A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

a recon tool that allows searching on URLs that are exposed via shortener services

The Swiss Army knife for automated Web Application Testing

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Scan git repos for secrets using regex and entropy 🔑

The dynamic infrastructure framework for anybody!

List DTDs and generate XXE payloads using those local DTDs.

Google Dorks | Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google Dorks. A collection of 13.760 Dorks. Author: Jolanda de Koff

Extract uncompiled, uncompressed SPA code from Webpack source maps.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Tutorials and Things to Do while Hunting Vulnerability.

Fast Go Application Scanner

A malicious LDAP server for JNDI injection attacks

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

Faster Nmap Scanning with Rust

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

This script is intended to automate your reconnaissance process in an organized fashion

Network recon framework.

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…

A highly configurable Framework for easy automated web scanning

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Searches through git repositories for high entropy strings and secrets, digging deep into commit history