0d1n
Tool for automating customized attacks against web applications.
ActiveScan++
Extends Burp Suite’s active and passive scanning capabilities.
Acunetix
Quickly find and fix the vulnerabilities that put your web applications at risk of attack.
ADAPE Script
Active Directory assessment and privilege escalation script.
ADenum
Find misconfiguration through LDAP to exploit weaknesses with Kerberos.
ADReaper
Enumerate an Active Directory environment with LDAP queries.
ADRT
Active Directory Report Tool.
airbash
Fully automated WPA PSK PMKID and handshake capture script.
aircrack-ng
Complete suite of tools to assess WiFi network security.
Altdns
Generates permutations, alterations and mutations of subdomains and then resolves them.
Amass
In-depth Attack Surface Mapping and Asset Discovery.
andor
Blind SQL Injection Tool with Golang.
Angry IP Scanner
Fast and simple-to-use open-source/cross-platform network scanner.
APKEnum
Passive enumeration utility For Android applications.
Arachni
Web Application Security Scanner Framework.
archaeologit
Scans the history of GitHub repositories to find sensitive things.
Arjun
HTTP parameter discovery suite.
As3nt
Another Subdomain ENumeration Tool.
ASNLookup
Leverage ASN to look up IP addresses owned by a specific organization.
ASNmap
Quickly maps organization network ranges using ASN information.
assetfinder
Find domains and subdomains related to a given domain.
ATOR
Authentication Token Obtain and Replace Extender.
AttackSurfaceMapper
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Auth Analyzer
The Burp extension helps you to find authorization bugs.
AuthMatrix
Provides a simple way to test authorization in web applications and web services.
authz
Burp Suite plugin to test for authorization flaws.
AutoRecon
Multi-threaded network reconnaissance tool which performs automated enumeration of services.
AutoRepeater
Automated HTTP Request Repeating With Burp Suite.
Autorize
Automatic authorization enforcement detection extension for Burp Suite.
autoSubTakeover
A tool used to check if a CNAME resolves to the scope address.
Autowasp
A one-stop pentesting checklist and logger tool.
Awesome Bug Bounty
A comprehensive curated list of available Bug Bounty & disclosure programs and writeups.
AWS Extender CLI
Command-line script to test cloud storage for common misconfiguration issues.
AWS security checks
This Burp Suite provides additional Scanner checks for AWS security issues.
AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets.
B-XSSRF
Toolkit to detect and keep track on Blind XSS, XXE & SSRF.
barq
The AWS Cloud Post Exploitation framework!
BeEF
The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.
BeRoot
Multiplaform privilege escalation project.
bettercap
The Swiss Army knife for WiFi, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Betterscan
Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.
BFAC
Check for backup artifacts that may disclose the web-application’s source code.
BitBlinder
Injects custom XSS payloads on every form/request submitted to detect blind XSS.
BlackWidow
Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
bounty-targets-data
Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports.
bountyplz
Automated security reporting from markdown templates.
brutesubs
Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.
BruteX
Automatically brute force all services running on a target.
BruteXSS
Tool written in Python simply to find XSS vulnerabilities in web application.
Bugcrowd VRT
Bugcrowd’s baseline priority ratings for common security vulnerabilities.
Burp Suite
The class-leading vulnerability scanning, penetration testing, and web app security platform.
Burp WP
Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.
Burp-AnonymousCloud
Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.
burp-exporter
Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.
Burp-to-SQLMap
Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.
BurpBeautifier
Burpsuite extension for beautifying request/response body.
BurpBounty
Improve the active and passive Burp Suite scanner by means of custom rules through GUI.
BurpJSLinkFinder
Burp Extension for a passive scanning JS files for endpoint links.
BurpSentinel
GUI Burp Plugin to ease discovering of security holes in web applications.
BurpSmartBuster
A Burp Suite content discovery plugin that add the smart into the Buster.
BurpSuiteHTTPSmuggler
A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.
bXSS
bXSS is a utility which can be used identify Blind Cross-Site Scripting.
bypasswaf
Add headers to all Burp requests to bypass some WAF products.
cariddi
Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.
cc.py
Extracting URLs of a specific target based on the results of commoncrawl.org.
Censys Enumeration
Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
cero
Scrape domain names from SSL certificates of arbitrary hosts.
CertCrunchy
Uses data from SSL Certificates to find potential host names.
CeWL
Custom Word List Generator.
ChopChop
Scan endpoints and identify exposition of sensitive services/files/folders.
clairvoyance
Obtain GraphQL API Schema even if the introspection is not enabled.
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
CloudFail
Utilize misconfigured DNS and old database records to find hidden IPs behind CloudFlare network.
Cloudfox
Automating situational awareness for cloud penetration tests.
cloudlist
Cloudlist is a tool for listing Assets from multiple Cloud Providers.
CloudScraper
Tool to enumerate targets in search of cloud resources.
CMSmap
CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
cnames
Take a list of resolved subdomains and output any corresponding CNAMES en masse.
Coercer
Automatically coerce a Windows server to authenticate on an arbitrary machine.
commit-stream
OSINT tool for finding Github repositories by extracting commit logs in real time.
Commix
Automated All-in-One OS Command Injection Exploitation Tool.
cook
Overpower wordlist generator, words permutation and combinations, encoding/decoding…
CORS Scanner
A multi-threaded scanner that helps identify CORS flaws/misconfigurations.
CorsMe
CORS misconfiguration scanner tool with speed and precision in mind!
CORStest
A simple CORS misconfiguration scanner.
Corsy
CORS Misconfiguration Scanner.
Covenant
Collaborative C2 framework for red teamers.
Cr3dOv3r
Know the dangers of credential reuse attacks.
Crawlergo
A powerful browser crawler for web vulnerability scanners
crithit
Takes a single wordlist item and tests it one by one over a large collection of websites.
CRLFMap
CRLFMap is a tool to find HTTP Splitting vulnerabilities.
CRLFsuite
The most powerful CRLF injection scanner.
CRLFuzz
A fast tool to scan CRLF vulnerability written in Go.
crunch
Wordlist generator where you can specify a character set or any set of characters to be used.
csprecon
Discover new target domains using Content Security Policy.
cstc
Burp Suite extension that allows request/response modification using a GUI.
ctf-tools
Some setup scripts for security research tools.
CTFR
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
curate
A tool for fetching archived URLs.
DalFox
Powerful open source XSS scanning tool and parameter analyzer, utility.
Dangerous Methods
A Burp Suite extension for finding the use of potentially dangerous methods/functions.
Dastardly Scan Action
Runs a scan using Dastardly by Burp Suite against a target site and generates a report.
DataExtractor
A Burp Suite extension to extract data from source code while browsing.
DependencyCheck
Utility that detects publicly disclosed vulnerabilities in application dependencies.
Depix
Recovers passwords from pixelized screenshots.
differer
differer finds how URLs are parsed by different languages in order to help bug hunters break filters.
dirhunt
Find web directories without bruteforce.
dirlstr
Finds Directory Listings or open S3 buckets from a list of URLs.
Dirstalk
Multi threaded application designed to brute force paths on web servers.
dnscan
Python wordlist-based DNS subdomain scanner.
dnsenum
Enumerates DNS information of a domain and to discover non-contiguous ip blocks.
dnsgen
Generates combination of domain names from the provided input.
DNSProbe
Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
dnsReaper
Subdomain takeover tool for attackers, bug bounty hunters and the blue team!
DNSTake
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.
dnsX
Fast and multi-purpose DNS toolkit designed for running DNS queries.
docem
Utility to embed XXE and XSS payloads in docx, odt, pptx…
DOM XSS Scanner
A tool to scan source code for DOM based XSS vulnerabilities.
dom-red
Small script to check a list of domains against open redirect vulnerability.
Domain Analyzer
Analyze the security of any domain by finding all the information possible. Made in python.
Domain Hunter
Try to find all subdomains, similar-domains and related-domains of an organization.
domained
Multi Tool Subdomain Enumeration.
DOMDig
DOM XSS scanner for Single Page Applications.
DotGit
An extension for checking if .git is exposed in visited websites.
Drupwn
Drupal enumeration & exploitation tool.
dsieve
Filter and enrich a list of subdomains by level.
DTD Finder
List DTDs and generate XXE payloads using those local DTDs.
dufflebag
Search exposed EBS volumes for secrets.
dvcs-ripper
Rip web accessible version control systems: svn, git…
Eagle
Vulnerability scanner for mass detection of web-based applications vulnerabilities.
EDD
Ultimate domain enumeration tool.
EMBA
The security analyzer for firmware of embedded devices.
eos
Enemies Of Symfony – debug mode Symfony looter.
espionage
Collects informations related to domains whois, history, dns records and more.
Evil SQL Client
Interactive .NET SQL console client with enhanced SQL Server discovery/access/exfiltration features.
evil SSDP
Spoof SSDP replies to phish for credentials and NetNTLM challenge/response.
exfilkit
Data exfiltration utility for testing detection capabilities.
ExifTool
ExifTool meta information reader/writer.
Extended SSRF search
Smart SSRF scanner using different methods like parameter brute forcing in POST and GET.
Eyeballer
Convolutional neural network for analyzing pentest screenshots.
EyeWitness
Take screenshots of websites, provide server header info and identify default credentials.
ezXSS
An easy way for penetration testers and bug bounty hunters to test (blind) XSS.
Faraday security
Open source sulnerability management and orchestration platform.
favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
FDsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Femida
Automated blind-xss search for Burp Suite.
Feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
FestIN
The powered S3 bucket finder and content discover.
ffuf
Fast web fuzzer written in Go.
Fierce
A DNS reconnaissance tool for locating non-contiguous IP space.
Filebuster
An extremely fast and flexible web fuzzer.
FinDOM-XSS
A fast DOM based XSS vulnerability scanner with simplicity.
Findomain
The complete solution for domain recognition.
Findsploit
Find exploits in local and online databases instantly.
fingerprintx
Standalone utility for service discovery on open ports!
FireShodanMap
Realtime map that integrates Firebase, Google Maps and Shodan.
flan
A pretty sweet vulnerability scanner.
Flow
Provides view with filtering capabilities for all requests from all Burp Suite tools.
Fluxion
Fluxion is the future of MITM WPA attacks.
FOCA
Tool to find metadata and hidden information in the documents.
fuzzagotchi
A fuzzing tool written in Go. It helps your pentesting journey.
Fuzzapi
Used for REST API pentesting and provide UI solution for gem.
FuzzDB
Attack patterns and primitives for black-box application fault injection and resource discovery.
fuzzuli
Find critical backup files by creating a dynamic wordlist based on the domain.
GadgetProbe
Probe endpoints consuming Java serialized objects for fingerprinting.
GAP
A Burp Suite extension to find potential endpoints and parameters.
gau
Fetch known URLs from several sources.
gaussrf
Fetch known URLs from several sources and Filter Urls With OpenRedirection or SSRF Parameters.
GET-ACQ
Gather all companies acquired by a given company domain name.
getJS
A tool to fastly get all javascript sources/files.
getsploit
Command line utility for searching and downloading exploits.
gf
A wrapper around grep to avoid typing common patterns.
Ghauri
Automates the process of detecting and exploiting SQL injection security flaws.
GHunt
Offensive Google framework.
git-all-secrets
Capture all the git secrets by leveraging multiple open source git searching tools.
git-dumper
A tool to dump a git repository from a website.
git-vuln-finder
Find potential software vulnerabilities from git commit messages.
git-wild-hunt
A tool to hunt for credentials in GitHub wild AKA git*hunt.
GitFive
An OSINT tool to investigate GitHub profiles.
GitGot
Rapidly search through troves of public data on GitHub for sensitive secrets.
gitGraber
Monitor GitHub to search and find sensitive data in real time.
GitHunter
A tool for searching a Git repository for interesting content.
gitjacker
Leak git repositories from misconfigured websites.
GitMiner
Tool for advanced mining for content on Github.
Gitrob
Reconnaissance tool for GitHub organizations.
gitscraper
Scrapes public GitHub repositories for common naming conventions in variables, folders and files.
GitTools
A repository with 3 tools for pwn’ing websites with .git repositories available.
GoAltdns
A permutation generation tool written in golang.
Gobuster
Directory/File, DNS and VHost busting tool written in Go.
GoCloud
Checks whether a domain is hosted on a cloud service.
Gopherus
Generates gopher link for exploiting SSRF and gaining RCE in various servers.
gotator
Generates DNS wordlists through permutations.
gowitness
A golang, web screenshot utility using Chrome Headless.
graphql-path-enum
Lists the different ways of reaching a given type in a GraphQL schema.
GraphQLmap
Scripting engine to interact with a graphql endpoint for pentesting purposes.
graphw00f
GraphQL Server Engine Fingerprinting utility for software security professionals.
GRecon
Run a Google based passive recon against your scope.
grep.app
Searches code from over a half million public repositories on GitHub.
Ground control
A collection of scripts mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
GSAN
Extract subdomains from SSL certificates in HTTPS sites.
gwdomains
Sub domain wild card filtering tool.
GyoiThon
Growing penetration test tool using Machine Learning.
H1 Report Finder
A burpsuite extension to find security reports published on HackerOne based on the selected host.
h1-search
Request the public disclosures on a specific HackerOne program.
h2cSmuggler
HTTP Request Smuggling over HTTP/2 Cleartext.
Hackability
Probe a rendering engine for vulnerabilities and other features.
Hackvertor
Tag based conversion tool written in Java implemented as a Burp Suite extension.
Hakrawler
Simple, fast web crawler designed for discovery of endpoints and assets within a web application.
hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
Hamburglar
Collect useful information from urls, directories, and files.
Hashcat
World’s fastest and most advanced password recovery utility
Hawkeye
Filesystem analysis tool/directory looking for interesting stuff.
headi
Customisable and automated HTTP header injection.
Headless Burp
Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.
House
A runtime mobile application analysis toolkit with a Web GUI.
HTTP Request Smuggler
Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.
HTTPoxy Scanner
A Burp Suite extension that checks for the HTTPoxy vulnerability.
httprebind
Automatic tool for DNS rebinding-based SSRF attacks.
httprobe
Take a list of domains and probe for working HTTP and HTTPS servers.
httpscreenshot
Grabs screenshots and HTML of large numbers of websites.
httpx
HTTP toolkit that allows running multiple probes using the retryablehttp library.
Hydra
Very fast password cracking tool.
IDontSpeakSSL
Simple tool to scan large scope and provide SSL/TLS vulnerabilities.
Injectify
Perform advanced MiTM attacks on websites with ease.
InQL
Burp Extension for GraphQL Security Testing.
interactsh
An OOB interaction gathering server and client library
Interlace
Turn single threaded command line applications into a fast, multi-threaded application.
IntruderPayloads
Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
IPRotate
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
J2EEScan
Improve the test coverage during web application penetration tests on J2EE applications.
Jaeles
The Swiss Army knife for automated Web Application Testing
JoomScan
OWASP Joomla Vulnerability Scanner Project.
JOSEPH
JavaScript Object Signing and Encryption Pentesting Helper.
JS-Scan
A .js scanner, built in PHP, designed to scrape urls and other info.
JSgen
Generate javascript code to be injected in case you find a Server Side Javascript Injection.
JSONBee
A ready to use JSONP endpoints/payloads to help bypass Content Security Policy.
JSParser
Python script to parse relative URLs from JavaScript files.
JSShell
An interactive multi-user web JS shell.
jwt-hack
JWT encoding/decoding, generates payloads for JWT attack and very fast cracking.
jwt-heartbreaker
Burp Suite extension to check JWT for using keys from known from public sources.
JWT4B
JWT Support for Burp Suite.
jwtear
Modular command-line tool to parse, create and manipulate JWT tokens.
JWTweak
Detects JWT algorithm and provides options to generate a new JWT based on another algorithm.
Kadimus
Check for and exploit LFI vulnerabilities with a focus on PHP systems.
katana
A next-generation crawling and spidering framework.
Keyfinder
Find and analyze private/public key files and Android APK files.
kicks3
S3 bucket finder from html,js and bucket misconfiguration testing tool.
Knoxnl
This is a python wrapper around the amazing KNOXSS.
KNOXSS
Online XSS tool with demonstration of vulnerability.
kxss
Adaption of tomnomnom’s kxss tool with a different output format.
LazyHunter
A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.
lazys3
Ruby script to bruteforce for AWS s3 buckets using different permutations.
leakScraper
Set of tools to process and visualize huge text files containing credentials.
LFI Suite
Totally Automatic LFI Exploiter and Scanner.
LFI-Enum
Scripts to execute enumeration via LFI
Liffy
Local file inclusion exploitation tool.
LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks.
LinkFinder
A python script that finds endpoints in JavaScript files.
linWinPwn
Automates a number of Active Directory enumeration and vulnerability.
linx
Reveals invisible links within JavaScript files.
lk_scraper
A fully configurable LinkedIn scraper: scrape anything within LinkedIn.
lnkbomb
Malicious shortcut generator for collecting NTLM hashes from insecure file shares.
localdataHog
String-based secret-searching tool, high entropy and regexes.
Logger++
Log activities of all the tools in Burp Suite.
lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load.
MagicRecon
A powerful shell script to maximize the recon and data collection process.
Maigret
????️♂️ Collect a dossier on a person by username from thousands of sites.
Maltego
Open source intelligence and forensics application.
mapcidr
Small utility program to perform multiple operations for a given subnet/CIDR ranges.
Maryam
Open-source Intelligence Framework.
mass-s3-bucket-tester
Tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable.
Mass3
Enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP.
Masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
MassDNS
A high-performance DNS stub resolver for bulk lookups and reconnaissance.
meg
Fetch many paths for many hosts, without killing the hosts.
Metagoofil
Search Google and download specific file types.
metahttp
Script that automates the scanning of a target network for HTTP resources through XXE.
Metasploit
The world’s most used penetration testing framework.
mitmproxy
An interactive TLS-capable intercepting HTTP proxy.
mksub
Generate tens of thousands of subdomain combinations in a matter of seconds.
MSDNSScan
Identify DNS records, check for zone transfers and conduct subdomain enumeration.
msldap
LDAP library for auditing Microsoft Active Directory.
MSSQLi-DUET
SQL injection script for Microsoft SQL Server.
mx-takeover
Focuses DNS MX records and detects misconfigured MX records.
Naabu
A fast port scanner written in go with a focus on reliability and simplicity.
Namechk
Check usernames on more than 100 websites, forums and social networks.
Nessus database export
Export Nessus results to a relational database for use in reports, analysis, or whatever else.
Nginxpwner
Simple tool to look for common Nginx misconfigurations and vulnerabilities.
Nikto
Nikto web server scanner.
Nmap
Nmap – the Network Mapper.
nmap-query-xml
A simple program to query nmap XML files in the terminal.
NoSQL Injector
NoSql Injection CLI tool for finding vulnerable websites using MongoDB.
NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
Nozaki
HTTP fuzzer engine security oriented.
NSBrute
Python utility to takeover domains vulnerable to AWS NS Takeover.
NSDetect
Utility to detect AWS NS Takeover.
Nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
Nuclei templates
Community curated list of templates for the Nuclei engine to find security vulnerabilities.
OAUTHScan
Burp Suite Extension useful to verify OAUTHv2 and OpenID security.
off-by-slash
Burp extension to detect alias traversal via NGINX misconfiguration at scale.
OneForAll
A powerful subdomain integration tool.
open-sesame
Contains HackerOne disclosed reports and other bug bounty writeups.
OpenAPI
Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.
OpenVAS
This repository contains the scanner component for Greenbone Community Edition.
Osmedeus
A Workflow Engine for Offensive Security
OWASP
A nonprofit foundation that works to improve the security of software.
oxml_xxe
Embeds XXE/XML exploits into different filetypes.
Pacu
The exploitation framework designed for testing the security of AWS environments.
padding-oracle-attacker
Execute padding oracle attacks with support for concurrent network requests and an elegant UI.
param-miner
Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.
parameth
Brute discover GET and POST parameters.
ParamPamPam
This tool for brute discover GET and POST parameters.
ParamSpider
Mining parameters from dark corners of Web Archives.
Patator
Multi-purpose brute-forcer, with a modular design and a flexible usage.
PCredz
This tool extracts secrets from a pcap file or from a live interface.
PEAS-ng
Privilege Escalation Awesome Scripts SUITE.
PentesterLand
Sharing knowledge that makes your life as bug hunters and pentesters easier.
Photon
Incredibly fast crawler designed for OSINT.
PHPGGC
PHP unserialize() payloads along with a tool to generate them.
pivotnacci
A tool to make socks connections through HTTP agents.
PortBender
A TCP port redirection utility that allows inbound traffic redirection.
pown.js
Security testing and exploitation toolkit.
Print-My-Shell
Automate the process of generating various reverse shells.
Prowler
Open Source Security tool to perform Cloud Security best practices
proxify
Swiss Army knife Proxy tool for HTTP(S) traffic capture, manipulation, and replay on the go.
psudohash
Password list generator for orchestrating brute force attacks.
puredns
Puredns is a fast domain resolver & subdomain bruteforcing tool.
pwncat
Netcat on steroids with many extra features.
pyBuster
A multi-target URL bruteforcer.
pyfiscan
Free web-application vulnerability and version scanner.
qsfuzz
qsfuzz is a tool that allows to write simple rules in YAML that define what value to inject
qsinject
Allows you to quickly substitute query string values with regex matches, one-at-a-time.
qsreplace
Accept URLs on stdin, replace all query string values with a user-supplied value.
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning.
Reaver
Implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs.
recollapse
REcollapse is a helper tool for black-box regex fuzzing to bypass validations
Recon-ng
OSINT tool aimed at reducing the time spent harvesting information from open sources.
reconFTW
Runs the best set of tools to perform scanning and finding out vulnerabilities on a target domain.
ReconNess
Continuous recon and pipeline tools setup.
RecurseBuster
Rapid content discovery tool for recursively querying webservers.
regulator
Automated learning of regexes for DNS discovery.
Rekono
Execute full pentesting processes combining multiple hacking tools automatically.
Rengine
Automated reconnaissance framework for webapps, highly configurable streamlined recon process.
Replicator
Burp Suite extension to help developers replicate findings from pentests.
Request Highlighter
Burp Suite extension that automatically highlights different HTTP requests.
Retire.js
Detects the use of JavaScript libraries with known vulnerabilities.
RevShells
Hosted Reverse Shell generator with a ton of functionality.
rexsser
Burp Suite plugin that extracts keywords from response using and test for reflected XSS.
RsaCtfTool
RSA multi-attacks tool: uncypher data from a weak public key and try to recover a private key.
Rubeus
Rubeus is a toolkit for Kerberos interaction and abuses.
rush
A cross-platform command-line tool for executing jobs in parallel.
RustScan
The Modern Port Scanner. Fast, smart, effective.
Rusty Hog
A suite of secret scanners built in Rust for performance.
S3 Objects Check
Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.
S3BucketList
Firefox plugin that lists Amazon S3 Buckets found in requests.
s3cario
Performs buckets checks from a given list of subdomains.
S3Cruze
All-in-one AWS S3 bucket tool.
s3reverse
The format of various S3 buckets is convert in one format.
S3Scanner
Scan for open S3 buckets and dump the contents.
s3tk
A security toolkit for Amazon S3.
safecopy
Burp Extension for copying requests safely.
Sandcastle
A Python script for AWS S3 bucket enumeration.
scan-check-builder
Burp Suite extension which helps to improve the active and passive scanner by yourself.
ScanCannon
Combines the speed of masscan with the reliability and detailed enumeration of nmap.
Scilla
Information Gathering tool – DNS / Subdomains / Ports / Directories enumeration.
Scout
Discover a web server’s undisclosed files, directories and VHOSTs.
ScrapeIn
Harvest employee email addresses from a specific company through LinkedIn.
ScreenShooter
Convert your masscan/subdomain-scan results into screenshots for better analysis.
Screenshoteer
Makes web screenshots and mobile emulations from the command line.
Scrying
Collects RDP, web and VNC screenshots all in one place.
SearchSploit
Cli tool for Exploit-DB that also allows you to take a copy of Exploit Database with you.
SecLists
Collection of multiple types of lists used during security assessments, collected in one place.
See-SURF
Detect Vulnerable SSRF parameters.
sentrySSRF
Searching for Sentry config on page or in Javascript files and check blind SSRF.
Shadow Workers
C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.
SharpHose
Asynchronous password spraying tool for Windows environments.
Shelling
A comprehensive OS command injection payload generator.
Shells
A script for generating common revshells fast and easily.
Sherlock
Hunt down social media accounts by username across social networks.
shhgit
Secrets detection for your GitHub, GitLab and Bitbucket repositories.
Shotlooter
Find sensitive data inside the screenshots uploaded to prnt.sc.
shuffleDNS
Enumerate valid subdomains using active bruteforce and DNS resolution.
SiteBroker
Utility for information gathering and penetration testing automation.
skipfish
Web application security scanner.
Slack Watchman
Monitoring your Slack workspaces for sensitive informations.
SleuthQL
Burp History parsing tool to discover potential SQL injection points.
Slurp
A blazing fast & feature rich Amazon S3 bucket enumerator.
smap
A drop-in replacement for Nmap powered by shodan.io.
SMBploit
Offensive tool to scan & exploit vulnerabilities in Windows over SMB using Metasploit.
Smogcloud
Find cloud assets that no one wants exposed.
Smuggler
An HTTP Request Smuggling / Desync testing tool.
Sn1per
Attack Surface Management Platform.
sns
IIS shortname scanner written in Go.
Sourcegraph
Search millions of open source repositories.
spaces-finder
A tool to hunt for publicly accessible DigitalOcean Spaces.
SpiderFoot
Automates OSINT for threat intelligence and mapping your attack surface.
Spoofy
Checks if a list of domains can be spoofed based on SPF and DMARC records.
SprayCannon
Fast multithreaded password spraying tool with backend database.
SQLi-Hunter
Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
sqlipy
Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
SQLiScanner
Automatic SQL injection with Charles and sqlmap API.
SQLiv
Massive SQL injection vulnerability scanner.
sqlmap
Automatic SQL injection and database takeover tool.
SQLninja
Exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server.
SQLRecon
A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.
SQLTruncSanner
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
ssh-audit
SSH server auditing: banner, key exchange, encryption, compatibility, security…
sslscan
Tests SSL/TLS enabled services to discover supported cipher suites.
SSLyze
Fast and powerful SSL/TLS scanning library.
SSRFire
An automated SSRF finder. Just give the domain name and your server and chill!
SSRFmap
Automatic SSRF fuzzer and exploitation tool.
StaCoAn
Crossplatform tool which help to perform static code analysis on mobile applications.
steghide
Steganography program that hides secrets in the least significant bits of a file.
Stepper
A natural evolution of Burp Suite’s Repeater tool.
Sub3 Suite
A free, open source, cross platform Intelligence gathering tool.
SubBrute
A DNS meta-query spider that enumerates DNS records, and subdomains.
SubDomainizer
A tool to find subdomains and interesting things hidden inside.
Subfinder
Discovery tool that discovers valid subdomains for websites.
subHijack
Hijacking forgotten & misconfigured subdomains.
Subjack
Subdomain Takeover tool written in Go.
Sublert
Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Sublist3r
Fast subdomains enumeration tool for penetration testers.
SubOver
A Powerful Subdomain Takeover Tool.
Substr3am
Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.
subzuf
A smart DNS response-guided subdomain fuzzer.
Sudomy
Collects subdomains and analyzes domains performing automated reconnaissance.
SweetPotato
A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.
takeover
A tool for testing subdomain takeover possibilities at a mass scale.
TheftFuzzer
Fuzz Cross-Origin Resource Sharing implementations for common misconfigurations.
tko-subs
A tool that can help detect and takeover subdomains with dead DNS records.
TLD Scanner
Scan all possible TLD’s for a given domain name.
tlsx
Fast and configurable TLS grabber focused on TLS based data collection.
tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool.
Tracy
Assists with finding all sinks and sources of a webapp and display the results in a nice way.
Transformations
Understand how input is transformed on a system, which can help to craft payloads.
Trishul
Burp Suite Extension to hunt for common vulnerabilities found in websites.
TugaRecon
Subdomains enumeration tool for penetration testers.
Turbo Intruder
Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Turbolist3r
Subdomain enumeration tool with analysis features for discovered domains.
uncover
Quickly discover exposed hosts on the internet using multiple search engines.
unfurl
An Entropy-Based Link Vulnerability Tool.
urlgrab
A golang utility to spider through a website searching for additional links.
uro
Declutters url lists for crawling/pentesting.
userefuzz
User-Agent, X-Forwarded-For and Referer SQLI Fuzzer.
vaf
Cross-platform very advanced and fast web fuzzer written in nim.
vaya-ciego-nen
Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
Venom
Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns.
vhosts-sieve
Searching for virtual hosts among non-resolvable domains.
VHostScan
Virtual host scanner that performs reverse lookups.
w3af
Web Application Attack and Audit Framework.
wafw00f
Identify and fingerprint Web Application Firewall products protecting a website.
Wapiti
The web-application vulnerability scanner.
waybackSqliScanner
Gather urls from wayback machine then test each GET parameter for SQL injection.
waybackurls
Fetch all the URLs that the Wayback Machine knows about for a domain.
Waymore
Find way more from the Wayback Machine!
webanalyze
Uncovers technologies used on websites to automate mass scanning.
websy
Keep an eye on your targets to get quickly notified for any change they push on their server.
Wfuzz
Web application fuzzer.
WhatWeb
Next generation web scanner.
Whispers
Identify hardcoded secrets in static structured text.
wifipumpkin3
Powerful framework for rogue access point attack.
wifite
Runs existing wireless-auditing tools for you. Stop memorizing command arguments & switches!
windapsearch
Enumerate users, groups and computers from a Windows domain through LDAP queries.
Wireshark
Network sniffer that captures and analyzes packets off the wire.
WitnessMe
Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.
Words Scraper
Selenium based web scraper to generate passwords list.
WPRecon
Tool for the recognition of vulnerabilities and blackbox information for WordPress.
WPScan
WPScan WordPress Security Scanner
WPSpider
A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.
WSDL Wizard
Burp Suite plugin to detect current and discover new WSDL files.
X8
Hidden parameters discovery suite.
XFFenum
X-Forwarded-For [403 forbidden] enumeration.
xnLinkFinder
A python tool used to discover endpoints and potential parameters for a given target.
xray
Security assessment tool that supports common web security issue scanning and custom PoC.
XSpear
Powerfull XSS Scanning and Parameter analysis tool&gem.
XSRFProbe
The Prime Cross Site Request Forgery Audit and Exploitation Toolkit.
XSS Hunter Express
The fastest way to set up XSS Hunter to test and find blind XSS vulnerabilities.
XSS Radar
A Chrome extension for fast and easy XSS fuzzing.
Xss-Sql-Fuzz
Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.
xss2png
PNG IDAT chunks XSS payload generator.
XSSCon
Simple XSS Scanner tool.
xsscrapy
Fast, thorough, XSS/SQLi spider.
XSSer
Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
XSSMap
Detect XSS vulnerability in Web Applications.
xssValidator
A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.
XSSwagger
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.
XXE-FTP
A mini webserver with FTP support for XXE payloads.
XXEinjector
Exploitation of XXE vulnerability using direct and different out of band methods.
xxeserv
A mini webserver with FTP support for XXE payloads.
Yet Another Robber
Yar is a tool for plunderin’ organizations, users and/or repositories…
Yet Another Sniffer
A network analyzer that make easy to extract informations about network traffic.
Yoga
Your OSINT Graphical Analyzer.
ysoserial
Generates payloads that exploit unsafe Java object deserialization.
ysoserial.net
Deserialization payload generator for a variety of .NET formatters.
Read More
Tyisha Grisby