Scan for misconfigured S3 buckets across S3-compatible APIs!

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

LC（List Cloud）是一个多云攻击面资产梳理工具

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

HTTP parameter discovery suite.

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Termux - a terminal emulator application for Android OS extendible by variety of packages.

A cheat sheet that contains advanced queries for SQL Injection of all types.

Reverse engineering and pentesting for Android applications

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and s…

Downloads videos and playlists from YouTube

Most advanced XSS scanner.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into account…

A tool for IDN homograph attacks and detection.

CeWL is a Custom Word List Generator

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

Scanning APK file for URIs, endpoints & secrets.

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Incredibly fast crawler designed for OSINT.

Web path scanner

Automatic SQL injection and database takeover tool

Information gathering framework for phone numbers

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A swiss army knife for pentesting networks