sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

created at June 26, 2012, 9:52 a.m.

1,092 +1

32,589 +78

5,725 +10

mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

created at Feb. 16, 2010, 4:10 a.m.

624 +0

36,847 +91

4,041 +6

Photon by UltimateHackers

Incredibly fast crawler designed for OSINT.

created at March 30, 2018, 7:38 p.m.

325 +1

11,061 +26

1,521 +1

XSStrike by UltimateHackers

Most advanced XSS scanner.

created at June 26, 2017, 7:24 a.m.

274 +0

13,376 +28

1,906 +3

Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

created at Dec. 15, 2015, 12:55 a.m.

231 +0

9,880 +18

2,104 -2

social_mapper by Greenwolf

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

created at July 7, 2018, 2:50 p.m.

225 +0

3,808 +2

788 +0

wfuzz by xmendez

Web application fuzzer

created at Oct. 22, 2014, 9:23 p.m.

167 +0

5,968 +13

1,385 +0

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

created at March 20, 2015, 8:38 a.m.

158 +0

4,611 +13

818 +2

Some-PoC-oR-ExP by coffeehb

各种漏洞poc、Exp的收集或编写

created at March 13, 2015, 3:31 p.m.

154 +0

2,384 +2

972 +0

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

created at March 9, 2015, 9:16 p.m.

149 +0

3,047 +0

277 +0

weevely3 by epinna

Weaponized web shell

created at Sept. 20, 2014, 10:16 a.m.

132 +1

3,200 +10

605 +2

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

created at Aug. 24, 2016, 3:12 p.m.

130 +0

10,847 +39

1,543 +3

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

created at June 8, 2018, 7:05 a.m.

124 +0

1,781 +2

392 +1

subDomainsBrute by lijiejie

A fast sub domain brute tool for pentesters

created at April 1, 2015, 7:22 a.m.

116 +0

3,488 +2

1,010 +0

Raccoon by evyatarmeged

A high performance offensive security tool for reconnaissance and vulnerability scanning

created at May 13, 2018, 5:05 p.m.

108 +0

3,090 +2

400 +0

GitMiner by UnkL4b

Tool for advanced mining for content on Github

created at Feb. 27, 2016, 12:30 p.m.

108 +0

2,092 +2

426 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

created at May 21, 2014, 7:43 p.m.

104 +0

2,221 +8

440 +1

Astra by flipkart-incubator

Automated Security Testing For REST API's

created at Jan. 10, 2018, 11:56 a.m.

86 +0

2,512 +6

402 +1

ReconDog by UltimateHackers

Reconnaissance Swiss Army Knife

created at June 12, 2017, 6:19 p.m.

83 +0

1,814 +5

340 +0

domain_analyzer by eldraco

Analyze the security of any domain by finding all the information possible. Made in python.

created at Aug. 8, 2017, 6:52 p.m.

83 +0

1,844 +1

240 +0