprobe description: 'Take a list of domains and probe for working HTTP and HTTPS servers ' url: https://github.com/tomnomnom/httprobe category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/httptoolkit.yaml b/weapons/httptoolkit.yaml index eb49a6e..102dc6d 100644 --- a/weapons/httptoolkit.yaml +++ b/weapons/httptoolkit.yaml @@ -4,7 +4,10 @@ description: HTTP Toolkit is a beautiful & open-source tool for debugging, testi and building with HTTP(S) on Windows, Linux & Mac url: https://github.com/httptoolkit/httptoolkit category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/httpx.yaml b/weapons/httpx.yaml index 1ce18cc..dd3cab6 100644 --- a/weapons/httpx.yaml +++ b/weapons/httpx.yaml @@ -5,10 +5,10 @@ description: 'httpx is a fast and multi-purpose HTTP toolkit allow to run multip with increased threads. ' url: https://github.com/projectdiscovery/httpx category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hurl.yaml b/weapons/hurl.yaml index c5e6bd5..7bb4a36 100644 --- a/weapons/hurl.yaml +++ b/weapons/hurl.yaml @@ -3,7 +3,10 @@ name: hurl description: Hurl, run and test HTTP requests. url: https://github.com/Orange-OpenSource/hurl category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/inql.yaml b/weapons/inql.yaml index 6cc1788..9965e27 100644 --- a/weapons/inql.yaml +++ b/weapons/inql.yaml @@ -3,8 +3,10 @@ name: inql description: url: https://github.com/doyensec/inql category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/interactsh.yaml b/weapons/interactsh.yaml index 2cfbdce..0dc5da4 100644 --- a/weapons/interactsh.yaml +++ b/weapons/interactsh.yaml @@ -3,7 +3,11 @@ name: interactsh description: An OOB interaction gathering server and client library url: https://github.com/projectdiscovery/interactsh category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go +tags: +- oast diff --git a/weapons/intrigue-core.yaml b/weapons/intrigue-core.yaml index b67af7d..1baafc3 100644 --- a/weapons/intrigue-core.yaml +++ b/weapons/intrigue-core.yaml @@ -3,10 +3,10 @@ name: intrigue-core description: 'Discover Your Attack Surface ' url: https://github.com/intrigueio/intrigue-core category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/jaeles.yaml b/weapons/jaeles.yaml index 193161f..d77a008 100644 --- a/weapons/jaeles.yaml +++ b/weapons/jaeles.yaml @@ -3,10 +3,10 @@ name: jaeles description: 'The Swiss Army knife for automated Web Application Testing ' url: https://github.com/jaeles-project/jaeles category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/jsfuck.yaml b/weapons/jsfuck.yaml index 4188b42..0cd137d 100644 --- a/weapons/jsfuck.yaml +++ b/weapons/jsfuck.yaml @@ -3,7 +3,11 @@ name: jsfuck description: Write any JavaScript with 6 Characters url: https://github.com/aemkei/jsfuck category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/jsonwebtoken.github.io.yaml b/weapons/jsonwebtoken.github.io.yaml index f915769..64676ce 100644 --- a/weapons/jsonwebtoken.github.io.yaml +++ b/weapons/jsonwebtoken.github.io.yaml @@ -3,9 +3,11 @@ name: jsonwebtoken.github.io description: JWT En/Decode and Verify url: https://github.com/jsonwebtoken/jsonwebtoken.github.io category: browser-addon -type: +type: Utils platform: -- chrome -- firefox -lang: [] -tags: [] +- linux +- macos +- windows +lang: JavaScript +tags: +- jwt diff --git a/weapons/jsprime.yaml b/weapons/jsprime.yaml index 25a9050..804386d 100644 --- a/weapons/jsprime.yaml +++ b/weapons/jsprime.yaml @@ -3,7 +3,10 @@ name: jsprime description: a javascript static security analysis tool url: https://github.com/dpnishant/jsprime category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/jwt-cracker.yaml b/weapons/jwt-cracker.yaml index 6e3c298..bf056ec 100644 --- a/weapons/jwt-cracker.yaml +++ b/weapons/jwt-cracker.yaml @@ -3,10 +3,11 @@ name: jwt-cracker description: 'Simple HS256 JWT token brute force cracker ' url: https://github.com/lmammino/jwt-cracker category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: JavaScript +tags: +- jwt diff --git a/weapons/jwt-hack.yaml b/weapons/jwt-hack.yaml index 13cce9c..05eadb3 100644 --- a/weapons/jwt-hack.yaml +++ b/weapons/jwt-hack.yaml @@ -4,10 +4,11 @@ description: "\U0001F529 jwt-hack is tool for hacking / security testing to JWT. for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)" url: https://github.com/hahwul/jwt-hack category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- jwt diff --git a/weapons/kiterunner.yaml b/weapons/kiterunner.yaml index 9e61a84..0e784c5 100644 --- a/weapons/kiterunner.yaml +++ b/weapons/kiterunner.yaml @@ -3,7 +3,10 @@ name: kiterunner description: Contextual Content Discovery Tool url: https://github.com/assetnote/kiterunner category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/knife.yaml b/weapons/knife.yaml index fb2808b..c4c55fc 100644 --- a/weapons/knife.yaml +++ b/weapons/knife.yaml @@ -3,8 +3,10 @@ name: knife description: A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 url: https://github.com/bit4woo/knife category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/knock.yaml b/weapons/knock.yaml index 87cde91..4169f91 100644 --- a/weapons/knock.yaml +++ b/weapons/knock.yaml @@ -3,10 +3,11 @@ name: knock description: 'Knock Subdomain Scan ' url: https://github.com/guelfoweb/knock category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- subdomains diff --git a/weapons/lazyrecon.yaml b/weapons/lazyrecon.yaml index 0752c0d..6c07f0c 100644 --- a/weapons/lazyrecon.yaml +++ b/weapons/lazyrecon.yaml @@ -4,10 +4,10 @@ description: 'This script is intended to automate your reconnaissance process in organized fashion ' url: https://github.com/nahamsec/lazyrecon category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/longtongue.yaml b/weapons/longtongue.yaml index 29ae2c5..aadedcb 100644 --- a/weapons/longtongue.yaml +++ b/weapons/longtongue.yaml @@ -3,7 +3,10 @@ name: longtongue description: Customized Password/Passphrase List inputting Target Info url: https://github.com/edoardottt/longtongue category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/masscan.yaml b/weapons/masscan.yaml index 29ae625..bc9afc3 100644 --- a/weapons/masscan.yaml +++ b/weapons/masscan.yaml @@ -4,10 +4,10 @@ description: 'TCP port scanner, spews SYN packets asynchronously, scanning entir Internet in under 5 minutes. ' url: https://github.com/robertdavidgraham/masscan category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: C tags: [] diff --git a/weapons/medusa.yaml b/weapons/medusa.yaml index 0684780..708714e 100644 --- a/weapons/medusa.yaml +++ b/weapons/medusa.yaml @@ -3,10 +3,10 @@ name: medusa description: 'Fastest recursive HTTP fuzzer, like a Ferrari. ' url: https://github.com/riza/medusa category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/meg.yaml b/weapons/meg.yaml index 49ac20c..f2b6e0e 100644 --- a/weapons/meg.yaml +++ b/weapons/meg.yaml @@ -3,10 +3,10 @@ name: meg description: 'Fetch many paths for many hosts - without killing the hosts ' url: https://github.com/tomnomnom/meg category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/megplus.yaml b/weapons/megplus.yaml index 858468e..90d63b2 100644 --- a/weapons/megplus.yaml +++ b/weapons/megplus.yaml @@ -3,10 +3,10 @@ name: megplus description: 'Automated reconnaissance wrapper — TomNomNom''s meg on steroids. [DEPRECATED] ' url: https://github.com/EdOverflow/megplus category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/naabu.yaml b/weapons/naabu.yaml index 557ed7c..d387fd8 100644 --- a/weapons/naabu.yaml +++ b/weapons/naabu.yaml @@ -5,10 +5,10 @@ description: 'A fast port scanner written in go with focus on reliability and si in bug bounties and pentests ' url: https://github.com/projectdiscovery/naabu category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/nikto.yaml b/weapons/nikto.yaml index 228edd1..ea30071 100644 --- a/weapons/nikto.yaml +++ b/weapons/nikto.yaml @@ -3,10 +3,10 @@ name: nikto description: 'Nikto web server scanner ' url: https://github.com/sullo/nikto category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Perl tags: [] diff --git a/weapons/nmap.yaml b/weapons/nmap.yaml index 08344f4..25ecc60 100644 --- a/weapons/nmap.yaml +++ b/weapons/nmap.yaml @@ -3,9 +3,10 @@ name: nmap description: 'Nmap - the Network Mapper. Github mirror of official SVN repository. ' url: https://github.com/nmap/nmap category: tool -type: +type: Scanner platform: - linux - macos -lang: [] +- windows +lang: C tags: [] diff --git a/weapons/nosqli.yaml b/weapons/nosqli.yaml index 2dab1c8..a75b55b 100644 --- a/weapons/nosqli.yaml +++ b/weapons/nosqli.yaml @@ -3,10 +3,10 @@ name: nosqli description: NoSql Injection CLI tool url: https://github.com/Charlie-belmer/nosqli category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/nuclei.yaml b/weapons/nuclei.yaml index 8aef515..bf185d5 100644 --- a/weapons/nuclei.yaml +++ b/weapons/nuclei.yaml @@ -4,10 +4,10 @@ description: 'Nuclei is a fast tool for configurable targeted scanning based on offering massive extensibility and ease of use. ' url: https://github.com/projectdiscovery/nuclei category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/ob_hacky_slack.yaml b/weapons/ob_hacky_slack.yaml index 6abce65..98bea55 100644 --- a/weapons/ob_hacky_slack.yaml +++ b/weapons/ob_hacky_slack.yaml @@ -3,7 +3,10 @@ name: ob_hacky_slack description: Hacky Slack - a bash script that sends beautiful messages to Slack url: https://github.com/openbridge/ob_hacky_slack category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/owasp-zap-jwt-addon.yaml b/weapons/owasp-zap-jwt-addon.yaml index 8263679..4180238 100644 --- a/weapons/owasp-zap-jwt-addon.yaml +++ b/weapons/owasp-zap-jwt-addon.yaml @@ -3,8 +3,11 @@ name: owasp-zap-jwt-addon description: url: https://github.com/SasanLabs/owasp-zap-jwt-addon category: tool-addon -type: +type: utils platform: -- zap -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- jwt diff --git a/weapons/oxml_xxe.yaml b/weapons/oxml_xxe.yaml index 167c867..6de5dff 100644 --- a/weapons/oxml_xxe.yaml +++ b/weapons/oxml_xxe.yaml @@ -3,10 +3,10 @@ name: oxml_xxe description: 'A tool for embedding XXE/XML exploits into different filetypes ' url: https://github.com/BuffaloWill/oxml_xxe category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/pagodo.yaml b/weapons/pagodo.yaml index 88a1ab3..b421709 100644 --- a/weapons/pagodo.yaml +++ b/weapons/pagodo.yaml @@ -4,7 +4,10 @@ description: pagodo (Passive Google Dork) - Automate Google Hacking Database scr and searching url: https://github.com/opsdisk/pagodo category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/param-miner.yaml b/weapons/param-miner.yaml index b3a4760..282c0d1 100644 --- a/weapons/param-miner.yaml +++ b/weapons/param-miner.yaml @@ -3,8 +3,11 @@ name: param-miner description: url: https://github.com/PortSwigger/param-miner category: tool-addon -type: +type: Fuzzer platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- param diff --git a/weapons/parameth.yaml b/weapons/parameth.yaml index ca72e9e..8962571 100644 --- a/weapons/parameth.yaml +++ b/weapons/parameth.yaml @@ -3,7 +3,10 @@ name: parameth description: This tool can be used to brute discover GET and POST parameters url: https://github.com/maK-/parameth category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/pentest-tools.yaml b/weapons/pentest-tools.yaml index 0f96953..d27cd7b 100644 --- a/weapons/pentest-tools.yaml +++ b/weapons/pentest-tools.yaml @@ -3,10 +3,10 @@ name: pentest-tools description: 'Custom pentesting tools ' url: https://github.com/gwen001/pentest-tools category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/pet.yaml b/weapons/pet.yaml index b326659..85ab444 100644 --- a/weapons/pet.yaml +++ b/weapons/pet.yaml @@ -3,9 +3,10 @@ name: pet description: Simple command-line snippet manager, written in Go. url: https://github.com/knqyf263/pet category: tool -type: +type: Utils platform: - linux - macos -lang: [] +- windows +lang: Go tags: [] diff --git a/weapons/plution.yaml b/weapons/plution.yaml index 0a46894..6dfee2a 100644 --- a/weapons/plution.yaml +++ b/weapons/plution.yaml @@ -3,7 +3,10 @@ name: plution description: Prototype pollution scanner using headless chrome url: https://github.com/raverrr/plution category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/postMessage-tracker.yaml b/weapons/postMessage-tracker.yaml index e41a81a..c02699f 100644 --- a/weapons/postMessage-tracker.yaml +++ b/weapons/postMessage-tracker.yaml @@ -4,8 +4,10 @@ description: A Chrome Extension to track postMessage usage (url, domain and stac both by logging using CORS and also visually as an extension-icon url: https://github.com/fransr/postMessage-tracker category: browser-addon -type: +type: Utils platform: -- chrome -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/ppfuzz.yaml b/weapons/ppfuzz.yaml index 38a943c..22cad9b 100644 --- a/weapons/ppfuzz.yaml +++ b/weapons/ppfuzz.yaml @@ -4,7 +4,10 @@ description: "A fast tool to scan client-side prototype pollution vulnerability in Rust. \U0001F980" url: https://github.com/dwisiswant0/ppfuzz category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/ppmap.yaml b/weapons/ppmap.yaml index 5d9c111..9efc4da 100644 --- a/weapons/ppmap.yaml +++ b/weapons/ppmap.yaml @@ -4,7 +4,10 @@ description: A scanner/exploitation tool written in GO, which leverages client-s Prototype Pollution to XSS by exploiting known gadgets. url: https://github.com/kleiton0x00/ppmap category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/proxify.yaml b/weapons/proxify.yaml index 105b50b..f3b2d71 100644 --- a/weapons/proxify.yaml +++ b/weapons/proxify.yaml @@ -4,7 +4,10 @@ description: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipul and replay url: https://github.com/projectdiscovery/proxify category: tool -type: -platform: [] -lang: [] +type: Army-Knife +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/puredns.yaml b/weapons/puredns.yaml index 9cabfb2..1a47c6c 100644 --- a/weapons/puredns.yaml +++ b/weapons/puredns.yaml @@ -4,7 +4,10 @@ description: Puredns is a fast domain resolver and subdomain bruteforcing tool t can accurately filter out wildcard subdomains and DNS poisoned entries. url: https://github.com/d3mondev/puredns category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/pwncat.yaml b/weapons/pwncat.yaml index 26245e5..584b3fe 100644 --- a/weapons/pwncat.yaml +++ b/weapons/pwncat.yaml @@ -5,9 +5,10 @@ description: 'pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind a with Python (PSE) ' url: https://github.com/cytopia/pwncat category: tool -type: +type: Utils platform: - linux - macos -lang: [] +- windows +lang: Shell tags: [] diff --git a/weapons/qsreplace.yaml b/weapons/qsreplace.yaml index 17ab3ae..6c97253 100644 --- a/weapons/qsreplace.yaml +++ b/weapons/qsreplace.yaml @@ -4,10 +4,10 @@ description: 'Accept URLs on stdin, replace all query string values with a user- value ' url: https://github.com/tomnomnom/qsreplace category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/quickjack.yaml b/weapons/quickjack.yaml index b408483..1635584 100644 --- a/weapons/quickjack.yaml +++ b/weapons/quickjack.yaml @@ -4,7 +4,10 @@ description: Quickjack is a point-and-click tool for intuitively producing advan clickjacking and frame slicing attacks. url: https://github.com/samyk/quickjack category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/rapidscan.yaml b/weapons/rapidscan.yaml index 4cae278..b06aa8d 100644 --- a/weapons/rapidscan.yaml +++ b/weapons/rapidscan.yaml @@ -3,10 +3,10 @@ name: rapidscan description: 'The Multi-Tool Web Vulnerability Scanner. ' url: https://github.com/skavngr/rapidscan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/recon_profile.yaml b/weapons/recon_profile.yaml index 18e12fb..35957ea 100644 --- a/weapons/recon_profile.yaml +++ b/weapons/recon_profile.yaml @@ -3,10 +3,10 @@ name: recon_profile description: 'Recon profile (bash profile) for bugbounty ' url: https://github.com/nahamsec/recon_profile category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/reconftw.yaml b/weapons/reconftw.yaml index b3c80a6..3cced26 100644 --- a/weapons/reconftw.yaml +++ b/weapons/reconftw.yaml @@ -4,7 +4,10 @@ description: reconFTW is a tool designed to perform automated recon on a target by running the best set of tools to perform scanning and finding out vulnerabilities url: https://github.com/six2dez/reconftw category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/reflect.yaml b/weapons/reflect.yaml index 756cf38..be422fe 100644 --- a/weapons/reflect.yaml +++ b/weapons/reflect.yaml @@ -1,10 +1,12 @@ --- name: reflect description: -url: https://github.com/TypeError/reflect +url: https://github.com/cak/reflect category: tool-addon -type: +type: Utils platform: -- zap -lang: [] +- linux +- macos +- windows +lang: Kotiln tags: [] diff --git a/weapons/reflected-parameters.yaml b/weapons/reflected-parameters.yaml index f3e9547..acb19b8 100644 --- a/weapons/reflected-parameters.yaml +++ b/weapons/reflected-parameters.yaml @@ -3,8 +3,10 @@ name: reflected-parameters description: url: https://github.com/PortSwigger/reflected-parameters category: tool-addon -type: +type: Recon platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/rengine.yaml b/weapons/rengine.yaml index 2079239..cb29244 100644 --- a/weapons/rengine.yaml +++ b/weapons/rengine.yaml @@ -5,10 +5,10 @@ description: 'reNgine is an automated reconnaissance framework meant for gatheri scan engines, which can be used to scan the websites, endpoints, and gather information. ' url: https://github.com/yogeshojha/rengine category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: JavaScript tags: [] diff --git a/weapons/rusolver.yaml b/weapons/rusolver.yaml index f744407..c86667c 100644 --- a/weapons/rusolver.yaml +++ b/weapons/rusolver.yaml @@ -3,7 +3,11 @@ name: rusolver description: Fast and accurate DNS resolver. url: https://github.com/Edu4rdSHL/rusolver category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust +tags: +- dns diff --git a/weapons/s3reverse.yaml b/weapons/s3reverse.yaml index f41ef4b..297c74e 100644 --- a/weapons/s3reverse.yaml +++ b/weapons/s3reverse.yaml @@ -4,10 +4,11 @@ description: 'The format of various s3 buckets is convert in one format. for bug and security testing. ' url: https://github.com/hahwul/s3reverse category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- s3 diff --git a/weapons/safecopy.yaml b/weapons/safecopy.yaml index 48bded6..b72319b 100644 --- a/weapons/safecopy.yaml +++ b/weapons/safecopy.yaml @@ -3,8 +3,10 @@ name: safecopy description: url: https://github.com/yashrs/safecopy category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/scilla.yaml b/weapons/scilla.yaml index cd4cb49..7df3796 100644 --- a/weapons/scilla.yaml +++ b/weapons/scilla.yaml @@ -4,10 +4,10 @@ description: "\U0001F3F4‍☠️ Information Gathering tool \U0001F3F4‍☠️ enumeration" url: https://github.com/edoardottt/scilla category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/security-crawl-maze.yaml b/weapons/security-crawl-maze.yaml index a075bb4..e5507fb 100644 --- a/weapons/security-crawl-maze.yaml +++ b/weapons/security-crawl-maze.yaml @@ -5,7 +5,10 @@ description: Security Crawl Maze is a comprehensive testbed for web security cra valid HTML document. url: https://github.com/google/security-crawl-maze category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: HTML tags: [] diff --git a/weapons/security-research-pocs.yaml b/weapons/security-research-pocs.yaml index 431eaa1..0562407 100644 --- a/weapons/security-research-pocs.yaml +++ b/weapons/security-research-pocs.yaml @@ -4,7 +4,10 @@ description: Proof-of-concept codes created as part of security research done by Security Team. url: https://github.com/google/security-research-pocs category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: C++ tags: [] diff --git a/weapons/shuffledns.yaml b/weapons/shuffledns.yaml index 9df208a..6579e6c 100644 --- a/weapons/shuffledns.yaml +++ b/weapons/shuffledns.yaml @@ -5,10 +5,10 @@ description: 'shuffleDNS is a wrapper around massdns written in go that allows y with wildcard handling and easy input-output support. ' url: https://github.com/projectdiscovery/shuffledns category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/singularity.yaml b/weapons/singularity.yaml index a9a6d45..5703534 100644 --- a/weapons/singularity.yaml +++ b/weapons/singularity.yaml @@ -3,7 +3,10 @@ name: singularity description: A DNS rebinding attack framework. url: https://github.com/nccgroup/singularity category: tool -type: -platform: [] -lang: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/slackcat.yaml b/weapons/slackcat.yaml index 96eea41..7daa8b5 100644 --- a/weapons/slackcat.yaml +++ b/weapons/slackcat.yaml @@ -3,7 +3,10 @@ name: slackcat description: CLI utility to post files and command output to slack url: https://github.com/bcicen/slackcat category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/smuggler.yaml b/weapons/smuggler.yaml index b70ed28..5146405 100644 --- a/weapons/smuggler.yaml +++ b/weapons/smuggler.yaml @@ -4,10 +4,10 @@ description: 'Smuggler - An HTTP Request Smuggling / Desync testing tool written Python 3 ' url: https://github.com/defparam/smuggler category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/sn0int.yaml b/weapons/sn0int.yaml index 0108586..ca7b5f9 100644 --- a/weapons/sn0int.yaml +++ b/weapons/sn0int.yaml @@ -3,7 +3,10 @@ name: sn0int description: Semi-automatic OSINT framework and package manager url: https://github.com/kpcyrd/sn0int category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/spiderfoot.yaml b/weapons/spiderfoot.yaml index 32ed9a1..331ac1a 100644 --- a/weapons/spiderfoot.yaml +++ b/weapons/spiderfoot.yaml @@ -3,7 +3,10 @@ name: spiderfoot description: SpiderFoot automates OSINT collection so that you can focus on analysis. url: https://github.com/smicallef/spiderfoot category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/sqliv.yaml b/weapons/sqliv.yaml index 663f0cb..96669f9 100644 --- a/weapons/sqliv.yaml +++ b/weapons/sqliv.yaml @@ -3,7 +3,11 @@ name: sqliv description: massive SQL injection vulnerability scanner url: https://github.com/the-robot/sqliv category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python +tags: +- sqli diff --git a/weapons/sqlmap.yaml b/weapons/sqlmap.yaml index a723383..b2d813c 100644 --- a/weapons/sqlmap.yaml +++ b/weapons/sqlmap.yaml @@ -3,9 +3,10 @@ name: sqlmap description: Automatic SQL injection and database takeover tool url: https://github.com/sqlmapproject/sqlmap category: tool -type: +type: Scanner platform: - linux - macos -lang: [] +- windows +lang: Python tags: [] diff --git a/weapons/ssrf-sheriff.yaml b/weapons/ssrf-sheriff.yaml index e5db311..f0c3d4c 100644 --- a/weapons/ssrf-sheriff.yaml +++ b/weapons/ssrf-sheriff.yaml @@ -3,10 +3,10 @@ name: ssrf-sheriff description: 'A simple SSRF-testing sheriff written in Go ' url: https://github.com/teknogeek/ssrf-sheriff category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/subfinder.yaml b/weapons/subfinder.yaml index 86f148c..ad98aba 100644 --- a/weapons/subfinder.yaml +++ b/weapons/subfinder.yaml @@ -5,10 +5,11 @@ description: 'Subfinder is a subdomain discovery tool that discovers valid subdo safe for penetration testing. ' url: https://github.com/projectdiscovery/subfinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/subgen.yaml b/weapons/subgen.yaml index 307ff31..d3ef404 100644 --- a/weapons/subgen.yaml +++ b/weapons/subgen.yaml @@ -4,7 +4,11 @@ description: A really simple utility to concate wordlists to a domain name - to into your favourite resolver! url: https://github.com/pry0cc/subgen category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/subjack.yaml b/weapons/subjack.yaml index d69d5d6..e963899 100644 --- a/weapons/subjack.yaml +++ b/weapons/subjack.yaml @@ -3,10 +3,11 @@ name: subjack description: 'Subdomain Takeover tool written in Go ' url: https://github.com/haccer/subjack category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/subjs.yaml b/weapons/subjs.yaml index 74101b3..9b15bca 100644 --- a/weapons/subjs.yaml +++ b/weapons/subjs.yaml @@ -3,7 +3,10 @@ name: subjs description: Fetches javascript file from a list of URLS or subdomains. url: https://github.com/lc/subjs category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/subs_all.yaml b/weapons/subs_all.yaml index e348658..97abd17 100644 --- a/weapons/subs_all.yaml +++ b/weapons/subs_all.yaml @@ -3,10 +3,11 @@ name: subs_all description: 'Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ' url: https://github.com/emadshanab/subs_all category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: 'null' +tags: +- subdomains diff --git a/weapons/subzy.yaml b/weapons/subzy.yaml index fc5f347..4599a77 100644 --- a/weapons/subzy.yaml +++ b/weapons/subzy.yaml @@ -3,7 +3,11 @@ name: subzy description: Subdomain takeover vulnerability checker url: https://github.com/LukaSikic/subzy category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/taborator.yaml b/weapons/taborator.yaml index 2ea9860..c24ad65 100644 --- a/weapons/taborator.yaml +++ b/weapons/taborator.yaml @@ -3,8 +3,11 @@ name: taborator description: url: https://github.com/hackvertor/taborator category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- oast diff --git a/weapons/template-generator.yaml b/weapons/template-generator.yaml index 0e46d7f..0b53cf2 100644 --- a/weapons/template-generator.yaml +++ b/weapons/template-generator.yaml @@ -6,10 +6,10 @@ description: 'A simple variable based template editor using handlebarjs+strapdow generate the list of files in the dropdown of templates. ' url: https://github.com/fransr/template-generator category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: JavaScript tags: [] diff --git a/weapons/testssl.sh.yaml b/weapons/testssl.sh.yaml index 6011d62..d754364 100644 --- a/weapons/testssl.sh.yaml +++ b/weapons/testssl.sh.yaml @@ -3,10 +3,10 @@ name: testssl.sh description: 'Testing TLS/SSL encryption anywhere on any port ' url: https://github.com/drwetter/testssl.sh category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/thc-hydra.yaml b/weapons/thc-hydra.yaml index 86cfc14..2d8e54a 100644 --- a/weapons/thc-hydra.yaml +++ b/weapons/thc-hydra.yaml @@ -3,10 +3,10 @@ name: thc-hydra description: 'hydra ' url: https://github.com/vanhauser-thc/thc-hydra category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: C tags: [] diff --git a/weapons/tiscripts.yaml b/weapons/tiscripts.yaml index 30f8e97..026fe32 100644 --- a/weapons/tiscripts.yaml +++ b/weapons/tiscripts.yaml @@ -3,7 +3,10 @@ name: tiscripts description: Turbo Intruder Scripts url: https://github.com/defparam/tiscripts category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/tplmap.yaml b/weapons/tplmap.yaml index 967d5ff..fa4ee84 100644 --- a/weapons/tplmap.yaml +++ b/weapons/tplmap.yaml @@ -4,7 +4,10 @@ description: Server-Side Template Injection and Code Injection Detection and Exp Tool url: https://github.com/epinna/tplmap category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/turbo-intruder.yaml b/weapons/turbo-intruder.yaml index d577328..01afe40 100644 --- a/weapons/turbo-intruder.yaml +++ b/weapons/turbo-intruder.yaml @@ -3,8 +3,10 @@ name: turbo-intruder description: url: https://github.com/PortSwigger/turbo-intruder category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Kotlin tags: [] diff --git a/weapons/uncover.yaml b/weapons/uncover.yaml index c67a74f..ca36ecb 100644 --- a/weapons/uncover.yaml +++ b/weapons/uncover.yaml @@ -4,7 +4,10 @@ description: Quickly discover exposed hosts on the internet using multiple searc engine. url: https://github.com/projectdiscovery/uncover category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/unfurl.yaml b/weapons/unfurl.yaml index f058dcf..0898284 100644 --- a/weapons/unfurl.yaml +++ b/weapons/unfurl.yaml @@ -3,10 +3,10 @@ name: unfurl description: 'Pull out bits of URLs provided on stdin ' url: https://github.com/tomnomnom/unfurl category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/urlgrab.yaml b/weapons/urlgrab.yaml index 51aa54f..7117eda 100644 --- a/weapons/urlgrab.yaml +++ b/weapons/urlgrab.yaml @@ -4,10 +4,10 @@ description: 'A golang utility to spider through a website searching for additio links. ' url: https://github.com/IAmStoxe/urlgrab category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/urlhunter.yaml b/weapons/urlhunter.yaml index 0090924..b91cc0d 100644 --- a/weapons/urlhunter.yaml +++ b/weapons/urlhunter.yaml @@ -4,7 +4,10 @@ description: a recon tool that allows searching on URLs that are exposed via sho services url: https://github.com/utkusen/urlhunter category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/urlprobe.yaml b/weapons/urlprobe.yaml index 752d840..3c55af2 100644 --- a/weapons/urlprobe.yaml +++ b/weapons/urlprobe.yaml @@ -3,10 +3,10 @@ name: urlprobe description: 'Urls status code & content length checker ' url: https://github.com/1ndianl33t/urlprobe category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/uro.yaml b/weapons/uro.yaml index 2f7d1c0..c20b976 100644 --- a/weapons/uro.yaml +++ b/weapons/uro.yaml @@ -3,7 +3,10 @@ name: uro description: declutters url lists for crawling/pentesting url: https://github.com/s0md3v/uro category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/waybackurls.yaml b/weapons/waybackurls.yaml index 03341e5..45e899d 100644 --- a/weapons/waybackurls.yaml +++ b/weapons/waybackurls.yaml @@ -3,10 +3,10 @@ name: waybackurls description: 'Fetch all the URLs that the Wayback Machine knows about for a domain ' url: https://github.com/tomnomnom/waybackurls category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/weaponised-XSS-payloads.yaml b/weapons/weaponised-XSS-payloads.yaml index b1bbffd..de563b3 100644 --- a/weapons/weaponised-XSS-payloads.yaml +++ b/weapons/weaponised-XSS-payloads.yaml @@ -3,7 +3,10 @@ name: weaponised-XSS-payloads description: XSS payloads designed to turn alert(1) into P1 url: https://github.com/hakluke/weaponised-XSS-payloads category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/web_cache_poison.yaml b/weapons/web_cache_poison.yaml index 4e0bcd3..d26e98c 100644 --- a/weapons/web_cache_poison.yaml +++ b/weapons/web_cache_poison.yaml @@ -3,7 +3,10 @@ name: web_cache_poison description: web cache poison - Top 1 web hacking technique of 2019 url: https://github.com/fngoo/web_cache_poison category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/websocket-connection-smuggler.yaml b/weapons/websocket-connection-smuggler.yaml index 716fdad..04f973a 100644 --- a/weapons/websocket-connection-smuggler.yaml +++ b/weapons/websocket-connection-smuggler.yaml @@ -3,7 +3,10 @@ name: websocket-connection-smuggler description: websocket-connection-smuggler url: https://github.com/hahwul/websocket-connection-smuggler category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/wfuzz.yaml b/weapons/wfuzz.yaml index 8d6e491..2cc9d95 100644 --- a/weapons/wfuzz.yaml +++ b/weapons/wfuzz.yaml @@ -3,10 +3,10 @@ name: wfuzz description: 'Web application fuzzer ' url: https://github.com/xmendez/wfuzz category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/wprecon.yaml b/weapons/wprecon.yaml index 5bf0152..a2ab933 100644 --- a/weapons/wprecon.yaml +++ b/weapons/wprecon.yaml @@ -4,7 +4,10 @@ description: Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recog tool in CMS Wordpress, 100% developed in Go. url: https://github.com/blackcrw/wprecon category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/wpscan.yaml b/weapons/wpscan.yaml index 7fed8af..4e0268b 100644 --- a/weapons/wpscan.yaml +++ b/weapons/wpscan.yaml @@ -5,10 +5,10 @@ description: 'WPScan is a free, for non-commercial use, black box WordPress Vuln of their WordPress websites. ' url: https://github.com/wpscanteam/wpscan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/ws-smuggler.yaml b/weapons/ws-smuggler.yaml index 71aaf4e..dca06dc 100644 --- a/weapons/ws-smuggler.yaml +++ b/weapons/ws-smuggler.yaml @@ -3,7 +3,10 @@ name: ws-smuggler description: WebSocket Connection Smuggler url: https://github.com/hahwul/ws-smuggler category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/wssip.yaml b/weapons/wssip.yaml index 4ac33f7..f6f190a 100644 --- a/weapons/wssip.yaml +++ b/weapons/wssip.yaml @@ -4,7 +4,10 @@ description: Application for capturing, modifying and sending custom WebSocket d from client to server and vice versa. url: https://github.com/nccgroup/wssip category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/wuzz.yaml b/weapons/wuzz.yaml index bf41784..907dad6 100644 --- a/weapons/wuzz.yaml +++ b/weapons/wuzz.yaml @@ -3,10 +3,10 @@ name: wuzz description: 'Interactive cli tool for HTTP inspection ' url: https://github.com/asciimoo/wuzz category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/x8.yaml b/weapons/x8.yaml index 278ec58..2cf591d 100644 --- a/weapons/x8.yaml +++ b/weapons/x8.yaml @@ -3,7 +3,10 @@ name: x8 description: Hidden parameters discovery suite url: https://github.com/Sh1Yo/x8 category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/xsinator.com.yaml b/weapons/xsinator.com.yaml index e51c54b..3960af9 100644 --- a/weapons/xsinator.com.yaml +++ b/weapons/xsinator.com.yaml @@ -3,7 +3,10 @@ name: xsinator.com description: XS-Leak Browser Test Suite url: https://github.com/RUB-NDS/xsinator.com category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/xss-cheatsheet-data.yaml b/weapons/xss-cheatsheet-data.yaml index 9f9ede0..b8764e4 100644 --- a/weapons/xss-cheatsheet-data.yaml +++ b/weapons/xss-cheatsheet-data.yaml @@ -4,10 +4,11 @@ description: 'This repository contains all the XSS cheatsheet data to allow cont from the community. ' url: https://github.com/PortSwigger/xss-cheatsheet-data category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: 'null' +tags: +- xss diff --git a/weapons/xsscrapy.yaml b/weapons/xsscrapy.yaml index 2fe0d91..1b1dbd3 100644 --- a/weapons/xsscrapy.yaml +++ b/weapons/xsscrapy.yaml @@ -4,10 +4,11 @@ description: 'XSS/SQLi spider. Give it a URL and it''ll test every link it finds XSS and some SQLi. ' url: https://github.com/DanMcInerney/xsscrapy category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xss diff --git a/weapons/xsser.yaml b/weapons/xsser.yaml index 54c05ec..d6b484d 100644 --- a/weapons/xsser.yaml +++ b/weapons/xsser.yaml @@ -4,10 +4,11 @@ description: 'Cross Site "Scripter" (aka XSSer) is an automatic -framework- to d exploit and report XSS vulnerabilities in web-based applications. ' url: https://github.com/epsylon/xsser category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xss diff --git a/weapons/xssor2.yaml b/weapons/xssor2.yaml index ddfd33f..cab0da3 100644 --- a/weapons/xssor2.yaml +++ b/weapons/xssor2.yaml @@ -3,7 +3,11 @@ name: xssor2 description: XSS'OR - Hack with JavaScript. url: https://github.com/evilcos/xssor2 category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/xxeserv.yaml b/weapons/xxeserv.yaml index 3980b54..0ae0ca3 100644 --- a/weapons/xxeserv.yaml +++ b/weapons/xxeserv.yaml @@ -3,7 +3,10 @@ name: xxeserv description: A mini webserver with FTP support for XXE payloads url: https://github.com/staaldraad/xxeserv category: tool -type: -platform: [] -lang: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/ysoserial.net.yaml b/weapons/ysoserial.net.yaml index 473989b..93bbc17 100644 --- a/weapons/ysoserial.net.yaml +++ b/weapons/ysoserial.net.yaml @@ -3,10 +3,10 @@ name: ysoserial.net description: 'Deserialization payload generator for a variety of .NET formatters ' url: https://github.com/pwntester/ysoserial.net category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: C# tags: [] diff --git a/weapons/ysoserial.yaml b/weapons/ysoserial.yaml index 5222bd4..8ec4571 100644 --- a/weapons/ysoserial.yaml +++ b/weapons/ysoserial.yaml @@ -4,10 +4,10 @@ description: 'A proof-of-concept tool for generating payloads that exploit unsaf Java object deserialization. ' url: https://github.com/frohoff/ysoserial category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Java tags: [] diff --git a/weapons/zap-cli.yaml b/weapons/zap-cli.yaml index de8d172..bd4a077 100644 --- a/weapons/zap-cli.yaml +++ b/weapons/zap-cli.yaml @@ -3,10 +3,10 @@ name: zap-cli description: 'A simple tool for interacting with OWASP ZAP from the commandline. ' url: https://github.com/Grunny/zap-cli category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/zap-hud.yaml b/weapons/zap-hud.yaml index abe4482..7201287 100644 --- a/weapons/zap-hud.yaml +++ b/weapons/zap-hud.yaml @@ -3,8 +3,10 @@ name: zap-hud description: url: https://github.com/zaproxy/zap-hud category: tool-addon -type: +type: Utils platform: -- zap -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/zaproxy.yaml b/weapons/zaproxy.yaml index 8c3d4aa..5f84643 100644 --- a/weapons/zaproxy.yaml +++ b/weapons/zaproxy.yaml @@ -3,7 +3,10 @@ name: zaproxy description: The OWASP ZAP core project url: https://github.com/zaproxy/zaproxy category: tool -type: -platform: [] -lang: [] +type: Army-Knife +platform: +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/zdns.yaml b/weapons/zdns.yaml index b7db6ab..63665d9 100644 --- a/weapons/zdns.yaml +++ b/weapons/zdns.yaml @@ -3,7 +3,11 @@ name: zdns description: Fast CLI DNS Lookup Tool url: https://github.com/zmap/zdns category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- dns