Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Potentially dangerous files

IP lookup by favicon using Shodan

Injectra is a Python-based tool for injecting custom payloads into various file types using their magic numbers. It supports file types like zip, rar, docx, jpg, and more, allowing for customizable…

Community curated list of templates for the nuclei engine to find security vulnerabilities.

NucleiFuzzer is a robust automation tool designed for efficiently detecting web application vulnerabilities, including XSS, SQLi, SSRF, and Open Redirects, leveraging advanced scanning and URL enum…

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

eBPF UDP -> TCP obfuscator

Automagically reverse-engineer REST APIs via capturing traffic

Gather and update all available and newest CVEs with their PoC.

A Burp Suite extension that converts IP addresses to decimal notation, useful for SSRF bypass and WAF evasion testing. Created by Harshad Shah.

Convert Parameters

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Pure Malware Development Resource Collections

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

Eeyes(棱眼)-快速筛选真实IP并整理为C段

高危漏洞利用工具

Metasploit Framework

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

Malware Sample Sources

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

A tool to fastly get all javascript sources/files

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

1337 Wordlists for Bug Bounty Hunting

A high-performance port spoofing tool built in Rust. Confuse port scanners with dynamic service emulation across all ports. Features customizable signatures, efficient async handling, and easy tra…

The essential toolkit for reversing, malware analysis, and cracking