Deploy README.md and Categorize Docs

This commit is contained in:
WHW 2024-07-24 14:27:01 +00:00
parent a0d2f72168
commit 1d26730eb8
49 changed files with 702 additions and 692 deletions

659
README.md
View File

@ -28,340 +28,340 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
| | Attributes | | | Attributes |
|-------|---------------------------------------------------| |-------|---------------------------------------------------|
| Types | `Army-Knife` `Proxy` `Recon` `Fuzzer` `Scanner` `Exploit` `Env` `Utils` `Etc`| | Types | `Army-Knife` `Proxy` `Recon` `Fuzzer` `Scanner` `Exploit` `Env` `Utils` `Etc`|
| Tags | [`infra`](/categorize/tags/infra.md) [`pentest`](/categorize/tags/pentest.md) [`crawl`](/categorize/tags/crawl.md) [`recon`](/categorize/tags/recon.md) [`exploit`](/categorize/tags/exploit.md) [`live-audit`](/categorize/tags/live-audit.md) [`mitmproxy`](/categorize/tags/mitmproxy.md) [`subdomains`](/categorize/tags/subdomains.md) [`js-analysis`](/categorize/tags/js-analysis.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md) [`csp`](/categorize/tags/csp.md) [`url`](/categorize/tags/url.md) [`takeover`](/categorize/tags/takeover.md) [`osint`](/categorize/tags/osint.md) [`endpoint`](/categorize/tags/endpoint.md) [`attack-surface`](/categorize/tags/attack-surface.md) [`param`](/categorize/tags/param.md) [`apk`](/categorize/tags/apk.md) [`portscan`](/categorize/tags/portscan.md) [`online`](/categorize/tags/online.md) [`graphql`](/categorize/tags/graphql.md) [`favicon`](/categorize/tags/favicon.md) [`domain`](/categorize/tags/domain.md) [`ssrf`](/categorize/tags/ssrf.md) [`jwt`](/categorize/tags/jwt.md) [`cache-vuln`](/categorize/tags/cache-vuln.md) [`path-traversal`](/categorize/tags/path-traversal.md) [`ssti`](/categorize/tags/ssti.md) [`crlf`](/categorize/tags/crlf.md) [`header`](/categorize/tags/header.md) [`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md) [`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md) [`ssl`](/categorize/tags/ssl.md) [`broken-link`](/categorize/tags/broken-link.md) [`cors`](/categorize/tags/cors.md) [`xss`](/categorize/tags/xss.md) [`s3`](/categorize/tags/s3.md) [`aaa`](/categorize/tags/aaa.md) [`oast`](/categorize/tags/oast.md) [`dependency-confusion`](/categorize/tags/dependency-confusion.md) [`sqli`](/categorize/tags/sqli.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md) [`403`](/categorize/tags/403.md) [`xxe`](/categorize/tags/xxe.md) [`RMI`](/categorize/tags/RMI.md) [`rop`](/categorize/tags/rop.md) [`payload`](/categorize/tags/payload.md) [`deserialize`](/categorize/tags/deserialize.md) [`zipbomb`](/categorize/tags/zipbomb.md) [`blind-xss`](/categorize/tags/blind-xss.md) [`diff`](/categorize/tags/diff.md) [`http`](/categorize/tags/http.md) [`nuclei-templates`](/categorize/tags/nuclei-templates.md) [`notify`](/categorize/tags/notify.md) [`cookie`](/categorize/tags/cookie.md) [`report`](/categorize/tags/report.md) [`browser-record`](/categorize/tags/browser-record.md) [`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md) [`darkmode`](/categorize/tags/darkmode.md) [`clipboard`](/categorize/tags/clipboard.md) [`web3`](/categorize/tags/web3.md) [`json`](/categorize/tags/json.md) [`encode`](/categorize/tags/encode.md) [`gRPC-Web`](/categorize/tags/gRPC-Web.md) | | Tags | [`infra`](/categorize/tags/infra.md) [`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md) [`pentest`](/categorize/tags/pentest.md) [`recon`](/categorize/tags/recon.md) [`exploit`](/categorize/tags/exploit.md) [`subdomains`](/categorize/tags/subdomains.md) [`param`](/categorize/tags/param.md) [`js-analysis`](/categorize/tags/js-analysis.md) [`dns`](/categorize/tags/dns.md) [`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md) [`port`](/categorize/tags/port.md) [`graphql`](/categorize/tags/graphql.md) [`online`](/categorize/tags/online.md) [`takeover`](/categorize/tags/takeover.md) [`domain`](/categorize/tags/domain.md) [`csp`](/categorize/tags/csp.md) [`osint`](/categorize/tags/osint.md) [`portscan`](/categorize/tags/portscan.md) [`apk`](/categorize/tags/apk.md) [`favicon`](/categorize/tags/favicon.md) [`jwt`](/categorize/tags/jwt.md) [`cache-vuln`](/categorize/tags/cache-vuln.md) [`crlf`](/categorize/tags/crlf.md) [`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md) [`ssrf`](/categorize/tags/ssrf.md) [`header`](/categorize/tags/header.md) [`path-traversal`](/categorize/tags/path-traversal.md) [`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md) [`ssti`](/categorize/tags/ssti.md) [`xss`](/categorize/tags/xss.md) [`sqli`](/categorize/tags/sqli.md) [`dependency-confusion`](/categorize/tags/dependency-confusion.md) [`aaa`](/categorize/tags/aaa.md) [`403`](/categorize/tags/403.md) [`cors`](/categorize/tags/cors.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md) [`ssl`](/categorize/tags/ssl.md) [`oast`](/categorize/tags/oast.md) [`s3`](/categorize/tags/s3.md) [`broken-link`](/categorize/tags/broken-link.md) [`RMI`](/categorize/tags/RMI.md) [`xxe`](/categorize/tags/xxe.md) [`rop`](/categorize/tags/rop.md) [`documents`](/categorize/tags/documents.md) [`nuclei-templates`](/categorize/tags/nuclei-templates.md) [`dom`](/categorize/tags/dom.md) [`cookie`](/categorize/tags/cookie.md) [`blind-xss`](/categorize/tags/blind-xss.md) [`deserialize`](/categorize/tags/deserialize.md) [`zipbomb`](/categorize/tags/zipbomb.md) [`http`](/categorize/tags/http.md) [`browser-record`](/categorize/tags/browser-record.md) [`json`](/categorize/tags/json.md) [`payload`](/categorize/tags/payload.md) [`encode`](/categorize/tags/encode.md) [`wordlist`](/categorize/tags/wordlist.md) [`gRPC-Web`](/categorize/tags/gRPC-Web.md) [`report`](/categorize/tags/report.md) [`clipboard`](/categorize/tags/clipboard.md) [`notify`](/categorize/tags/notify.md) [`web3`](/categorize/tags/web3.md) [`diff`](/categorize/tags/diff.md) [`darkmode`](/categorize/tags/darkmode.md) |
| Langs | [`Shell`](/categorize/langs/Shell.md) [`Ruby`](/categorize/langs/Ruby.md) [`Go`](/categorize/langs/Go.md) [`Java`](/categorize/langs/Java.md) [`Python`](/categorize/langs/Python.md) [`Rust`](/categorize/langs/Rust.md) [`JavaScript`](/categorize/langs/JavaScript.md) [`C`](/categorize/langs/C.md) [`Kotlin`](/categorize/langs/Kotlin.md) [`Crystal`](/categorize/langs/Crystal.md) [`Perl`](/categorize/langs/Perl.md) [`TypeScript`](/categorize/langs/TypeScript.md) [`C#`](/categorize/langs/C%23.md) [`PHP`](/categorize/langs/PHP.md) [`Txt`](/categorize/langs/Txt.md) [`HTML`](/categorize/langs/HTML.md) [`C++`](/categorize/langs/C++.md) [`CSS`](/categorize/langs/CSS.md) [`BlitzBasic`](/categorize/langs/BlitzBasic.md) | | Langs | [`Shell`](/categorize/langs/Shell.md) [`Java`](/categorize/langs/Java.md) [`Go`](/categorize/langs/Go.md) [`Ruby`](/categorize/langs/Ruby.md) [`Python`](/categorize/langs/Python.md) [`Rust`](/categorize/langs/Rust.md) [`Crystal`](/categorize/langs/Crystal.md) [`Kotlin`](/categorize/langs/Kotlin.md) [`JavaScript`](/categorize/langs/JavaScript.md) [`C`](/categorize/langs/C.md) [`Perl`](/categorize/langs/Perl.md) [`TypeScript`](/categorize/langs/TypeScript.md) [`Txt`](/categorize/langs/Txt.md) [`C#`](/categorize/langs/C%23.md) [`BlitzBasic`](/categorize/langs/BlitzBasic.md) [`PHP`](/categorize/langs/PHP.md) [`C++`](/categorize/langs/C++.md) [`CSS`](/categorize/langs/CSS.md) [`HTML`](/categorize/langs/HTML.md) |
### Tools ### Tools
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Army-Knife|[Metasploit](https://github.com/rapid7/metasploit-framework)|The worlds most used penetration testing framework|![](https://img.shields.io/github/stars/rapid7/metasploit-framework?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Army-knife|[Ronin](https://ronin-rb.dev)|Free and Open Source Ruby Toolkit for Security Research and Development||[`pentest`](/categorize/tags/pentest.md) [`crawl`](/categorize/tags/crawl.md) [`recon`](/categorize/tags/recon.md) [`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|[`live-audit`](/categorize/tags/live-audit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|[`live-audit`](/categorize/tags/live-audit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Army-Knife|[Metasploit](https://github.com/rapid7/metasploit-framework)|The worlds most used penetration testing framework|![](https://img.shields.io/github/stars/rapid7/metasploit-framework?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Army-knife|[Ronin](https://ronin-rb.dev)|Free and Open Source Ruby Toolkit for Security Research and Development||[`pentest`](/categorize/tags/pentest.md) [`crawl`](/categorize/tags/crawl.md) [`recon`](/categorize/tags/recon.md) [`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[Echo Mirage](https://sourceforge.net/projects/echomirage.oldbutgold.p/)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![windows](/images/windows.png)|
|Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https://img.shields.io/github/stars/mitmproxy/mitmproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Proxy|[Glorp](https://github.com/denandz/glorp)|A CLI-based HTTP intercept and replay proxy|![](https://img.shields.io/github/stars/denandz/glorp?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[Glorp](https://github.com/denandz/glorp)|A CLI-based HTTP intercept and replay proxy|![](https://img.shields.io/github/stars/denandz/glorp?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https://img.shields.io/github/stars/mitmproxy/mitmproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Proxy|[Echo Mirage](https://sourceforge.net/projects/echomirage.oldbutgold.p/)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![windows](/images/windows.png)|
|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[csprecon](https://github.com/edoardottt/csprecon)|Discover new target domains using Content Security Policy|![](https://img.shields.io/github/stars/edoardottt/csprecon?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https://img.shields.io/github/stars/xnl-h4ck3r/xnLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[BLUTO](https://github.com/darryllane/Bluto)|DNS Analysis Tool|![](https://img.shields.io/github/stars/darryllane/Bluto?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)|
|Recon|[SubBrute](https://github.com/aboul3la/Sublist3r)|https://github.com/TheRook/subbrute|![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices||[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[Lepus](https://github.com/gfek/Lepus)|Subdomain finder|![](https://img.shields.io/github/stars/gfek/Lepus?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[shosubgo](https://github.com/incogbyte/shosubgo)|Small tool to Grab subdomains using Shodan api.|![](https://img.shields.io/github/stars/incogbyte/shosubgo?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[Sudomy](https://github.com/screetsec/Sudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https://img.shields.io/github/stars/screetsec/Sudomy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[BugBountyScanner](https://github.com/chvancooten/BugBountyScanner)|A Bash script and Docker image for Bug Bounty reconnaissance.|![](https://img.shields.io/github/stars/chvancooten/BugBountyScanner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[jsluice](https://github.com/BishopFox/jsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https://img.shields.io/github/stars/BishopFox/jsluice?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool||[`subdomains`](/categorize/tags/subdomains.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[graphw00f](https://github.com/dolevf/graphw00f)|GraphQL Server Engine Fingerprinting utility|![](https://img.shields.io/github/stars/dolevf/graphw00f?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[bbot](https://github.com/blacklanternsecurity/bbot)|OSINT automation for hackers|![](https://img.shields.io/github/stars/blacklanternsecurity/bbot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[goverview](https://github.com/j3ssie/goverview)|goverview - Get an overview of the list of URLs|![](https://img.shields.io/github/stars/j3ssie/goverview?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[HostHunter](https://github.com/SpiderLabs/HostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https://img.shields.io/github/stars/SpiderLabs/HostHunter?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[favirecon](https://github.com/edoardottt/favirecon)|Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.|![](https://img.shields.io/github/stars/edoardottt/favirecon?label=%20)|[`favicon`](/categorize/tags/favicon.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|[`domain`](/categorize/tags/domain.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https://img.shields.io/github/stars/xnl-h4ck3r/xnLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|![](https://img.shields.io/github/stars/projectdiscovery/katana?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Smap](https://github.com/s0md3v/smap/)|a drop-in replacement for Nmap powered by shodan.io|![](https://img.shields.io/github/stars/s0md3v/smap/?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Smap](https://github.com/s0md3v/smap/)|a drop-in replacement for Nmap powered by shodan.io|![](https://img.shields.io/github/stars/s0md3v/smap/?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[graphw00f](https://github.com/dolevf/graphw00f)|GraphQL Server Engine Fingerprinting utility|![](https://img.shields.io/github/stars/dolevf/graphw00f?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|[`domain`](/categorize/tags/domain.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[shosubgo](https://github.com/incogbyte/shosubgo)|Small tool to Grab subdomains using Shodan api.|![](https://img.shields.io/github/stars/incogbyte/shosubgo?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Recon|[goverview](https://github.com/j3ssie/goverview)|goverview - Get an overview of the list of URLs|![](https://img.shields.io/github/stars/j3ssie/goverview?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)| |Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[csprecon](https://github.com/edoardottt/csprecon)|Discover new target domains using Content Security Policy|![](https://img.shields.io/github/stars/edoardottt/csprecon?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[jsluice](https://github.com/BishopFox/jsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https://img.shields.io/github/stars/BishopFox/jsluice?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[bbot](https://github.com/blacklanternsecurity/bbot)|OSINT automation for hackers|![](https://img.shields.io/github/stars/blacklanternsecurity/bbot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Hunt3r](https://github.com/EasyRecon/Hunt3r)|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|![](https://img.shields.io/github/stars/EasyRecon/Hunt3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|![](https://img.shields.io/github/stars/projectdiscovery/katana?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[BLUTO](https://github.com/darryllane/Bluto)|DNS Analysis Tool|![](https://img.shields.io/github/stars/darryllane/Bluto?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices||[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[HostHunter](https://github.com/SpiderLabs/HostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https://img.shields.io/github/stars/SpiderLabs/HostHunter?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[BugBountyScanner](https://github.com/chvancooten/BugBountyScanner)|A Bash script and Docker image for Bug Bounty reconnaissance.|![](https://img.shields.io/github/stars/chvancooten/BugBountyScanner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[CrackQL](https://github.com/nicholasaleks/CrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https://img.shields.io/github/stars/nicholasaleks/CrackQL?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[SubBrute](https://github.com/aboul3la/Sublist3r)|https://github.com/TheRook/subbrute|![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[SSRFire](https://github.com/ksharinarayanan/SSRFire)|An automated SSRF finder. Just give the domain name and your server and chill|![](https://img.shields.io/github/stars/ksharinarayanan/SSRFire?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[Hunt3r](https://github.com/EasyRecon/Hunt3r)|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|![](https://img.shields.io/github/stars/EasyRecon/Hunt3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[favirecon](https://github.com/edoardottt/favirecon)|Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.|![](https://img.shields.io/github/stars/edoardottt/favirecon?label=%20)|[`favicon`](/categorize/tags/favicon.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Lepus](https://github.com/gfek/Lepus)|Subdomain finder|![](https://img.shields.io/github/stars/gfek/Lepus?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Sudomy](https://github.com/screetsec/Sudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https://img.shields.io/github/stars/screetsec/Sudomy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool||[`subdomains`](/categorize/tags/subdomains.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Fuzzer|[Clairvoyance](https://github.com/nikitastupin/clairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https://img.shields.io/github/stars/nikitastupin/clairvoyance?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[BatchQL](https://github.com/assetnote/batchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https://img.shields.io/github/stars/assetnote/batchql?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|[`path-traversal`](/categorize/tags/path-traversal.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[CrackQL](https://github.com/nicholasaleks/CrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https://img.shields.io/github/stars/nicholasaleks/CrackQL?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[SSTImap](https://github.com/vladko312/SSTImap)|Automatic SSTI detection tool with interactive interface|![](https://img.shields.io/github/stars/vladko312/SSTImap?label=%20)|[`ssti`](/categorize/tags/ssti.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|[`crlf`](/categorize/tags/crlf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|[`crlf`](/categorize/tags/crlf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[SmuggleFuzz](https://github.com/Moopinger/smugglefuzz/)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https://img.shields.io/github/stars/Moopinger/smugglefuzz/?label=%20)|[`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[SSRFire](https://github.com/ksharinarayanan/SSRFire)|An automated SSRF finder. Just give the domain name and your server and chill|![](https://img.shields.io/github/stars/ksharinarayanan/SSRFire?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[headerpwn](https://github.com/devanshbatham/headerpwn)|A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers|![](https://img.shields.io/github/stars/devanshbatham/headerpwn?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[headerpwn](https://github.com/devanshbatham/headerpwn)|A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers|![](https://img.shields.io/github/stars/devanshbatham/headerpwn?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|[`path-traversal`](/categorize/tags/path-traversal.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[Clairvoyance](https://github.com/nikitastupin/clairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https://img.shields.io/github/stars/nikitastupin/clairvoyance?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[BatchQL](https://github.com/assetnote/batchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https://img.shields.io/github/stars/assetnote/batchql?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[SSTImap](https://github.com/vladko312/SSTImap)|Automatic SSTI detection tool with interactive interface|![](https://img.shields.io/github/stars/vladko312/SSTImap?label=%20)|[`ssti`](/categorize/tags/ssti.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[SmuggleFuzz](https://github.com/Moopinger/smugglefuzz/)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https://img.shields.io/github/stars/Moopinger/smugglefuzz/?label=%20)|[`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[deadlinks](https://github.com/butuzov/deadlinks)|Health checks for your documentation links.|![](https://img.shields.io/github/stars/butuzov/deadlinks?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[scan4all](https://github.com/hktalent/scan4all)|Official repository vuls Scan|![](https://img.shields.io/github/stars/hktalent/scan4all?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|[`dependency-confusion`](/categorize/tags/dependency-confusion.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[S3cret Scanner](https://github.com/Eilonh/s3crets_scanner)|Hunting For Secrets Uploaded To Public S3 Buckets|![](https://img.shields.io/github/stars/Eilonh/s3crets_scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[autopoisoner](https://github.com/Th0h0/autopoisoner)|Web cache poisoning vulnerability scanner.|![](https://img.shields.io/github/stars/Th0h0/autopoisoner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|[`dependency-confusion`](/categorize/tags/dependency-confusion.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[FockCache](https://github.com/tismayil/fockcache)|Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[DeadFinder](https://github.com/hahwul/deadfinder)|Find dead-links (broken links)|![](https://img.shields.io/github/stars/hahwul/deadfinder?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Scanner|[SQLiDetector](https://github.com/eslam3kl/SQLiDetector)|Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.|![](https://img.shields.io/github/stars/eslam3kl/SQLiDetector?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Scanner|[FockCache](https://github.com/tismayil/fockcache)|Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[autopoisoner](https://github.com/Th0h0/autopoisoner)|Web cache poisoning vulnerability scanner.|![](https://img.shields.io/github/stars/Th0h0/autopoisoner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[SQLiDetector](https://github.com/eslam3kl/SQLiDetector)|Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.|![](https://img.shields.io/github/stars/eslam3kl/SQLiDetector?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Oralyzer](https://github.com/r0075h3ll/Oralyzer)|Open Redirection Analyzer|![](https://img.shields.io/github/stars/r0075h3ll/Oralyzer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[Oralyzer](https://github.com/r0075h3ll/Oralyzer)|Open Redirection Analyzer|![](https://img.shields.io/github/stars/r0075h3ll/Oralyzer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Scanner|[scan4all](https://github.com/hktalent/scan4all)|Official repository vuls Scan|![](https://img.shields.io/github/stars/hktalent/scan4all?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[deadlinks](https://github.com/butuzov/deadlinks)|Health checks for your documentation links.|![](https://img.shields.io/github/stars/butuzov/deadlinks?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[DeadFinder](https://github.com/hahwul/deadfinder)|Find dead-links (broken links)|![](https://img.shields.io/github/stars/hahwul/deadfinder?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[S3cret Scanner](https://github.com/Eilonh/s3crets_scanner)|Hunting For Secrets Uploaded To Public S3 Buckets|![](https://img.shields.io/github/stars/Eilonh/s3crets_scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Exploit|[ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|![](https://img.shields.io/github/stars/r0oth3x49/ghauri?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|![](https://img.shields.io/github/stars/r0oth3x49/ghauri?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[of-CORS](https://github.com/trufflesecurity/of-CORS)|Identifying and exploiting CORS misconfigurations on the internal networks|![](https://img.shields.io/github/stars/trufflesecurity/of-CORS?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)| |Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Exploit|[Liffy](https://github.com/mzfr/liffy)|Local file inclusion exploitation tool|![](https://img.shields.io/github/stars/mzfr/liffy?label=%20)|[`lfi`](/categorize/tags/lfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[of-CORS](https://github.com/trufflesecurity/of-CORS)|Identifying and exploiting CORS misconfigurations on the internal networks|![](https://img.shields.io/github/stars/trufflesecurity/of-CORS?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|Tool to help exploit XXE vulnerabilities|![](https://img.shields.io/github/stars/luisfontes19/xxexploiter?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Exploit|[BaRMIe](https://github.com/NickstaDB/BaRMIe)|Java RMI enumeration and attack tool.|![](https://img.shields.io/github/stars/NickstaDB/BaRMIe?label=%20)|[`RMI`](/categorize/tags/RMI.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Exploit|[BaRMIe](https://github.com/NickstaDB/BaRMIe)|Java RMI enumeration and attack tool.|![](https://img.shields.io/github/stars/NickstaDB/BaRMIe?label=%20)|[`RMI`](/categorize/tags/RMI.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Exploit|[Liffy](https://github.com/mzfr/liffy)|Local file inclusion exploitation tool|![](https://img.shields.io/github/stars/mzfr/liffy?label=%20)|[`lfi`](/categorize/tags/lfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[ropr](https://github.com/Ben-Lichtman/ropr)|A blazing fast™ multithreaded ROP Gadget finder. ropper|![](https://img.shields.io/github/stars/Ben-Lichtman/ropr?label=%20)|[`rop`](/categorize/tags/rop.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Exploit|[ropr](https://github.com/Ben-Lichtman/ropr)|A blazing fast™ multithreaded ROP Gadget finder. ropper|![](https://img.shields.io/github/stars/Ben-Lichtman/ropr?label=%20)|[`rop`](/categorize/tags/rop.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Exploit|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|Tool to help exploit XXE vulnerabilities|![](https://img.shields.io/github/stars/luisfontes19/xxexploiter?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator)|Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)|![](https://img.shields.io/github/stars/0dayCTF/reverse-shell-generator?label=%20)|[`payload`](/categorize/tags/payload.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.|![](https://img.shields.io/github/stars/tomnomnom/fff?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Phoenix](https://www.hahwul.com/phoenix/)|hahwul's online tools||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level|![](https://img.shields.io/github/stars/trickest/dsieve?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[GadgetProbe](https://github.com/BishopFox/GadgetProbe)|Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.|![](https://img.shields.io/github/stars/BishopFox/GadgetProbe?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[zip-bomb](https://github.com/damianrusinek/zip-bomb)|Create a ZIPBomb for a given uncompressed size (flat and nested modes).|![](https://img.shields.io/github/stars/damianrusinek/zip-bomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![PHP](/images/php.png)](/categorize/langs/PHP.md)|
|Utils|[GQLSpection](https://github.com/doyensec/GQLSpection)|parses GraphQL introspection schema and generates possible queries|![](https://img.shields.io/github/stars/doyensec/GQLSpection?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[difftastic](https://github.com/Wilfred/difftastic)|a structural diff that understands syntax|![](https://img.shields.io/github/stars/Wilfred/difftastic?label=%20)|[`diff`](/categorize/tags/diff.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[httpie](https://github.com/httpie/httpie)|modern, user-friendly command-line HTTP client for the API era|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[nuclei-wordfence-cve](https://github.com/topscoder/nuclei-wordfence-cve)|Every single day new templates are added to this repo based on updates on Wordfence.com|![](https://img.shields.io/github/stars/topscoder/nuclei-wordfence-cve?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google||[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|[`report`](/categorize/tags/report.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[missing-cve-nuclei-templates](https://github.com/edoardottt/missing-cve-nuclei-templates)|Weekly updated list of missing CVEs in nuclei templates official repository|![](https://img.shields.io/github/stars/edoardottt/missing-cve-nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![HTML](/images/html.png)](/categorize/langs/HTML.md)|
|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[mubeng](https://github.com/kitabisa/mubeng)|An incredibly fast proxy checker & IP rotator with ease.|![](https://img.shields.io/github/stars/kitabisa/mubeng?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C++](/images/c++.png)](/categorize/langs/C++.md)|
|Utils|[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates)|Community curated list of templates for the nuclei engine to find security vulnerabilities.|![](https://img.shields.io/github/stars/projectdiscovery/nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[missing-cve-nuclei-templates](https://github.com/edoardottt/missing-cve-nuclei-templates)|Weekly updated list of missing CVEs in nuclei templates official repository|![](https://img.shields.io/github/stars/edoardottt/missing-cve-nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[cent](https://github.com/xm1k3/cent)|Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.|![](https://img.shields.io/github/stars/xm1k3/cent?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[ZipBomb](https://github.com/abdulfatir/ZipBomb)|A simple implementation of ZipBomb in Python|![](https://img.shields.io/github/stars/abdulfatir/ZipBomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![BlitzBasic](/images/blitzbasic.png)](/categorize/langs/BlitzBasic.md)|
|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable!|![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|[`json`](/categorize/tags/json.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![PHP](/images/php.png)](/categorize/langs/PHP.md)|
|Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator)|Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)|![](https://img.shields.io/github/stars/0dayCTF/reverse-shell-generator?label=%20)|[`payload`](/categorize/tags/payload.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C++](/images/c++.png)](/categorize/langs/C++.md)|
|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Redcloud](https://github.com/khast3x/Redcloud)|Automated Red Team Infrastructure deployement using Docker|![](https://img.shields.io/github/stars/khast3x/Redcloud?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[GadgetProbe](https://github.com/BishopFox/GadgetProbe)|Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.|![](https://img.shields.io/github/stars/BishopFox/GadgetProbe?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[eoyc](https://github.com/hahwul/eoyc)|Encoding Only Your Choices|![](https://img.shields.io/github/stars/hahwul/eoyc?label=%20)|[`encode`](/categorize/tags/encode.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)|
|Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.|![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)| |Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.|![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[mubeng](https://github.com/kitabisa/mubeng)|An incredibly fast proxy checker & IP rotator with ease.|![](https://img.shields.io/github/stars/kitabisa/mubeng?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|[`report`](/categorize/tags/report.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![CSS](/images/css.png)](/categorize/langs/CSS.md)|
|Utils|[Clipboard](https://github.com/Slackadays/Clipboard)|An external brain that remembers anything, anytime, anywhere.|![](https://img.shields.io/github/stars/Slackadays/Clipboard?label=%20)|[`clipboard`](/categorize/tags/clipboard.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C++](/images/c++.png)](/categorize/langs/C++.md)|
|Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level|![](https://img.shields.io/github/stars/trickest/dsieve?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[GQLSpection](https://github.com/doyensec/GQLSpection)|parses GraphQL introspection schema and generates possible queries|![](https://img.shields.io/github/stars/doyensec/GQLSpection?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[hoppscotch](https://github.com/hoppscotch/hoppscotch)|Open source API development ecosystem|![](https://img.shields.io/github/stars/hoppscotch/hoppscotch?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[bruteforce-lists](https://github.com/random-robbie/bruteforce-lists)|Some files for bruteforcing certain things.|![](https://img.shields.io/github/stars/random-robbie/bruteforce-lists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[REcollapse](https://github.com/0xacb/recollapse)|REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications|![](https://img.shields.io/github/stars/0xacb/recollapse?label=%20)|[`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.|![](https://img.shields.io/github/stars/tomnomnom/fff?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates)|Community curated list of templates for the nuclei engine to find security vulnerabilities.|![](https://img.shields.io/github/stars/projectdiscovery/nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google||[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.|![](https://img.shields.io/github/stars/NickstaDB/SerializationDumper?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![HTML](/images/html.png)](/categorize/langs/HTML.md)|
|Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Phoenix](https://www.hahwul.com/phoenix/)|hahwul's online tools||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[SequenceDiagram](https://sequencediagram.org)|Online tool for creating UML sequence diagrams||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[difftastic](https://github.com/Wilfred/difftastic)|a structural diff that understands syntax|![](https://img.shields.io/github/stars/Wilfred/difftastic?label=%20)|[`diff`](/categorize/tags/diff.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![HTML](/images/html.png)](/categorize/langs/HTML.md)| |Utils|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![HTML](/images/html.png)](/categorize/langs/HTML.md)|
|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[nuclei-wordfence-cve](https://github.com/topscoder/nuclei-wordfence-cve)|Every single day new templates are added to this repo based on updates on Wordfence.com|![](https://img.shields.io/github/stars/topscoder/nuclei-wordfence-cve?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[godeclutter](https://github.com/c3l3si4n/godeclutter)|Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.|![](https://img.shields.io/github/stars/c3l3si4n/godeclutter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![CSS](/images/css.png)](/categorize/langs/CSS.md)|
|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![BlitzBasic](/images/blitzbasic.png)](/categorize/langs/BlitzBasic.md)|
|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[cent](https://github.com/xm1k3/cent)|Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.|![](https://img.shields.io/github/stars/xm1k3/cent?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Clipboard](https://github.com/Slackadays/Clipboard)|An external brain that remembers anything, anytime, anywhere.|![](https://img.shields.io/github/stars/Slackadays/Clipboard?label=%20)|[`clipboard`](/categorize/tags/clipboard.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C++](/images/c++.png)](/categorize/langs/C++.md)|
|Utils|[ZipBomb](https://github.com/abdulfatir/ZipBomb)|A simple implementation of ZipBomb in Python|![](https://img.shields.io/github/stars/abdulfatir/ZipBomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[bruteforce-lists](https://github.com/random-robbie/bruteforce-lists)|Some files for bruteforcing certain things.|![](https://img.shields.io/github/stars/random-robbie/bruteforce-lists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hoppscotch](https://github.com/hoppscotch/hoppscotch)|Open source API development ecosystem|![](https://img.shields.io/github/stars/hoppscotch/hoppscotch?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[SequenceDiagram](https://sequencediagram.org)|Online tool for creating UML sequence diagrams||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[REcollapse](https://github.com/0xacb/recollapse)|REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications|![](https://img.shields.io/github/stars/0xacb/recollapse?label=%20)|[`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.|![](https://img.shields.io/github/stars/NickstaDB/SerializationDumper?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Redcloud](https://github.com/khast3x/Redcloud)|Automated Red Team Infrastructure deployement using Docker|![](https://img.shields.io/github/stars/khast3x/Redcloud?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable!|![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|[`json`](/categorize/tags/json.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[eoyc](https://github.com/hahwul/eoyc)|Encoding Only Your Choices|![](https://img.shields.io/github/stars/hahwul/eoyc?label=%20)|[`encode`](/categorize/tags/encode.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)|
|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[httpie](https://github.com/httpie/httpie)|modern, user-friendly command-line HTTP client for the API era|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[godeclutter](https://github.com/c3l3si4n/godeclutter)|Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.|![](https://img.shields.io/github/stars/c3l3si4n/godeclutter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[zip-bomb](https://github.com/damianrusinek/zip-bomb)|Create a ZIPBomb for a given uncompressed size (flat and nested modes).|![](https://img.shields.io/github/stars/damianrusinek/zip-bomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Env|[Crimson](https://github.com/Karmaz95/crimson)|Web Application Security Testing automation.|![](https://img.shields.io/github/stars/Karmaz95/crimson?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Env|[Crimson](https://github.com/Karmaz95/crimson)|Web Application Security Testing automation.|![](https://img.shields.io/github/stars/Karmaz95/crimson?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Env|[Glue](https://github.com/OWASP/glue)|Application Security Automation|![](https://img.shields.io/github/stars/OWASP/glue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Env|[pentest-env](https://github.com/Sliim/pentest-env)|Pentest environment deployer (kali linux + targets) using vagrant and chef.|![](https://img.shields.io/github/stars/Sliim/pentest-env?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Env|[pentest-env](https://github.com/Sliim/pentest-env)|Pentest environment deployer (kali linux + targets) using vagrant and chef.|![](https://img.shields.io/github/stars/Sliim/pentest-env?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Env|[Glue](https://github.com/OWASP/glue)|Application Security Automation|![](https://img.shields.io/github/stars/OWASP/glue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
### Bookmarklets ### Bookmarklets
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
@ -372,71 +372,72 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![safari](/images/safari.png)| |Recon|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![safari](/images/safari.png)|
|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[DOMLogger++](https://github.com/kevin-mizu/domloggerpp)|A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.|![](https://img.shields.io/github/stars/kevin-mizu/domloggerpp?label=%20)|[`dom`](/categorize/tags/dom.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![safari](/images/safari.png)|
|Utils|[firefox-container-proxy](https://github.com/bekh6ex/firefox-container-proxy)|Assign a proxy to a Firefox container|![](https://img.shields.io/github/stars/bekh6ex/firefox-container-proxy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[ZAP Browser Extension](https://github.com/zaproxy/browser-extension/)|A browser extension which allows ZAP to interact directly with the browser.|![](https://img.shields.io/github/stars/zaproxy/browser-extension/?label=%20)|[`browser-record`](/categorize/tags/browser-record.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)![zap](/images/zap.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Dark Reader](https://github.com/darkreader/darkreader)|Dark mode to any site|![](https://img.shields.io/github/stars/darkreader/darkreader?label=%20)|[`darkmode`](/categorize/tags/darkmode.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[PwnFox](https://github.com/yeswehack/PwnFox)|Firefox/Burp extension that provide usefull tools for your security audit.|![](https://img.shields.io/github/stars/yeswehack/PwnFox?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Firefox Multi-Account Containers](https://github.com/mozilla/multi-account-containers)|Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs|![](https://img.shields.io/github/stars/mozilla/multi-account-containers?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[Firefox Multi-Account Containers](https://github.com/mozilla/multi-account-containers)|Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs|![](https://img.shields.io/github/stars/mozilla/multi-account-containers?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[firefox-container-proxy](https://github.com/bekh6ex/firefox-container-proxy)|Assign a proxy to a Firefox container|![](https://img.shields.io/github/stars/bekh6ex/firefox-container-proxy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[PwnFox](https://github.com/yeswehack/PwnFox)|Firefox/Burp extension that provide usefull tools for your security audit.|![](https://img.shields.io/github/stars/yeswehack/PwnFox?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![safari](/images/safari.png)|
|Utils|[ZAP Browser Extension](https://github.com/zaproxy/browser-extension/)|A browser extension which allows ZAP to interact directly with the browser.|![](https://img.shields.io/github/stars/zaproxy/browser-extension/?label=%20)|[`browser-record`](/categorize/tags/browser-record.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)![zap](/images/zap.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[User-Agent Switcher](https://addons.mozilla.org/ko/firefox/addon/user-agent-switcher-revived/)|quick and easy way to switch between user-agents.|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)| |Utils|[User-Agent Switcher](https://addons.mozilla.org/ko/firefox/addon/user-agent-switcher-revived/)|quick and easy way to switch between user-agents.|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)|
|Utils|[Dark Reader](https://github.com/darkreader/darkreader)|Dark mode to any site|![](https://img.shields.io/github/stars/darkreader/darkreader?label=%20)|[`darkmode`](/categorize/tags/darkmode.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
### Burpsuite and ZAP Addons ### Burpsuite and ZAP Addons
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)|
|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)|
|Recon|[HUNT](https://github.com/bugcrowd/HUNT)|Identifies common parameters vulnerable to certain vulnerability classes|![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Recon|[HUNT](https://github.com/bugcrowd/HUNT)|Identifies common parameters vulnerable to certain vulnerability classes|![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Fuzzer|[GAP](https://github.com/xnl-h4ck3r/GAP-Burp-Extension)|This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.|![](https://img.shields.io/github/stars/xnl-h4ck3r/GAP-Burp-Extension?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[GAP](https://github.com/xnl-h4ck3r/GAP-Burp-Extension)|This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.|![](https://img.shields.io/github/stars/xnl-h4ck3r/GAP-Burp-Extension?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[Neonmarker](https://github.com/kingthorin/neonmarker)||![](https://img.shields.io/github/stars/kingthorin/neonmarker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[blackboxprotobuf](https://github.com/nccgroup/blackboxprotobuf)|Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.|![](https://img.shields.io/github/stars/nccgroup/blackboxprotobuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[AWSSigner](https://github.com/NetSPI/AWSSigner)|Burp Extension for AWS Signing|![](https://img.shields.io/github/stars/NetSPI/AWSSigner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[pcap-burp](https://github.com/nccgroup/pcap-burp)|Pcap importer for Burp|![](https://img.shields.io/github/stars/nccgroup/pcap-burp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Berserko](https://github.com/nccgroup/Berserko)|Burp Suite extension to perform Kerberos authentication|![](https://img.shields.io/github/stars/nccgroup/Berserko?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[Map Local](https://github.com/Keindel/owasp-zap-maplocal-addon)|ZAP add-on which allows mapping of responses to content of a chosen local file.|![](https://img.shields.io/github/stars/Keindel/owasp-zap-maplocal-addon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)|Automated HTTP Request Repeating With Burp Suite|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Decoder-Improved](https://github.com/nccgroup/Decoder-Improved)|Improved decoder for Burp Suite|![](https://img.shields.io/github/stars/nccgroup/Decoder-Improved?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[argumentinjectionhammer](https://github.com/nccgroup/argumentinjectionhammer)|A Burp Extension designed to identify argument injection vulnerabilities.|![](https://img.shields.io/github/stars/nccgroup/argumentinjectionhammer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[argumentinjectionhammer](https://github.com/nccgroup/argumentinjectionhammer)|A Burp Extension designed to identify argument injection vulnerabilities.|![](https://img.shields.io/github/stars/nccgroup/argumentinjectionhammer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Web3 Decoder](https://github.com/nccgroup/web3-decoder)|Burp Extension for Web3|![](https://img.shields.io/github/stars/nccgroup/web3-decoder?label=%20)|[`web3`](/categorize/tags/web3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[blackboxprotobuf](https://github.com/nccgroup/blackboxprotobuf)|Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.|![](https://img.shields.io/github/stars/nccgroup/blackboxprotobuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Map Local](https://github.com/Keindel/owasp-zap-maplocal-addon)|ZAP add-on which allows mapping of responses to content of a chosen local file.|![](https://img.shields.io/github/stars/Keindel/owasp-zap-maplocal-addon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)|Automated HTTP Request Repeating With Burp Suite|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Decoder-Improved](https://github.com/nccgroup/Decoder-Improved)|Improved decoder for Burp Suite|![](https://img.shields.io/github/stars/nccgroup/Decoder-Improved?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[HTTPSignatures](https://github.com/nccgroup/HTTPSignatures)|A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.|![](https://img.shields.io/github/stars/nccgroup/HTTPSignatures?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[HTTPSignatures](https://github.com/nccgroup/HTTPSignatures)|A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.|![](https://img.shields.io/github/stars/nccgroup/HTTPSignatures?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[reflect](https://github.com/cak/reflect)||![](https://img.shields.io/github/stars/cak/reflect?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Utils|[reflect](https://github.com/cak/reflect)||![](https://img.shields.io/github/stars/cak/reflect?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![BlitzBasic](/images/blitzbasic.png)](/categorize/langs/BlitzBasic.md)|
|Utils|[gRPC-Web Pentest Suite](https://github.com/nxenon/grpc-pentest-suite)|gRPC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-Web) applications.|![](https://img.shields.io/github/stars/nxenon/grpc-pentest-suite?label=%20)|[`gRPC-Web`](/categorize/tags/gRPC-Web.md)|![burp](/images/burp.png)![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[Berserko](https://github.com/nccgroup/Berserko)|Burp Suite extension to perform Kerberos authentication|![](https://img.shields.io/github/stars/nccgroup/Berserko?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[gRPC-Web Pentest Suite](https://github.com/nxenon/grpc-pentest-suite)|gRPC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-Web) applications.|![](https://img.shields.io/github/stars/nxenon/grpc-pentest-suite?label=%20)|[`gRPC-Web`](/categorize/tags/gRPC-Web.md)|![burp](/images/burp.png)![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AWSSigner](https://github.com/NetSPI/AWSSigner)|Burp Extension for AWS Signing|![](https://img.shields.io/github/stars/NetSPI/AWSSigner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Web3 Decoder](https://github.com/nccgroup/web3-decoder)|Burp Extension for Web3|![](https://img.shields.io/github/stars/nccgroup/web3-decoder?label=%20)|[`web3`](/categorize/tags/web3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[pcap-burp](https://github.com/nccgroup/pcap-burp)|Pcap importer for Burp|![](https://img.shields.io/github/stars/nccgroup/pcap-burp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[Neonmarker](https://github.com/kingthorin/neonmarker)||![](https://img.shields.io/github/stars/kingthorin/neonmarker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![BlitzBasic](/images/blitzbasic.png)](/categorize/langs/BlitzBasic.md)|
|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
## Thanks to (Contributor) ## Thanks to (Contributor)
WHW's open-source project and made it with ❤️ if you want contribute this project, please see [CONTRIBUTING.md](https://github.com/hahwul/WebHackersWeapons/blob/main/CONTRIBUTING.md) and Pull-Request with cool your contents. WHW's open-source project and made it with ❤️ if you want contribute this project, please see [CONTRIBUTING.md](https://github.com/hahwul/WebHackersWeapons/blob/main/CONTRIBUTING.md) and Pull-Request with cool your contents.

View File

@ -3,6 +3,6 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)| |Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|

View File

@ -4,8 +4,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|

View File

@ -4,121 +4,121 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|[`live-audit`](/categorize/tags/live-audit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|[`live-audit`](/categorize/tags/live-audit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[Glorp](https://github.com/denandz/glorp)|A CLI-based HTTP intercept and replay proxy|![](https://img.shields.io/github/stars/denandz/glorp?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Proxy|[Glorp](https://github.com/denandz/glorp)|A CLI-based HTTP intercept and replay proxy|![](https://img.shields.io/github/stars/denandz/glorp?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[csprecon](https://github.com/edoardottt/csprecon)|Discover new target domains using Content Security Policy|![](https://img.shields.io/github/stars/edoardottt/csprecon?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[shosubgo](https://github.com/incogbyte/shosubgo)|Small tool to Grab subdomains using Shodan api.|![](https://img.shields.io/github/stars/incogbyte/shosubgo?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[jsluice](https://github.com/BishopFox/jsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https://img.shields.io/github/stars/BishopFox/jsluice?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Smap](https://github.com/s0md3v/smap/)|a drop-in replacement for Nmap powered by shodan.io|![](https://img.shields.io/github/stars/s0md3v/smap/?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[goverview](https://github.com/j3ssie/goverview)|goverview - Get an overview of the list of URLs|![](https://img.shields.io/github/stars/j3ssie/goverview?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[favirecon](https://github.com/edoardottt/favirecon)|Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.|![](https://img.shields.io/github/stars/edoardottt/favirecon?label=%20)|[`favicon`](/categorize/tags/favicon.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|[`domain`](/categorize/tags/domain.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|[`domain`](/categorize/tags/domain.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[shosubgo](https://github.com/incogbyte/shosubgo)|Small tool to Grab subdomains using Shodan api.|![](https://img.shields.io/github/stars/incogbyte/shosubgo?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[goverview](https://github.com/j3ssie/goverview)|goverview - Get an overview of the list of URLs|![](https://img.shields.io/github/stars/j3ssie/goverview?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|![](https://img.shields.io/github/stars/projectdiscovery/katana?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Smap](https://github.com/s0md3v/smap/)|a drop-in replacement for Nmap powered by shodan.io|![](https://img.shields.io/github/stars/s0md3v/smap/?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[csprecon](https://github.com/edoardottt/csprecon)|Discover new target domains using Content Security Policy|![](https://img.shields.io/github/stars/edoardottt/csprecon?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[jsluice](https://github.com/BishopFox/jsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https://img.shields.io/github/stars/BishopFox/jsluice?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|![](https://img.shields.io/github/stars/projectdiscovery/katana?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[favirecon](https://github.com/edoardottt/favirecon)|Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.|![](https://img.shields.io/github/stars/edoardottt/favirecon?label=%20)|[`favicon`](/categorize/tags/favicon.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[headerpwn](https://github.com/devanshbatham/headerpwn)|A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers|![](https://img.shields.io/github/stars/devanshbatham/headerpwn?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[SmuggleFuzz](https://github.com/Moopinger/smugglefuzz/)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https://img.shields.io/github/stars/Moopinger/smugglefuzz/?label=%20)|[`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[SmuggleFuzz](https://github.com/Moopinger/smugglefuzz/)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https://img.shields.io/github/stars/Moopinger/smugglefuzz/?label=%20)|[`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[headerpwn](https://github.com/devanshbatham/headerpwn)|A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers|![](https://img.shields.io/github/stars/devanshbatham/headerpwn?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[scan4all](https://github.com/hktalent/scan4all)|Official repository vuls Scan|![](https://img.shields.io/github/stars/hktalent/scan4all?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|[`dependency-confusion`](/categorize/tags/dependency-confusion.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|[`dependency-confusion`](/categorize/tags/dependency-confusion.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[FockCache](https://github.com/tismayil/fockcache)|Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[FockCache](https://github.com/tismayil/fockcache)|Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[scan4all](https://github.com/hktalent/scan4all)|Official repository vuls Scan|![](https://img.shields.io/github/stars/hktalent/scan4all?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|[`header`](/categorize/tags/header.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|[`403`](/categorize/tags/403.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.|![](https://img.shields.io/github/stars/tomnomnom/fff?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level|![](https://img.shields.io/github/stars/trickest/dsieve?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[mubeng](https://github.com/kitabisa/mubeng)|An incredibly fast proxy checker & IP rotator with ease.|![](https://img.shields.io/github/stars/kitabisa/mubeng?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates)|Community curated list of templates for the nuclei engine to find security vulnerabilities.|![](https://img.shields.io/github/stars/projectdiscovery/nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[godeclutter](https://github.com/c3l3si4n/godeclutter)|Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.|![](https://img.shields.io/github/stars/c3l3si4n/godeclutter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[cent](https://github.com/xm1k3/cent)|Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.|![](https://img.shields.io/github/stars/xm1k3/cent?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[cent](https://github.com/xm1k3/cent)|Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.|![](https://img.shields.io/github/stars/xm1k3/cent?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable!|![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|[`json`](/categorize/tags/json.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable!|![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|[`json`](/categorize/tags/json.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[mubeng](https://github.com/kitabisa/mubeng)|An incredibly fast proxy checker & IP rotator with ease.|![](https://img.shields.io/github/stars/kitabisa/mubeng?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level|![](https://img.shields.io/github/stars/trickest/dsieve?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.|![](https://img.shields.io/github/stars/tomnomnom/fff?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates)|Community curated list of templates for the nuclei engine to find security vulnerabilities.|![](https://img.shields.io/github/stars/projectdiscovery/nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[godeclutter](https://github.com/c3l3si4n/godeclutter)|Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.|![](https://img.shields.io/github/stars/c3l3si4n/godeclutter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -5,36 +5,36 @@
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Exploit|[BaRMIe](https://github.com/NickstaDB/BaRMIe)|Java RMI enumeration and attack tool.|![](https://img.shields.io/github/stars/NickstaDB/BaRMIe?label=%20)|[`RMI`](/categorize/tags/RMI.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Exploit|[BaRMIe](https://github.com/NickstaDB/BaRMIe)|Java RMI enumeration and attack tool.|![](https://img.shields.io/github/stars/NickstaDB/BaRMIe?label=%20)|[`RMI`](/categorize/tags/RMI.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[Neonmarker](https://github.com/kingthorin/neonmarker)||![](https://img.shields.io/github/stars/kingthorin/neonmarker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[GadgetProbe](https://github.com/BishopFox/GadgetProbe)|Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.|![](https://img.shields.io/github/stars/BishopFox/GadgetProbe?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AWSSigner](https://github.com/NetSPI/AWSSigner)|Burp Extension for AWS Signing|![](https://img.shields.io/github/stars/NetSPI/AWSSigner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[pcap-burp](https://github.com/nccgroup/pcap-burp)|Pcap importer for Burp|![](https://img.shields.io/github/stars/nccgroup/pcap-burp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Berserko](https://github.com/nccgroup/Berserko)|Burp Suite extension to perform Kerberos authentication|![](https://img.shields.io/github/stars/nccgroup/Berserko?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Map Local](https://github.com/Keindel/owasp-zap-maplocal-addon)|ZAP add-on which allows mapping of responses to content of a chosen local file.|![](https://img.shields.io/github/stars/Keindel/owasp-zap-maplocal-addon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)|Automated HTTP Request Repeating With Burp Suite|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Decoder-Improved](https://github.com/nccgroup/Decoder-Improved)|Improved decoder for Burp Suite|![](https://img.shields.io/github/stars/nccgroup/Decoder-Improved?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Web3 Decoder](https://github.com/nccgroup/web3-decoder)|Burp Extension for Web3|![](https://img.shields.io/github/stars/nccgroup/web3-decoder?label=%20)|[`web3`](/categorize/tags/web3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.|![](https://img.shields.io/github/stars/NickstaDB/SerializationDumper?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[Map Local](https://github.com/Keindel/owasp-zap-maplocal-addon)|ZAP add-on which allows mapping of responses to content of a chosen local file.|![](https://img.shields.io/github/stars/Keindel/owasp-zap-maplocal-addon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)|Automated HTTP Request Repeating With Burp Suite|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Decoder-Improved](https://github.com/nccgroup/Decoder-Improved)|Improved decoder for Burp Suite|![](https://img.shields.io/github/stars/nccgroup/Decoder-Improved?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[HTTPSignatures](https://github.com/nccgroup/HTTPSignatures)|A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.|![](https://img.shields.io/github/stars/nccgroup/HTTPSignatures?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[HTTPSignatures](https://github.com/nccgroup/HTTPSignatures)|A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.|![](https://img.shields.io/github/stars/nccgroup/HTTPSignatures?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Berserko](https://github.com/nccgroup/Berserko)|Burp Suite extension to perform Kerberos authentication|![](https://img.shields.io/github/stars/nccgroup/Berserko?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[GadgetProbe](https://github.com/BishopFox/GadgetProbe)|Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.|![](https://img.shields.io/github/stars/BishopFox/GadgetProbe?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[AWSSigner](https://github.com/NetSPI/AWSSigner)|Burp Extension for AWS Signing|![](https://img.shields.io/github/stars/NetSPI/AWSSigner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[Web3 Decoder](https://github.com/nccgroup/web3-decoder)|Burp Extension for Web3|![](https://img.shields.io/github/stars/nccgroup/web3-decoder?label=%20)|[`web3`](/categorize/tags/web3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.|![](https://img.shields.io/github/stars/NickstaDB/SerializationDumper?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[pcap-burp](https://github.com/nccgroup/pcap-burp)|Pcap importer for Burp|![](https://img.shields.io/github/stars/nccgroup/pcap-burp?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[Neonmarker](https://github.com/kingthorin/neonmarker)||![](https://img.shields.io/github/stars/kingthorin/neonmarker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|

View File

@ -3,36 +3,37 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator)|Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)|![](https://img.shields.io/github/stars/0dayCTF/reverse-shell-generator?label=%20)|[`payload`](/categorize/tags/payload.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[DOMLogger++](https://github.com/kevin-mizu/domloggerpp)|A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.|![](https://img.shields.io/github/stars/kevin-mizu/domloggerpp?label=%20)|[`dom`](/categorize/tags/dom.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Phoenix](https://www.hahwul.com/phoenix/)|hahwul's online tools||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[firefox-container-proxy](https://github.com/bekh6ex/firefox-container-proxy)|Assign a proxy to a Firefox container|![](https://img.shields.io/github/stars/bekh6ex/firefox-container-proxy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator)|Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)|![](https://img.shields.io/github/stars/0dayCTF/reverse-shell-generator?label=%20)|[`payload`](/categorize/tags/payload.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Phoenix](https://www.hahwul.com/phoenix/)|hahwul's online tools||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[PwnFox](https://github.com/yeswehack/PwnFox)|Firefox/Burp extension that provide usefull tools for your security audit.|![](https://img.shields.io/github/stars/yeswehack/PwnFox?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Firefox Multi-Account Containers](https://github.com/mozilla/multi-account-containers)|Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs|![](https://img.shields.io/github/stars/mozilla/multi-account-containers?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[Firefox Multi-Account Containers](https://github.com/mozilla/multi-account-containers)|Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs|![](https://img.shields.io/github/stars/mozilla/multi-account-containers?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[firefox-container-proxy](https://github.com/bekh6ex/firefox-container-proxy)|Assign a proxy to a Firefox container|![](https://img.shields.io/github/stars/bekh6ex/firefox-container-proxy?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[PwnFox](https://github.com/yeswehack/PwnFox)|Firefox/Burp extension that provide usefull tools for your security audit.|![](https://img.shields.io/github/stars/yeswehack/PwnFox?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|[`cookie`](/categorize/tags/cookie.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

View File

@ -4,7 +4,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[HUNT](https://github.com/bugcrowd/HUNT)|Identifies common parameters vulnerable to certain vulnerability classes|![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Recon|[HUNT](https://github.com/bugcrowd/HUNT)|Identifies common parameters vulnerable to certain vulnerability classes|![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[reflect](https://github.com/cak/reflect)||![](https://img.shields.io/github/stars/cak/reflect?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Utils|[reflect](https://github.com/cak/reflect)||![](https://img.shields.io/github/stars/cak/reflect?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|

View File

@ -4,7 +4,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|[`path-traversal`](/categorize/tags/path-traversal.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)| |Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|[`path-traversal`](/categorize/tags/path-traversal.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)| |Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|
|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)| |Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|

View File

@ -4,107 +4,107 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https://img.shields.io/github/stars/mitmproxy/mitmproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https://img.shields.io/github/stars/mitmproxy/mitmproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[BLUTO](https://github.com/darryllane/Bluto)|DNS Analysis Tool|![](https://img.shields.io/github/stars/darryllane/Bluto?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https://img.shields.io/github/stars/xnl-h4ck3r/xnLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[SubBrute](https://github.com/aboul3la/Sublist3r)|https://github.com/TheRook/subbrute|![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[graphw00f](https://github.com/dolevf/graphw00f)|GraphQL Server Engine Fingerprinting utility|![](https://img.shields.io/github/stars/dolevf/graphw00f?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Lepus](https://github.com/gfek/Lepus)|Subdomain finder|![](https://img.shields.io/github/stars/gfek/Lepus?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[graphw00f](https://github.com/dolevf/graphw00f)|GraphQL Server Engine Fingerprinting utility|![](https://img.shields.io/github/stars/dolevf/graphw00f?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[bbot](https://github.com/blacklanternsecurity/bbot)|OSINT automation for hackers|![](https://img.shields.io/github/stars/blacklanternsecurity/bbot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[bbot](https://github.com/blacklanternsecurity/bbot)|OSINT automation for hackers|![](https://img.shields.io/github/stars/blacklanternsecurity/bbot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[BLUTO](https://github.com/darryllane/Bluto)|DNS Analysis Tool|![](https://img.shields.io/github/stars/darryllane/Bluto?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[HostHunter](https://github.com/SpiderLabs/HostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https://img.shields.io/github/stars/SpiderLabs/HostHunter?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[HostHunter](https://github.com/SpiderLabs/HostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https://img.shields.io/github/stars/SpiderLabs/HostHunter?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[SubBrute](https://github.com/aboul3la/Sublist3r)|https://github.com/TheRook/subbrute|![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https://img.shields.io/github/stars/xnl-h4ck3r/xnLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[CrackQL](https://github.com/nicholasaleks/CrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https://img.shields.io/github/stars/nicholasaleks/CrackQL?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[Clairvoyance](https://github.com/nikitastupin/clairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https://img.shields.io/github/stars/nikitastupin/clairvoyance?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Lepus](https://github.com/gfek/Lepus)|Subdomain finder|![](https://img.shields.io/github/stars/gfek/Lepus?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[SSTImap](https://github.com/vladko312/SSTImap)|Automatic SSTI detection tool with interactive interface|![](https://img.shields.io/github/stars/vladko312/SSTImap?label=%20)|[`ssti`](/categorize/tags/ssti.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[GAP](https://github.com/xnl-h4ck3r/GAP-Burp-Extension)|This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.|![](https://img.shields.io/github/stars/xnl-h4ck3r/GAP-Burp-Extension?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[BatchQL](https://github.com/assetnote/batchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https://img.shields.io/github/stars/assetnote/batchql?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[BatchQL](https://github.com/assetnote/batchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https://img.shields.io/github/stars/assetnote/batchql?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[CrackQL](https://github.com/nicholasaleks/CrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https://img.shields.io/github/stars/nicholasaleks/CrackQL?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[GAP](https://github.com/xnl-h4ck3r/GAP-Burp-Extension)|This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.|![](https://img.shields.io/github/stars/xnl-h4ck3r/GAP-Burp-Extension?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[Clairvoyance](https://github.com/nikitastupin/clairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https://img.shields.io/github/stars/nikitastupin/clairvoyance?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[deadlinks](https://github.com/butuzov/deadlinks)|Health checks for your documentation links.|![](https://img.shields.io/github/stars/butuzov/deadlinks?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[SSTImap](https://github.com/vladko312/SSTImap)|Automatic SSTI detection tool with interactive interface|![](https://img.shields.io/github/stars/vladko312/SSTImap?label=%20)|[`ssti`](/categorize/tags/ssti.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[S3cret Scanner](https://github.com/Eilonh/s3crets_scanner)|Hunting For Secrets Uploaded To Public S3 Buckets|![](https://img.shields.io/github/stars/Eilonh/s3crets_scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[autopoisoner](https://github.com/Th0h0/autopoisoner)|Web cache poisoning vulnerability scanner.|![](https://img.shields.io/github/stars/Th0h0/autopoisoner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[autopoisoner](https://github.com/Th0h0/autopoisoner)|Web cache poisoning vulnerability scanner.|![](https://img.shields.io/github/stars/Th0h0/autopoisoner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[SQLiDetector](https://github.com/eslam3kl/SQLiDetector)|Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.|![](https://img.shields.io/github/stars/eslam3kl/SQLiDetector?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[SQLiDetector](https://github.com/eslam3kl/SQLiDetector)|Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.|![](https://img.shields.io/github/stars/eslam3kl/SQLiDetector?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Oralyzer](https://github.com/r0075h3ll/Oralyzer)|Open Redirection Analyzer|![](https://img.shields.io/github/stars/r0075h3ll/Oralyzer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[Oralyzer](https://github.com/r0075h3ll/Oralyzer)|Open Redirection Analyzer|![](https://img.shields.io/github/stars/r0075h3ll/Oralyzer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[deadlinks](https://github.com/butuzov/deadlinks)|Health checks for your documentation links.|![](https://img.shields.io/github/stars/butuzov/deadlinks?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[S3cret Scanner](https://github.com/Eilonh/s3crets_scanner)|Hunting For Secrets Uploaded To Public S3 Buckets|![](https://img.shields.io/github/stars/Eilonh/s3crets_scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|[`s3`](/categorize/tags/s3.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|![](https://img.shields.io/github/stars/r0oth3x49/ghauri?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|![](https://img.shields.io/github/stars/r0oth3x49/ghauri?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[of-CORS](https://github.com/trufflesecurity/of-CORS)|Identifying and exploiting CORS misconfigurations on the internal networks|![](https://img.shields.io/github/stars/trufflesecurity/of-CORS?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[of-CORS](https://github.com/trufflesecurity/of-CORS)|Identifying and exploiting CORS misconfigurations on the internal networks|![](https://img.shields.io/github/stars/trufflesecurity/of-CORS?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[Liffy](https://github.com/mzfr/liffy)|Local file inclusion exploitation tool|![](https://img.shields.io/github/stars/mzfr/liffy?label=%20)|[`lfi`](/categorize/tags/lfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[Liffy](https://github.com/mzfr/liffy)|Local file inclusion exploitation tool|![](https://img.shields.io/github/stars/mzfr/liffy?label=%20)|[`lfi`](/categorize/tags/lfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[zip-bomb](https://github.com/damianrusinek/zip-bomb)|Create a ZIPBomb for a given uncompressed size (flat and nested modes).|![](https://img.shields.io/github/stars/damianrusinek/zip-bomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[GQLSpection](https://github.com/doyensec/GQLSpection)|parses GraphQL introspection schema and generates possible queries|![](https://img.shields.io/github/stars/doyensec/GQLSpection?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[blackboxprotobuf](https://github.com/nccgroup/blackboxprotobuf)|Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.|![](https://img.shields.io/github/stars/nccgroup/blackboxprotobuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[httpie](https://github.com/httpie/httpie)|modern, user-friendly command-line HTTP client for the API era|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[nuclei-wordfence-cve](https://github.com/topscoder/nuclei-wordfence-cve)|Every single day new templates are added to this repo based on updates on Wordfence.com|![](https://img.shields.io/github/stars/topscoder/nuclei-wordfence-cve?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[ZipBomb](https://github.com/abdulfatir/ZipBomb)|A simple implementation of ZipBomb in Python|![](https://img.shields.io/github/stars/abdulfatir/ZipBomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[argumentinjectionhammer](https://github.com/nccgroup/argumentinjectionhammer)|A Burp Extension designed to identify argument injection vulnerabilities.|![](https://img.shields.io/github/stars/nccgroup/argumentinjectionhammer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[argumentinjectionhammer](https://github.com/nccgroup/argumentinjectionhammer)|A Burp Extension designed to identify argument injection vulnerabilities.|![](https://img.shields.io/github/stars/nccgroup/argumentinjectionhammer?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[blackboxprotobuf](https://github.com/nccgroup/blackboxprotobuf)|Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.|![](https://img.shields.io/github/stars/nccgroup/blackboxprotobuf?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[ZipBomb](https://github.com/abdulfatir/ZipBomb)|A simple implementation of ZipBomb in Python|![](https://img.shields.io/github/stars/abdulfatir/ZipBomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Redcloud](https://github.com/khast3x/Redcloud)|Automated Red Team Infrastructure deployement using Docker|![](https://img.shields.io/github/stars/khast3x/Redcloud?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gRPC-Web Pentest Suite](https://github.com/nxenon/grpc-pentest-suite)|gRPC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-Web) applications.|![](https://img.shields.io/github/stars/nxenon/grpc-pentest-suite?label=%20)|[`gRPC-Web`](/categorize/tags/gRPC-Web.md)|![burp](/images/burp.png)![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[GQLSpection](https://github.com/doyensec/GQLSpection)|parses GraphQL introspection schema and generates possible queries|![](https://img.shields.io/github/stars/doyensec/GQLSpection?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[REcollapse](https://github.com/0xacb/recollapse)|REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications|![](https://img.shields.io/github/stars/0xacb/recollapse?label=%20)|[`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[REcollapse](https://github.com/0xacb/recollapse)|REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications|![](https://img.shields.io/github/stars/0xacb/recollapse?label=%20)|[`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[nuclei-wordfence-cve](https://github.com/topscoder/nuclei-wordfence-cve)|Every single day new templates are added to this repo based on updates on Wordfence.com|![](https://img.shields.io/github/stars/topscoder/nuclei-wordfence-cve?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Redcloud](https://github.com/khast3x/Redcloud)|Automated Red Team Infrastructure deployement using Docker|![](https://img.shields.io/github/stars/khast3x/Redcloud?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[httpie](https://github.com/httpie/httpie)|modern, user-friendly command-line HTTP client for the API era|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[zip-bomb](https://github.com/damianrusinek/zip-bomb)|Create a ZIPBomb for a given uncompressed size (flat and nested modes).|![](https://img.shields.io/github/stars/damianrusinek/zip-bomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gRPC-Web Pentest Suite](https://github.com/nxenon/grpc-pentest-suite)|gRPC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-Web) applications.|![](https://img.shields.io/github/stars/nxenon/grpc-pentest-suite?label=%20)|[`gRPC-Web`](/categorize/tags/gRPC-Web.md)|![burp](/images/burp.png)![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Env|[Crimson](https://github.com/Karmaz95/crimson)|Web Application Security Testing automation.|![](https://img.shields.io/github/stars/Karmaz95/crimson?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Env|[Crimson](https://github.com/Karmaz95/crimson)|Web Application Security Testing automation.|![](https://img.shields.io/github/stars/Karmaz95/crimson?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -8,14 +8,14 @@
|Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[Hunt3r](https://github.com/EasyRecon/Hunt3r)|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|![](https://img.shields.io/github/stars/EasyRecon/Hunt3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Recon|[Hunt3r](https://github.com/EasyRecon/Hunt3r)|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|![](https://img.shields.io/github/stars/EasyRecon/Hunt3r?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[DeadFinder](https://github.com/hahwul/deadfinder)|Find dead-links (broken links)|![](https://img.shields.io/github/stars/hahwul/deadfinder?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Scanner|[DeadFinder](https://github.com/hahwul/deadfinder)|Find dead-links (broken links)|![](https://img.shields.io/github/stars/hahwul/deadfinder?label=%20)|[`broken-link`](/categorize/tags/broken-link.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Env|[Glue](https://github.com/OWASP/glue)|Application Security Automation|![](https://img.shields.io/github/stars/OWASP/glue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Env|[pentest-env](https://github.com/Sliim/pentest-env)|Pentest environment deployer (kali linux + targets) using vagrant and chef.|![](https://img.shields.io/github/stars/Sliim/pentest-env?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Env|[pentest-env](https://github.com/Sliim/pentest-env)|Pentest environment deployer (kali linux + targets) using vagrant and chef.|![](https://img.shields.io/github/stars/Sliim/pentest-env?label=%20)|[`pentest`](/categorize/tags/pentest.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Env|[Glue](https://github.com/OWASP/glue)|Application Security Automation|![](https://img.shields.io/github/stars/OWASP/glue?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|

View File

@ -5,16 +5,16 @@
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Exploit|[ropr](https://github.com/Ben-Lichtman/ropr)|A blazing fast™ multithreaded ROP Gadget finder. ropper|![](https://img.shields.io/github/stars/Ben-Lichtman/ropr?label=%20)|[`rop`](/categorize/tags/rop.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Exploit|[ropr](https://github.com/Ben-Lichtman/ropr)|A blazing fast™ multithreaded ROP Gadget finder. ropper|![](https://img.shields.io/github/stars/Ben-Lichtman/ropr?label=%20)|[`rop`](/categorize/tags/rop.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[difftastic](https://github.com/Wilfred/difftastic)|a structural diff that understands syntax|![](https://img.shields.io/github/stars/Wilfred/difftastic?label=%20)|[`diff`](/categorize/tags/diff.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Utils|[difftastic](https://github.com/Wilfred/difftastic)|a structural diff that understands syntax|![](https://img.shields.io/github/stars/Wilfred/difftastic?label=%20)|[`diff`](/categorize/tags/diff.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|

View File

@ -4,22 +4,22 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|[`infra`](/categorize/tags/infra.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[Sudomy](https://github.com/screetsec/Sudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https://img.shields.io/github/stars/screetsec/Sudomy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[BugBountyScanner](https://github.com/chvancooten/BugBountyScanner)|A Bash script and Docker image for Bug Bounty reconnaissance.|![](https://img.shields.io/github/stars/chvancooten/BugBountyScanner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[BugBountyScanner](https://github.com/chvancooten/BugBountyScanner)|A Bash script and Docker image for Bug Bounty reconnaissance.|![](https://img.shields.io/github/stars/chvancooten/BugBountyScanner?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[SSRFire](https://github.com/ksharinarayanan/SSRFire)|An automated SSRF finder. Just give the domain name and your server and chill|![](https://img.shields.io/github/stars/ksharinarayanan/SSRFire?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Recon|[Sudomy](https://github.com/screetsec/Sudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https://img.shields.io/github/stars/screetsec/Sudomy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|[`crlf`](/categorize/tags/crlf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|[`crlf`](/categorize/tags/crlf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Fuzzer|[SSRFire](https://github.com/ksharinarayanan/SSRFire)|An automated SSRF finder. Just give the domain name and your server and chill|![](https://img.shields.io/github/stars/ksharinarayanan/SSRFire?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|[`report`](/categorize/tags/report.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|[`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|[`report`](/categorize/tags/report.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|

View File

@ -4,9 +4,9 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Exploit|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|Tool to help exploit XXE vulnerabilities|![](https://img.shields.io/github/stars/luisfontes19/xxexploiter?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Exploit|[XXExploiter](https://github.com/luisfontes19/xxexploiter)|Tool to help exploit XXE vulnerabilities|![](https://img.shields.io/github/stars/luisfontes19/xxexploiter?label=%20)|[`xxe`](/categorize/tags/xxe.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[ZAP Browser Extension](https://github.com/zaproxy/browser-extension/)|A browser extension which allows ZAP to interact directly with the browser.|![](https://img.shields.io/github/stars/zaproxy/browser-extension/?label=%20)|[`browser-record`](/categorize/tags/browser-record.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)![zap](/images/zap.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Utils|[ZAP Browser Extension](https://github.com/zaproxy/browser-extension/)|A browser extension which allows ZAP to interact directly with the browser.|![](https://img.shields.io/github/stars/zaproxy/browser-extension/?label=%20)|[`browser-record`](/categorize/tags/browser-record.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)![zap](/images/zap.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[Dark Reader](https://github.com/darkreader/darkreader)|Dark mode to any site|![](https://img.shields.io/github/stars/darkreader/darkreader?label=%20)|[`darkmode`](/categorize/tags/darkmode.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[hoppscotch](https://github.com/hoppscotch/hoppscotch)|Open source API development ecosystem|![](https://img.shields.io/github/stars/hoppscotch/hoppscotch?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Utils|[hoppscotch](https://github.com/hoppscotch/hoppscotch)|Open source API development ecosystem|![](https://img.shields.io/github/stars/hoppscotch/hoppscotch?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[Dark Reader](https://github.com/darkreader/darkreader)|Dark mode to any site|![](https://img.shields.io/github/stars/darkreader/darkreader?label=%20)|[`darkmode`](/categorize/tags/darkmode.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|

View File

@ -3,6 +3,6 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|[`aaa`](/categorize/tags/aaa.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -3,7 +3,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)| |Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|

View File

@ -3,10 +3,10 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![PHP](/images/php.png)](/categorize/langs/PHP.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![PHP](/images/php.png)](/categorize/langs/PHP.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

View File

@ -5,8 +5,8 @@
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[autopoisoner](https://github.com/Th0h0/autopoisoner)|Web cache poisoning vulnerability scanner.|![](https://img.shields.io/github/stars/Th0h0/autopoisoner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[FockCache](https://github.com/tismayil/fockcache)|Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[FockCache](https://github.com/tismayil/fockcache)|Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[autopoisoner](https://github.com/Th0h0/autopoisoner)|Web cache poisoning vulnerability scanner.|![](https://img.shields.io/github/stars/Th0h0/autopoisoner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|[`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[of-CORS](https://github.com/trufflesecurity/of-CORS)|Identifying and exploiting CORS misconfigurations on the internal networks|![](https://img.shields.io/github/stars/trufflesecurity/of-CORS?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[of-CORS](https://github.com/trufflesecurity/of-CORS)|Identifying and exploiting CORS misconfigurations on the internal networks|![](https://img.shields.io/github/stars/trufflesecurity/of-CORS?label=%20)|[`cors`](/categorize/tags/cors.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -3,14 +3,14 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-knife|[Ronin](https://ronin-rb.dev)|Free and Open Source Ruby Toolkit for Security Research and Development||[`pentest`](/categorize/tags/pentest.md) [`crawl`](/categorize/tags/crawl.md) [`recon`](/categorize/tags/recon.md) [`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Army-knife|[Ronin](https://ronin-rb.dev)|Free and Open Source Ruby Toolkit for Security Research and Development||[`pentest`](/categorize/tags/pentest.md) [`crawl`](/categorize/tags/crawl.md) [`recon`](/categorize/tags/recon.md) [`exploit`](/categorize/tags/exploit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|![](https://img.shields.io/github/stars/projectdiscovery/katana?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[katana](https://github.com/projectdiscovery/katana)|A next-generation crawling and spidering framework.|![](https://img.shields.io/github/stars/projectdiscovery/katana?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![HTML](/images/html.png)](/categorize/langs/HTML.md)| |Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|[`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![HTML](/images/html.png)](/categorize/langs/HTML.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[GadgetProbe](https://github.com/BishopFox/GadgetProbe)|Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.|![](https://img.shields.io/github/stars/BishopFox/GadgetProbe?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)| |Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C#](/images/c%23.png)](/categorize/langs/C%23.md)|
|Utils|[GadgetProbe](https://github.com/BishopFox/GadgetProbe)|Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.|![](https://img.shields.io/github/stars/BishopFox/GadgetProbe?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.|![](https://img.shields.io/github/stars/NickstaDB/SerializationDumper?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Utils|[SerializationDumper](https://github.com/NickstaDB/SerializationDumper)|A tool to dump Java serialization streams in a more human readable form.|![](https://img.shields.io/github/stars/NickstaDB/SerializationDumper?label=%20)|[`deserialize`](/categorize/tags/deserialize.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|

View File

@ -3,16 +3,16 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[BLUTO](https://github.com/darryllane/Bluto)|DNS Analysis Tool|![](https://img.shields.io/github/stars/darryllane/Bluto?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[BLUTO](https://github.com/darryllane/Bluto)|DNS Analysis Tool|![](https://img.shields.io/github/stars/darryllane/Bluto?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.|![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)| |Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.|![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![CSS](/images/css.png)](/categorize/langs/CSS.md)| |Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![CSS](/images/css.png)](/categorize/langs/CSS.md)|
|Utils|[bruteforce-lists](https://github.com/random-robbie/bruteforce-lists)|Some files for bruteforcing certain things.|![](https://img.shields.io/github/stars/random-robbie/bruteforce-lists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)| |Utils|[bruteforce-lists](https://github.com/random-robbie/bruteforce-lists)|Some files for bruteforcing certain things.|![](https://img.shields.io/github/stars/random-robbie/bruteforce-lists?label=%20)|[`wordlist`](/categorize/tags/wordlist.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

7
categorize/tags/dom.md Normal file
View File

@ -0,0 +1,7 @@
## Tools for dom
| Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- |
|Utils|[DOMLogger++](https://github.com/kevin-mizu/domloggerpp)|A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.|![](https://img.shields.io/github/stars/kevin-mizu/domloggerpp?label=%20)|[`dom`](/categorize/tags/dom.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)| |Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|

View File

@ -4,10 +4,10 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[graphw00f](https://github.com/dolevf/graphw00f)|GraphQL Server Engine Fingerprinting utility|![](https://img.shields.io/github/stars/dolevf/graphw00f?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[graphw00f](https://github.com/dolevf/graphw00f)|GraphQL Server Engine Fingerprinting utility|![](https://img.shields.io/github/stars/dolevf/graphw00f?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[CrackQL](https://github.com/nicholasaleks/CrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https://img.shields.io/github/stars/nicholasaleks/CrackQL?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[Clairvoyance](https://github.com/nikitastupin/clairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https://img.shields.io/github/stars/nikitastupin/clairvoyance?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[BatchQL](https://github.com/assetnote/batchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https://img.shields.io/github/stars/assetnote/batchql?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[BatchQL](https://github.com/assetnote/batchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https://img.shields.io/github/stars/assetnote/batchql?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Fuzzer|[CrackQL](https://github.com/nicholasaleks/CrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https://img.shields.io/github/stars/nicholasaleks/CrackQL?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[Clairvoyance](https://github.com/nikitastupin/clairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https://img.shields.io/github/stars/nikitastupin/clairvoyance?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[GQLSpection](https://github.com/doyensec/GQLSpection)|parses GraphQL introspection schema and generates possible queries|![](https://img.shields.io/github/stars/doyensec/GQLSpection?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[GQLSpection](https://github.com/doyensec/GQLSpection)|parses GraphQL introspection schema and generates possible queries|![](https://img.shields.io/github/stars/doyensec/GQLSpection?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|[`graphql`](/categorize/tags/graphql.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|

View File

@ -3,7 +3,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[httpie](https://github.com/httpie/httpie)|modern, user-friendly command-line HTTP client for the API era|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hoppscotch](https://github.com/hoppscotch/hoppscotch)|Open source API development ecosystem|![](https://img.shields.io/github/stars/hoppscotch/hoppscotch?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)| |Utils|[hoppscotch](https://github.com/hoppscotch/hoppscotch)|Open source API development ecosystem|![](https://img.shields.io/github/stars/hoppscotch/hoppscotch?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![TypeScript](/images/typescript.png)](/categorize/langs/TypeScript.md)|
|Utils|[httpie](https://github.com/httpie/httpie)|modern, user-friendly command-line HTTP client for the API era|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|[`http`](/categorize/tags/http.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -3,13 +3,13 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https://img.shields.io/github/stars/xnl-h4ck3r/xnLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[jsluice](https://github.com/BishopFox/jsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https://img.shields.io/github/stars/BishopFox/jsluice?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[jsluice](https://github.com/BishopFox/jsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https://img.shields.io/github/stars/BishopFox/jsluice?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https://img.shields.io/github/stars/xnl-h4ck3r/xnLinkFinder?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|[`js-analysis`](/categorize/tags/js-analysis.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

View File

@ -3,9 +3,9 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|[`jwt`](/categorize/tags/jwt.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

View File

@ -3,7 +3,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|[`live-audit`](/categorize/tags/live-audit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|[`live-audit`](/categorize/tags/live-audit.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|

View File

@ -5,11 +5,11 @@
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[BurpSuite](https://portswigger.net/burp)|The BurpSuite Project||[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Army-Knife|[ZAP](https://github.com/zaproxy/zaproxy)|The ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md) [`live-audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[Echo Mirage](https://sourceforge.net/projects/echomirage.oldbutgold.p/)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![windows](/images/windows.png)|
|Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https://img.shields.io/github/stars/mitmproxy/mitmproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Proxy|[Glorp](https://github.com/denandz/glorp)|A CLI-based HTTP intercept and replay proxy|![](https://img.shields.io/github/stars/denandz/glorp?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[Glorp](https://github.com/denandz/glorp)|A CLI-based HTTP intercept and replay proxy|![](https://img.shields.io/github/stars/denandz/glorp?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Proxy|[mitmproxy](https://github.com/mitmproxy/mitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https://img.shields.io/github/stars/mitmproxy/mitmproxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Proxy|[Caido](https://caido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Proxy|[Echo Mirage](https://sourceforge.net/projects/echomirage.oldbutgold.p/)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](/categorize/tags/mitmproxy.md)|![windows](/images/windows.png)|
|Proxy|[EvilProxy](https://github.com/bbtfr/evil-proxy)|A ruby http/https proxy to do EVIL things.|![](https://img.shields.io/github/stars/bbtfr/evil-proxy?label=%20)|[`mitmproxy`](/categorize/tags/mitmproxy.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|

View File

@ -3,7 +3,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)| |Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|[`notify`](/categorize/tags/notify.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[nuclei-wordfence-cve](https://github.com/topscoder/nuclei-wordfence-cve)|Every single day new templates are added to this repo based on updates on Wordfence.com|![](https://img.shields.io/github/stars/topscoder/nuclei-wordfence-cve?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[missing-cve-nuclei-templates](https://github.com/edoardottt/missing-cve-nuclei-templates)|Weekly updated list of missing CVEs in nuclei templates official repository|![](https://img.shields.io/github/stars/edoardottt/missing-cve-nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)| |Utils|[missing-cve-nuclei-templates](https://github.com/edoardottt/missing-cve-nuclei-templates)|Weekly updated list of missing CVEs in nuclei templates official repository|![](https://img.shields.io/github/stars/edoardottt/missing-cve-nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Txt](/images/txt.png)](/categorize/langs/Txt.md)|
|Utils|[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates)|Community curated list of templates for the nuclei engine to find security vulnerabilities.|![](https://img.shields.io/github/stars/projectdiscovery/nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[cent](https://github.com/xm1k3/cent)|Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.|![](https://img.shields.io/github/stars/xm1k3/cent?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[cent](https://github.com/xm1k3/cent)|Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.|![](https://img.shields.io/github/stars/xm1k3/cent?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[nuclei-templates](https://github.com/projectdiscovery/nuclei-templates)|Community curated list of templates for the nuclei engine to find security vulnerabilities.|![](https://img.shields.io/github/stars/projectdiscovery/nuclei-templates?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[nuclei-wordfence-cve](https://github.com/topscoder/nuclei-wordfence-cve)|Every single day new templates are added to this repo based on updates on Wordfence.com|![](https://img.shields.io/github/stars/topscoder/nuclei-wordfence-cve?label=%20)|[`nuclei-templates`](/categorize/tags/nuclei-templates.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -4,9 +4,9 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|[`oast`](/categorize/tags/oast.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|[`oast`](/categorize/tags/oast.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool||[`subdomains`](/categorize/tags/subdomains.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](/categorize/tags/dns.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool||[`subdomains`](/categorize/tags/subdomains.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[Phoenix](https://www.hahwul.com/phoenix/)|hahwul's online tools||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[Phoenix](https://www.hahwul.com/phoenix/)|hahwul's online tools||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[SequenceDiagram](https://sequencediagram.org)|Online tool for creating UML sequence diagrams||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Utils|[SequenceDiagram](https://sequencediagram.org)|Online tool for creating UML sequence diagrams||[`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|

View File

@ -4,9 +4,9 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|[`osint`](/categorize/tags/osint.md) [`crawl`](/categorize/tags/crawl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices||[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[bbot](https://github.com/blacklanternsecurity/bbot)|OSINT automation for hackers|![](https://img.shields.io/github/stars/blacklanternsecurity/bbot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[bbot](https://github.com/blacklanternsecurity/bbot)|OSINT automation for hackers|![](https://img.shields.io/github/stars/blacklanternsecurity/bbot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices||[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[HostHunter](https://github.com/SpiderLabs/HostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https://img.shields.io/github/stars/SpiderLabs/HostHunter?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[HostHunter](https://github.com/SpiderLabs/HostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https://img.shields.io/github/stars/SpiderLabs/HostHunter?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|[`osint`](/categorize/tags/osint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|

View File

@ -3,14 +3,14 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[HUNT](https://github.com/bugcrowd/HUNT)|Identifies common parameters vulnerable to certain vulnerability classes|![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)| |Recon|[HUNT](https://github.com/bugcrowd/HUNT)|Identifies common parameters vulnerable to certain vulnerability classes|![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Kotlin](/images/kotlin.png)](/categorize/langs/Kotlin.md)|
|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)|Param Miner|![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[GAP](https://github.com/xnl-h4ck3r/GAP-Burp-Extension)|This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.|![](https://img.shields.io/github/stars/xnl-h4ck3r/GAP-Burp-Extension?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[GAP](https://github.com/xnl-h4ck3r/GAP-Burp-Extension)|This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.|![](https://img.shields.io/github/stars/xnl-h4ck3r/GAP-Burp-Extension?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|[`param`](/categorize/tags/param.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Fuzzer|[ParamPamPam](https://github.com/Bo0oM/ParamPamPam)|This tool for brute discover GET and POST parameters.|![](https://img.shields.io/github/stars/Bo0oM/ParamPamPam?label=%20)|[`param`](/categorize/tags/param.md) [`cache-vuln`](/categorize/tags/cache-vuln.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -3,7 +3,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[Smap](https://github.com/s0md3v/smap/)|a drop-in replacement for Nmap powered by shodan.io|![](https://img.shields.io/github/stars/s0md3v/smap/?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Smap](https://github.com/s0md3v/smap/)|a drop-in replacement for Nmap powered by shodan.io|![](https://img.shields.io/github/stars/s0md3v/smap/?label=%20)|[`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|
|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)| |Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|[`portscan`](/categorize/tags/portscan.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![C](/images/c.png)](/categorize/langs/C.md)|

View File

@ -4,8 +4,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -4,8 +4,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)| |Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[pphack](https://github.com/edoardottt/pphack)|The Most Advanced Client-Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/edoardottt/pphack?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -4,10 +4,10 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Fuzzer|[SmuggleFuzz](https://github.com/Moopinger/smugglefuzz/)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https://img.shields.io/github/stars/Moopinger/smugglefuzz/?label=%20)|[`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Fuzzer|[SmuggleFuzz](https://github.com/Moopinger/smugglefuzz/)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https://img.shields.io/github/stars/Moopinger/smugglefuzz/?label=%20)|[`smuggle`](/categorize/tags/smuggle.md) [`fuzz`](/categorize/tags/fuzz.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|[`smuggle`](/categorize/tags/smuggle.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -4,9 +4,9 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[SQLiDetector](https://github.com/eslam3kl/SQLiDetector)|Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.|![](https://img.shields.io/github/stars/eslam3kl/SQLiDetector?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[SQLiDetector](https://github.com/eslam3kl/SQLiDetector)|Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.|![](https://img.shields.io/github/stars/eslam3kl/SQLiDetector?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|![](https://img.shields.io/github/stars/r0oth3x49/ghauri?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Exploit|[ghauri](https://github.com/r0oth3x49/ghauri)|An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws|![](https://img.shields.io/github/stars/r0oth3x49/ghauri?label=%20)|[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)| |Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)|Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.||[`sqli`](/categorize/tags/sqli.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Perl](/images/perl.png)](/categorize/langs/Perl.md)|

View File

@ -3,7 +3,7 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|[`ssl`](/categorize/tags/ssl.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|

View File

@ -3,31 +3,31 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SubBrute](https://github.com/aboul3la/Sublist3r)|https://github.com/TheRook/subbrute|![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Lepus](https://github.com/gfek/Lepus)|Subdomain finder|![](https://img.shields.io/github/stars/gfek/Lepus?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[shosubgo](https://github.com/incogbyte/shosubgo)|Small tool to Grab subdomains using Shodan api.|![](https://img.shields.io/github/stars/incogbyte/shosubgo?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sudomy](https://github.com/screetsec/Sudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https://img.shields.io/github/stars/screetsec/Sudomy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool||[`subdomains`](/categorize/tags/subdomains.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Dr. Watson](https://github.com/prodigysml/Dr.-Watson)|Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information|![](https://img.shields.io/github/stars/prodigysml/Dr.-Watson?label=%20)|[`param`](/categorize/tags/param.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[shosubgo](https://github.com/incogbyte/shosubgo)|Small tool to Grab subdomains using Shodan api.|![](https://img.shields.io/github/stars/incogbyte/shosubgo?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Rust](/images/rust.png)](/categorize/langs/Rust.md)|
|Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SubBrute](https://github.com/aboul3la/Sublist3r)|https://github.com/TheRook/subbrute|![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`dns`](/categorize/tags/dns.md) [`port`](/categorize/tags/port.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Lepus](https://github.com/gfek/Lepus)|Subdomain finder|![](https://img.shields.io/github/stars/gfek/Lepus?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sudomy](https://github.com/screetsec/Sudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https://img.shields.io/github/stars/screetsec/Sudomy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool||[`subdomains`](/categorize/tags/subdomains.md) [`online`](/categorize/tags/online.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|[`dns`](/categorize/tags/dns.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level|![](https://img.shields.io/github/stars/trickest/dsieve?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[dsieve](https://github.com/trickest/dsieve)|Filter and enrich a list of subdomains by level|![](https://img.shields.io/github/stars/trickest/dsieve?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,8 +3,8 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[Sub404](https://github.com/r3curs1v3-pr0xy/sub404)|A python tool to check subdomain takeover vulnerability|![](https://img.shields.io/github/stars/r3curs1v3-pr0xy/sub404?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|[`subdomains`](/categorize/tags/subdomains.md) [`takeover`](/categorize/tags/takeover.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,23 +3,23 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)|
|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[goverview](https://github.com/j3ssie/goverview)|goverview - Get an overview of the list of URLs|![](https://img.shields.io/github/stars/j3ssie/goverview?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[goverview](https://github.com/j3ssie/goverview)|goverview - Get an overview of the list of URLs|![](https://img.shields.io/github/stars/j3ssie/goverview?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| |Recon|[attack-surface-detector-burp](https://github.com/secdec/attack-surface-detector-burp)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-burp?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Recon|[noir](https://github.com/noir-cr/noir)|Attack surface detector that identifies endpoints by static analysis|![](https://img.shields.io/github/stars/noir-cr/noir?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)[![Crystal](/images/crystal.png)](/categorize/langs/Crystal.md)| |Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.|![](https://img.shields.io/github/stars/tomnomnom/fff?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|[`apk`](/categorize/tags/apk.md) [`url`](/categorize/tags/url.md) [`endpoint`](/categorize/tags/endpoint.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|[`url`](/categorize/tags/url.md) [`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|[`endpoint`](/categorize/tags/endpoint.md) [`url`](/categorize/tags/url.md) [`attack-surface`](/categorize/tags/attack-surface.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![Java](/images/java.png)](/categorize/langs/Java.md)|
|Utils|[godeclutter](https://github.com/c3l3si4n/godeclutter)|Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.|![](https://img.shields.io/github/stars/c3l3si4n/godeclutter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[fff](https://github.com/tomnomnom/fff)|The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.|![](https://img.shields.io/github/stars/tomnomnom/fff?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[godeclutter](https://github.com/c3l3si4n/godeclutter)|Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.|![](https://img.shields.io/github/stars/c3l3si4n/godeclutter?label=%20)|[`url`](/categorize/tags/url.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|

View File

@ -3,28 +3,29 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| |Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.|![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Scanner|[V3n0M-Scanner](https://github.com/v3n0m-Scanner/V3n0M-Scanner)|Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns|![](https://img.shields.io/github/stars/v3n0m-Scanner/V3n0M-Scanner?label=%20)|[`sqli`](/categorize/tags/sqli.md) [`xss`](/categorize/tags/xss.md) [`lfi`](/categorize/tags/lfi.md) [`rfi`](/categorize/tags/rfi.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Shell](/images/shell.png)](/categorize/langs/Shell.md)|
|Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)| |Exploit|[beef](https://github.com/beefproject/beef)|The Browser Exploitation Framework Project|![](https://img.shields.io/github/stars/beefproject/beef?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)| |Exploit|[toxssin](https://github.com/t3l3machus/toxssin)|An XSS exploitation command-line interface and payload generator.|![](https://img.shields.io/github/stars/t3l3machus/toxssin?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![PHP](/images/php.png)](/categorize/langs/PHP.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| |Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|[`xss`](/categorize/tags/xss.md) [`documents`](/categorize/tags/documents.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)|
|Utils|[DOMLogger++](https://github.com/kevin-mizu/domloggerpp)|A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.|![](https://img.shields.io/github/stars/kevin-mizu/domloggerpp?label=%20)|[`dom`](/categorize/tags/dom.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![firefox](/images/firefox.png)![chrome](/images/chrome.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[XSS-Catcher](https://github.com/daxAKAhackerman/XSS-Catcher)|Find blind XSS but why not gather data while you're at it.|![](https://img.shields.io/github/stars/daxAKAhackerman/XSS-Catcher?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![PHP](/images/php.png)](/categorize/langs/PHP.md)|
|Utils|[blistener](https://github.com/fyxme/blistener)|Blind-XSS listener with payloads|![](https://img.shields.io/github/stars/fyxme/blistener?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[hbxss](https://github.com/hahwul/hbxss)|Security test tool for Blind XSS|![](https://img.shields.io/github/stars/hahwul/hbxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Ruby](/images/ruby.png)](/categorize/langs/Ruby.md)|
|Utils|[gxss](https://github.com/rverton/gxss)|Blind XSS service alerting over slack or email|![](https://img.shields.io/github/stars/rverton/gxss?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)|
|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|[`xxe`](/categorize/tags/xxe.md) [`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xless](https://github.com/mazen160/xless)|The Serverless Blind XSS App|![](https://img.shields.io/github/stars/mazen160/xless?label=%20)|[`xss`](/categorize/tags/xss.md) [`blind-xss`](/categorize/tags/blind-xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|
|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|[`xss`](/categorize/tags/xss.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)|

View File

@ -3,6 +3,6 @@
| Type | Name | Description | Star | Tags | Badges | | Type | Name | Description | Star | Tags | Badges |
| --- | --- | --- | --- | --- | --- | | --- | --- | --- | --- | --- | --- |
|Utils|[zip-bomb](https://github.com/damianrusinek/zip-bomb)|Create a ZIPBomb for a given uncompressed size (flat and nested modes).|![](https://img.shields.io/github/stars/damianrusinek/zip-bomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[ZipBomb](https://github.com/abdulfatir/ZipBomb)|A simple implementation of ZipBomb in Python|![](https://img.shields.io/github/stars/abdulfatir/ZipBomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)| |Utils|[ZipBomb](https://github.com/abdulfatir/ZipBomb)|A simple implementation of ZipBomb in Python|![](https://img.shields.io/github/stars/abdulfatir/ZipBomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|
|Utils|[zip-bomb](https://github.com/damianrusinek/zip-bomb)|Create a ZIPBomb for a given uncompressed size (flat and nested modes).|![](https://img.shields.io/github/stars/damianrusinek/zip-bomb?label=%20)|[`zipbomb`](/categorize/tags/zipbomb.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Python](/images/python.png)](/categorize/langs/Python.md)|

View File

@ -1 +1 @@
Tue Jul 23 14:56:08 UTC 2024 Wed Jul 24 14:27:01 UTC 2024