Army-Knife/BURP |
BurpSuite |
It's Awesome |
it's not |
github🐶 |
Army-Knife/ZAP |
zaproxy |
The OWASP ZAP core project |
![](https://img.shields.io/github/stars/zaproxy/zaproxy) |
![](https://img.shields.io/github/languages/top/zaproxy/zaproxy) |
Discovery/CRAWL |
Photon |
Incredibly fast crawler designed for OSINT. |
![](https://img.shields.io/github/stars/s0md3v/Photon) |
![](https://img.shields.io/github/languages/top/s0md3v/Photon) |
Discovery/CRAWL |
gospider |
Gospider - Fast web spider written in Go |
![](https://img.shields.io/github/stars/jaeles-project/gospider) |
![](https://img.shields.io/github/languages/top/jaeles-project/gospider) |
Discovery/DNS |
DNSDumpster |
Online dns recon & research, find & lookup dns records |
it's not |
github🐶 |
Discovery/DNS |
SecurityTrails |
Online dns / subdomain / recon tool |
it's not |
github🐶 |
Discovery/DNS |
dnsprobe |
DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |
![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe) |
![](https://img.shields.io/github/languages/top/projectdiscovery/dnsprobe) |
Discovery/DNS |
shuffledns |
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |
![](https://img.shields.io/github/stars/projectdiscovery/shuffledns) |
![](https://img.shields.io/github/languages/top/projectdiscovery/shuffledns) |
Discovery/DOMAIN |
Amass |
In-depth Attack Surface Mapping and Asset Discovery |
![](https://img.shields.io/github/stars/OWASP/Amass) |
![](https://img.shields.io/github/languages/top/OWASP/Amass) |
Discovery/DOMAIN |
Sublist3r |
Fast subdomains enumeration tool for penetration testers |
![](https://img.shields.io/github/stars/aboul3la/Sublist3r) |
![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) |
Discovery/DOMAIN |
assetfinder |
Find domains and subdomains related to a given domain |
![](https://img.shields.io/github/stars/tomnomnom/assetfinder) |
![](https://img.shields.io/github/languages/top/tomnomnom/assetfinder) |
Discovery/DOMAIN |
findomain |
The fastest and cross-platform subdomain enumerator, do not waste your time. |
![](https://img.shields.io/github/stars/Edu4rdSHL/findomain) |
![](https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) |
Discovery/DOMAIN |
knock |
Knock Subdomain Scan |
![](https://img.shields.io/github/stars/guelfoweb/knock) |
![](https://img.shields.io/github/languages/top/guelfoweb/knock) |
Discovery/DOMAIN |
subfinder |
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |
![](https://img.shields.io/github/stars/projectdiscovery/subfinder) |
![](https://img.shields.io/github/languages/top/projectdiscovery/subfinder) |
Discovery/FUZZ |
dirsearch |
Web path scanner |
![](https://img.shields.io/github/stars/maurosoria/dirsearch) |
![](https://img.shields.io/github/languages/top/maurosoria/dirsearch) |
Discovery/FUZZ |
gobuster |
Directory/File, DNS and VHost busting tool written in Go |
![](https://img.shields.io/github/stars/OJ/gobuster) |
![](https://img.shields.io/github/languages/top/OJ/gobuster) |
Discovery/GIT |
GitMiner |
Tool for advanced mining for content on Github |
![](https://img.shields.io/github/stars/UnkL4b/GitMiner) |
![](https://img.shields.io/github/languages/top/UnkL4b/GitMiner) |
Discovery/GIT |
gitGraber |
gitGraber |
![](https://img.shields.io/github/stars/hisxo/gitGraber) |
![](https://img.shields.io/github/languages/top/hisxo/gitGraber) |
Discovery/GIT |
gitrob |
Reconnaissance tool for GitHub organizations |
![](https://img.shields.io/github/stars/michenriksen/gitrob) |
![](https://img.shields.io/github/languages/top/michenriksen/gitrob) |
Discovery/HTTP |
Arjun |
HTTP parameter discovery suite. |
![](https://img.shields.io/github/stars/s0md3v/Arjun) |
![](https://img.shields.io/github/languages/top/s0md3v/Arjun) |
Discovery/PORT |
Shodan |
World's first search engine for Internet-connected devices |
it's not |
github🐶 |
Discovery/PORT |
masscan |
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |
![](https://img.shields.io/github/stars/robertdavidgraham/masscan) |
![](https://img.shields.io/github/languages/top/robertdavidgraham/masscan) |
Discovery/PORT |
naabu |
A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |
![](https://img.shields.io/github/stars/projectdiscovery/naabu) |
![](https://img.shields.io/github/languages/top/projectdiscovery/naabu) |
Discovery/PORT |
nmap |
Nmap - the Network Mapper. Github mirror of official SVN repository. |
![](https://img.shields.io/github/stars/nmap/nmap) |
![](https://img.shields.io/github/languages/top/nmap/nmap) |
Discovery/TKOV |
subjack |
Subdomain Takeover tool written in Go |
![](https://img.shields.io/github/stars/haccer/subjack) |
![](https://img.shields.io/github/languages/top/haccer/subjack) |
Discovery/URL |
waybackurls |
Fetch all the URLs that the Wayback Machine knows about for a domain |
![](https://img.shields.io/github/stars/tomnomnom/waybackurls) |
![](https://img.shields.io/github/languages/top/tomnomnom/waybackurls) |
Discovery/VULN |
Silver |
Mass scan IPs for vulnerable services |
![](https://img.shields.io/github/stars/s0md3v/Silver) |
![](https://img.shields.io/github/languages/top/s0md3v/Silver) |
Fetch/TOM |
httprobe |
Take a list of domains and probe for working HTTP and HTTPS servers |
![](https://img.shields.io/github/stars/tomnomnom/httprobe) |
![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) |
Fetch/TOM |
meg |
Fetch many paths for many hosts - without killing the hosts |
![](https://img.shields.io/github/stars/tomnomnom/meg) |
![](https://img.shields.io/github/languages/top/tomnomnom/meg) |
Fetch/WSOCK |
websocket-connection-smuggler |
websocket-connection-smuggler |
![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) |
![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) |
Scanner/CORS |
Corsy |
CORS Misconfiguration Scanner |
![](https://img.shields.io/github/stars/s0md3v/Corsy) |
![](https://img.shields.io/github/languages/top/s0md3v/Corsy) |
Scanner/FUZZ |
Medusa |
Automatic Video Library Manager for TV Shows. It watches for new episodes of your favorite shows, and when they are posted it does its magic. |
![](https://img.shields.io/github/stars/pymedusa/Medusa) |
![](https://img.shields.io/github/languages/top/pymedusa/Medusa) |
Scanner/FUZZ |
ffuf |
Fast web fuzzer written in Go |
![](https://img.shields.io/github/stars/ffuf/ffuf) |
![](https://img.shields.io/github/languages/top/ffuf/ffuf) |
Scanner/FUZZ |
thc-hydra |
hydra |
![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra) |
![](https://img.shields.io/github/languages/top/vanhauser-thc/thc-hydra) |
Scanner/FUZZ |
wfuzz |
Web application fuzzer |
![](https://img.shields.io/github/stars/xmendez/wfuzz) |
![](https://img.shields.io/github/languages/top/xmendez/wfuzz) |
Scanner/LFI |
LFISuite |
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |
![](https://img.shields.io/github/stars/D35m0nd142/LFISuite) |
![](https://img.shields.io/github/languages/top/D35m0nd142/LFISuite) |
Scanner/LFI |
dotdotpwn |
DotDotPwn - The Directory Traversal Fuzzer |
![](https://img.shields.io/github/stars/wireghoul/dotdotpwn) |
![](https://img.shields.io/github/languages/top/wireghoul/dotdotpwn) |
Scanner/NOSQL |
NoSQLMap |
Automated NoSQL database enumeration and web application exploitation tool. |
![](https://img.shields.io/github/stars/codingo/NoSQLMap) |
![](https://img.shields.io/github/languages/top/codingo/NoSQLMap) |
Scanner/S3 |
S3Scanner |
Scan for open AWS S3 buckets and dump the contents |
![](https://img.shields.io/github/stars/sa7mon/S3Scanner) |
![](https://img.shields.io/github/languages/top/sa7mon/S3Scanner) |
Scanner/SQL |
SQLNinja |
SQL Injection scanner |
it's not |
github🐶 |
Scanner/SQL |
sqlmap |
Automatic SQL injection and database takeover tool |
![](https://img.shields.io/github/stars/sqlmapproject/sqlmap) |
![](https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) |
Scanner/SSL |
a2sv |
Auto Scanning to SSL Vulnerability |
![](https://img.shields.io/github/stars/hahwul/a2sv) |
![](https://img.shields.io/github/languages/top/hahwul/a2sv) |
Scanner/SSL |
testssl.sh |
Testing TLS/SSL encryption anywhere on any port |
![](https://img.shields.io/github/stars/drwetter/testssl.sh) |
![](https://img.shields.io/github/languages/top/drwetter/testssl.sh) |
Scanner/WP |
wpscan |
WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |
![](https://img.shields.io/github/stars/wpscanteam/wpscan) |
![](https://img.shields.io/github/languages/top/wpscanteam/wpscan) |
Scanner/WVS |
Striker |
Striker is an offensive information and vulnerability scanner. |
![](https://img.shields.io/github/stars/s0md3v/Striker) |
![](https://img.shields.io/github/languages/top/s0md3v/Striker) |
Scanner/WVS |
arachni |
Web Application Security Scanner Framework |
![](https://img.shields.io/github/stars/Arachni/arachni) |
![](https://img.shields.io/github/languages/top/Arachni/arachni) |
Scanner/WVS |
nikto |
Nikto web server scanner |
![](https://img.shields.io/github/stars/sullo/nikto) |
![](https://img.shields.io/github/languages/top/sullo/nikto) |
Scanner/WVS |
zap-cli |
A simple tool for interacting with OWASP ZAP from the commandline. |
![](https://img.shields.io/github/stars/Grunny/zap-cli) |
![](https://img.shields.io/github/languages/top/Grunny/zap-cli) |
Scanner/XSS |
XSStrike |
Most advanced XSS scanner. |
![](https://img.shields.io/github/stars/s0md3v/XSStrike) |
![](https://img.shields.io/github/languages/top/s0md3v/XSStrike) |
Scanner/XSS |
XSpear |
Powerfull XSS Scanning and Parameter analysis tool&gem |
![](https://img.shields.io/github/stars/hahwul/XSpear) |
![](https://img.shields.io/github/languages/top/hahwul/XSpear) |
Utility/CLIP |
ftc |
simple copy to file to clipboard |
![](https://img.shields.io/github/stars/hahwul/ftc) |
![](https://img.shields.io/github/languages/top/hahwul/ftc) |
Utility/CSP |
CSP Evaluator |
Online CSP Evaluator from google |
it's not |
github🐶 |
Utility/ETC |
Phoenix |
hahwul's online tools |
it's not |
github🐶 |
Utility/FIND |
fzf |
A command-line fuzzy finder |
![](https://img.shields.io/github/stars/junegunn/fzf) |
![](https://img.shields.io/github/languages/top/junegunn/fzf) |
Utility/FLOW |
SequenceDiagram |
Online tool for creating UML sequence diagrams |
it's not |
github🐶 |
Utility/GREP |
gf |
A wrapper around grep, to help you grep for things |
![](https://img.shields.io/github/stars/tomnomnom/gf) |
![](https://img.shields.io/github/languages/top/tomnomnom/gf) |
Utility/JSON |
gron |
Make JSON greppable! |
![](https://img.shields.io/github/stars/tomnomnom/gron) |
![](https://img.shields.io/github/languages/top/tomnomnom/gron) |
Utility/S3 |
s3reverse |
The format of various s3 buckets is convert in one format. for bugbounty and security testing. |
![](https://img.shields.io/github/stars/hahwul/s3reverse) |
![](https://img.shields.io/github/languages/top/hahwul/s3reverse) |
Utility/VULN |
oxml_xxe |
A tool for embedding XXE/XML exploits into different filetypes |
![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) |
![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) |
Utility/VULN |
ysoserial |
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |
![](https://img.shields.io/github/stars/frohoff/ysoserial) |
![](https://img.shields.io/github/languages/top/frohoff/ysoserial) |
Utility/WORD |
SecLists |
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |
![](https://img.shields.io/github/stars/danielmiessler/SecLists) |
![](https://img.shields.io/github/languages/top/danielmiessler/SecLists) |