Find, verify, and analyze leaked credentials

Make JSON greppable!

A fast TCP/UDP tunnel over HTTP

Fast web fuzzer written in Go

In-depth attack surface mapping and asset discovery

Open-Source Phishing Toolkit

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Directory/File, DNS and VHost busting tool written in Go

The Havoc Framework

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Cloud native networking and network security

A Tool for Domain Flyovers

A Workflow Engine for Offensive Security

Modlishka. Reverse Proxy.

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Simple command-line snippet manager

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Fetch all the URLs that the Wayback Machine knows about for a domain

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

Find domains and subdomains related to a given domain

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Take a list of domains and probe for working HTTP and HTTPS servers

A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.

Scan for misconfigured S3 buckets across S3-compatible APIs!

Gospider - Fast web spider written in Go

The Swiss Army knife for automated Web Application Testing

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

Subdomain Takeover tool written in Go

Fast Go Application Scanner