Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Terminal session recorder 📹

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

A Workflow Engine for Offensive Security

Unleash the power of cloud

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

🚀 Free HTTP, SOCKS4, & SOCKS5 Proxy List * Updated every 5 minutes *

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Signatures for jaeles scanner by @j3ssie

The Swiss Army knife for automated Web Application Testing

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

A versatile Bash script for deduplicating URLs, filtering by query strings, and removing URLs with specific extensions.

A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API

Nmap - the Network Mapper. Github mirror of official SVN repository.

how to look for Leaked Credentials !

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

In-depth attack surface mapping and asset discovery

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

This is a python wrapper around the amazing KNOXSS API by Brute Logic

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

Various tips & tricks

Web path scanner

Tool to check for dependency confusion vulnerabilities in multiple package management systems

Metasploit Framework

A next-generation crawling and spidering framework.