dirhunt by Nekmo

Find web directories without bruteforce

updated at May 12, 2024, 6:25 a.m.

35 +0

1,707 +6

234 +3

mitmproxy by mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

updated at May 12, 2024, 5:35 a.m.

622 +0

34,515 +77

3,907 +6

ReconDog by UltimateHackers

Reconnaissance Swiss Army Knife

updated at May 12, 2024, 5:21 a.m.

82 +0

1,710 +3

335 +0

XSStrike by UltimateHackers

Most advanced XSS scanner.

updated at May 12, 2024, 4:50 a.m.

274 +0

12,743 +15

1,847 +2

JShell by UltimateHackers

JShell - Get a JavaScript shell with XSS.

updated at May 12, 2024, 3:45 a.m.

25 +0

504 +3

140 +0

cloudgoat by RhinoSecurityLabs

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

updated at May 12, 2024, 2:08 a.m.

71 +0

2,760 +9

577 +1

Photon by UltimateHackers

Incredibly fast crawler designed for OSINT.

updated at May 12, 2024, 12:15 a.m.

322 +0

10,534 +13

1,453 -1

tinfoleak by vaguileradiaz

The most complete open-source tool for Twitter intelligence analysis

updated at May 11, 2024, 11:10 p.m.

72 +0

1,896 +1

273 +1

GitMiner by UnkL4b

Tool for advanced mining for content on Github

updated at May 11, 2024, 10 p.m.

108 +0

2,057 +4

427 +0

Sublist3r by aboul3la

Fast subdomains enumeration tool for penetration testers

updated at May 11, 2024, 9:54 p.m.

233 +0

9,281 +15

2,052 +2

wfuzz by xmendez

Web application fuzzer

updated at May 11, 2024, 9:45 p.m.

168 +0

5,663 +9

1,332 +1

sqlmap by sqlmapproject

Automatic SQL injection and database takeover tool

updated at May 11, 2024, 9:34 p.m.

1,090 +1

30,690 +56

5,549 +11

prowler by prowler-cloud

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

updated at May 11, 2024, 9:33 p.m.

118 -1

9,618 +40

1,404 +9

XSRFProbe by theInfectedDrake

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

updated at May 11, 2024, 4:07 p.m.

36 +0

978 +4

188 +3

commix by commixproject

Automated All-in-One OS Command Injection Exploitation Tool.

updated at May 11, 2024, 11:48 a.m.

161 +0

4,348 +8

797 +0

domain_analyzer by eldraco

Analyze the security of any domain by finding all the information possible. Made in python.

updated at May 11, 2024, 11:39 a.m.

83 +0

1,837 +1

245 +0

tplmap by epinna

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

updated at May 11, 2024, 11:19 a.m.

84 -1

3,643 +8

662 +0

phpsploit by nil0x42

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

updated at May 11, 2024, 9:38 a.m.

103 +0

2,146 +7

434 +1

TIDoS-Framework by theInfectedDrake

The Offensive Manual Web Application Penetration Testing Framework.

updated at May 11, 2024, 7:51 a.m.

125 +0

1,740 +5

388 +1

domato by googleprojectzero

DOM fuzzer

updated at May 11, 2024, 7:22 a.m.

68 +0

1,643 +1

273 +0