CT Log Scanner

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Unlock Exclusive Insights! 🚀📖 Download My FREE E-Zine Now ➡️ Over 170 Pages of Essential Content! Elevate your hardware hacking game with insider tips and the latest trends. Don’t miss out—grab you…

ChatBot Injection and Exploit Examples: A Curated List of Prompt Engineer Commands - ChatGPT

GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)

Automatic SSRF fuzzer and exploitation tool

Scanning APK file for URIs, endpoints & secrets.

Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Subdomain takeover vulnerability checker

An extension for checking if .git is exposed in visited websites

This a adaption of tomnomnom's kxss tool with a different output format

Fast and customizable vulnerability scanner For JIRA written in Python

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

A tool for reverse engineering Android apk files

Burp plugin able to find reflected XSS on page in real-time while browsing on site

Automation for javascript recon in bug bounty.

A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.

A library for parsing .DS_Store files and extracting file names

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…

The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea…

Close-Circuit Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in …

Fetch all the URLs that the Wayback Machine knows about for a domain

Accept URLs on stdin, replace all query string values with a user-supplied value