From 5bcca1f9292183422502ca6be0c5343b5f2210ed Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 22:15:42 +0900 Subject: [PATCH 01/42] Migration script --- 1.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 1.rb diff --git a/1.rb b/1.rb new file mode 100644 index 0000000..9e05ceb --- /dev/null +++ b/1.rb @@ -0,0 +1,12 @@ +require 'json' + +file = File.read('./data.json') +data_hash = JSON.parse(file) + +data_hash.each do | name, obj | + puts "filename: "+name+".yaml" + puts obj['Description'] + + # Make object + # Save file +end \ No newline at end of file From 68fa45d91fbb7afbd7e5c201ff5712c48791deed Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 22:17:44 +0900 Subject: [PATCH 02/42] y --- 1.rb => scripts/migration.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 1.rb => scripts/migration.rb (100%) diff --git a/1.rb b/scripts/migration.rb similarity index 100% rename from 1.rb rename to scripts/migration.rb From 105282ca5cfdd4e4ad7dccc50b18e0c99e630827 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 22:23:47 +0900 Subject: [PATCH 03/42] y --- scripts/migration.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/migration.rb b/scripts/migration.rb index 9e05ceb..850b47d 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -8,5 +8,14 @@ data_hash.each do | name, obj | puts obj['Description'] # Make object + obj = {} + obj['name'] = name + obj['description'] = obj['Description'] + obj['url'] = '' # parse DATA + obj['categories'] = [] + obj['types'] = [] + obj['lang'] = [] # parse DATA + obj['tags'] = [] + # Save file end \ No newline at end of file From 25591fad6d09d39b6ba6ee16ba6a0dcc3c5a7bc2 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 22:35:02 +0900 Subject: [PATCH 04/42] y --- scripts/migration.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/migration.rb b/scripts/migration.rb index 850b47d..fbc3b6a 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -5,17 +5,16 @@ data_hash = JSON.parse(file) data_hash.each do | name, obj | puts "filename: "+name+".yaml" - puts obj['Description'] # Make object obj = {} obj['name'] = name obj['description'] = obj['Description'] obj['url'] = '' # parse DATA - obj['categories'] = [] + obj['category'] = 'tool' obj['types'] = [] obj['lang'] = [] # parse DATA obj['tags'] = [] - + # Save file end \ No newline at end of file From 71c13bf8a315960c2c73afe98de433b7ae30987a Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 22:59:41 +0900 Subject: [PATCH 05/42] y --- scripts/migration.rb | 46 ++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/scripts/migration.rb b/scripts/migration.rb index fbc3b6a..d499d67 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -1,20 +1,42 @@ require 'json' +require 'yaml' + +def get_os install + lst = [] + if install['Linux'].length > 1 + lst.push 'linux' + end + if install['MacOS'].length > 1 + lst.push 'macos' + end + if install['Windows'].length > 1 + lst.push 'windows' + end + return lst +end file = File.read('./data.json') data_hash = JSON.parse(file) data_hash.each do | name, obj | - puts "filename: "+name+".yaml" - + filename = name.gsub(' ','_')+".yaml" # Make object - obj = {} - obj['name'] = name - obj['description'] = obj['Description'] - obj['url'] = '' # parse DATA - obj['category'] = 'tool' - obj['types'] = [] - obj['lang'] = [] # parse DATA - obj['tags'] = [] - - # Save file + new_obj = {} + new_obj['name'] = name + new_obj['description'] = obj['Description'] + new_obj['url'] = '' # parse DATA + new_obj['category'] = 'tool' + new_obj['types'] = [] + if obj['Install'] != nil + new_obj['os'] = get_os(obj['Install']) + end + new_obj['lang'] = [] # parse DATA + new_obj['tags'] = [] + + # Convert to YAML + yaml_data = YAML.dump(new_obj) + + # Save yaml file + puts filename + #File.write("./data/#{filename}", yaml_data) end \ No newline at end of file From 23377146a32534e6a547db77d63595f39d643a98 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 23:04:15 +0900 Subject: [PATCH 06/42] y --- scripts/migration.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/migration.rb b/scripts/migration.rb index d499d67..5dd7dc6 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -1,5 +1,6 @@ require 'json' require 'yaml' +require "uri" def get_os install lst = [] @@ -15,6 +16,10 @@ def get_os install return lst end +def get_urls str + return URI.extract(str).uniq +end + file = File.read('./data.json') data_hash = JSON.parse(file) @@ -24,7 +29,7 @@ data_hash.each do | name, obj | new_obj = {} new_obj['name'] = name new_obj['description'] = obj['Description'] - new_obj['url'] = '' # parse DATA + new_obj['urls'] = get_urls obj['Data'] new_obj['category'] = 'tool' new_obj['types'] = [] if obj['Install'] != nil From de533b951c6b5af38aa4e35dd25851943dca4911 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 23:14:54 +0900 Subject: [PATCH 07/42] Update --- .github/workflows/codeql-analysis.yml | 67 ------ .github/workflows/contributors.yml | 1 + .github/workflows/go.yml | 33 --- .gitignore | 2 - Makefile | 40 ---- add-tool.go | 214 -------------------- distribute-readme.go | 147 -------------- go.mod | 9 - go.sum | 11 - CONTRIBUTORS.svg => images/CONTRIBUTORS.svg | 0 tool-template.md | 4 - type.lst | 6 - 12 files changed, 1 insertion(+), 533 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .github/workflows/go.yml delete mode 100644 .gitignore delete mode 100644 Makefile delete mode 100644 add-tool.go delete mode 100644 distribute-readme.go delete mode 100644 go.mod delete mode 100644 go.sum rename CONTRIBUTORS.svg => images/CONTRIBUTORS.svg (100%) delete mode 100644 tool-template.md delete mode 100644 type.lst diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 20b5e3d..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,67 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '29 14 * * 4' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 5cf79aa..d30497b 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -19,3 +19,4 @@ jobs: with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} round: true + svgPath: ./images/CONTRIBUTORS.svg diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 89e42ee..0000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Build - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - - build: - name: Build - runs-on: ubuntu-latest - steps: - - - name: Set up Go 1.x - uses: actions/setup-go@v2 - with: - go-version: ^1.13 - - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - - - name: Get dependencies - run: | - go get -v -t -d ./... - if [ -f Gopkg.toml ]; then - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - dep ensure - fi - - - name: Build - run: make contribute diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 02c248d..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -add-tool -distribute-readme \ No newline at end of file diff --git a/Makefile b/Makefile deleted file mode 100644 index 0010ff9..0000000 --- a/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -.PHONY: default help contribute add-tool distribute-readme clean - -SHELL = /bin/bash -APP_NAME = WebHackersWeapons -ADD_TOOL = add-tool -DISTRIBUTE_README = distribute-readme -VERSION = $(shell git describe --always --tags) -GIT_COMMIT = $(shell git rev-parse HEAD) -GIT_DIRTY = $(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true) -BUILD_DATE = $(shell date '+%Y-%m-%d-%H:%M:%S') - -default: help - -help: - @echo 'Management commands for ${APP_NAME}:' - @echo - @echo 'Usage:' - @echo ' make contribute Compile ${ADD_TOOL} & ${DISTRIBUTE_README}.' - @echo ' make add-tool Build ${ADD_TOOL}' - @echo ' make distribute-readme Build ${DISTRIBUTE_README}' - @echo ' make clean Clean the contribute file.' - - @echo - -contribute: add-tool distribute-readme - -add-tool: - @echo "Build ${ADD_TOOL} ${VERSION}" - @echo "GOPATH=${GOPATH}" - go build -ldflags "-w -X github.com/hahwul/WebHackersWeapons/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/hahwul/WebHackersWeapons/version.Version=${VERSION} -X github.com/hahwul/WebHackersWeapons/version.BuildDate=${BUILD_DATE}" -o ./${ADD_TOOL} ./${ADD_TOOL}.go - -distribute-readme: - @echo "Build ${ADD_TOOL} ${VERSION}" - @echo "GOPATH=${GOPATH}" - go build -ldflags "-w -X github.com/hahwul/WebHackersWeapons/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/hahwul/WebHackersWeapons/version.Version=${VERSION} -X github.com/hahwul/WebHackersWeapons/version.BuildDate=${BUILD_DATE}" -o ./${DISTRIBUTE_README} ./${DISTRIBUTE_README}.go - -clean: - @echo "Removing ${APP_NAME} ${VERSION}" - @test ! -e ${ADD_TOOL} || rm ${ADD_TOOL} - @test ! -e ${DISTRIBUTE_README} || rm ${DISTRIBUTE_README} \ No newline at end of file diff --git a/add-tool.go b/add-tool.go deleted file mode 100644 index b21f485..0000000 --- a/add-tool.go +++ /dev/null @@ -1,214 +0,0 @@ -package main - -import ( - "bufio" - "encoding/json" - "flag" - "fmt" - "golang.org/x/net/html" - "io" - "io/ioutil" - "net/http" - "net/url" - "os" - "strconv" - "strings" -) - -/* -template -| [WebHackersWeapons](https://github.com/hahwul/WebHackersWeapons) | template | ![](https://img.shields.io/github/stars/hahwul/WebHackersWeapons) | ![](https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons) | ![](https://img.shields.io/github/repo-size/hahwul/WebHackersWeapons)
![](https://img.shields.io/github/license/hahwul/WebHackersWeapons)
![](https://img.shields.io/github/forks/hahwul/WebHackersWeapons)
![](https://img.shields.io/github/watchers/hahwul/WebHackersWeapons) | -*/ - -type Tools struct { - Type, Data, Method, Description string - Install, Update map[string]string -} - -func isTitleElement(n *html.Node) bool { - return n.Type == html.ElementNode && n.Data == "title" -} - -func traverse(n *html.Node) (string, bool) { - if isTitleElement(n) { - return n.FirstChild.Data, true - } - - for c := n.FirstChild; c != nil; c = c.NextSibling { - result, ok := traverse(c) - if ok { - return result, ok - } - } - - return "", false -} - -func GetHtmlTitle(r io.Reader) (string, bool) { - doc, err := html.Parse(r) - if err != nil { - panic("Fail to parse html") - } - - return traverse(doc) -} - -func writeJSON(category, name, method, data, udesc string) { - jsonFile, err := os.Open("data.json") - // if we os.Open returns an error then handle it - if err != nil { - fmt.Println(err) - } - fmt.Println("Successfully Opened data.json") - // defer the closing of our jsonFile so that we can parse it later on - defer jsonFile.Close() - byteValue, _ := ioutil.ReadAll(jsonFile) - var result map[string]interface{} - install := map[string]string{ - "MacOS":"", - "Linux":"", - "Windows":"", - } - update := map[string]string{ - "MacOS":"", - "Linux":"", - "Windows":"", - } - json.Unmarshal([]byte(byteValue), &result) - tool := Tools{ - Type: category, - Data: data, - Method: method, - Description: udesc, - Install: install, - Update: update, - } - if result[name] != nil { - resultData := result[name].(map[string]interface{}) - resultInstall := resultData["Install"].(map[string]interface{}) - resultUpdate := resultData["Update"].(map[string]interface{}) - tool.Install["MacOS"] = resultInstall["MacOS"].(string) - tool.Install["Linux"] = resultInstall["Linux"].(string) - tool.Install["Windows"] = resultInstall["Windows"].(string) - tool.Update["MacOS"] = resultUpdate["MacOS"].(string) - tool.Update["Linux"] = resultUpdate["Linux"].(string) - tool.Update["Windows"] = resultUpdate["Windows"].(string) - } - result[name] = tool - file, _ := json.MarshalIndent(result, "", " ") - _ = ioutil.WriteFile("data.json", file, 0644) -} - -func main() { - repourl := flag.String("url", "", "any url") - first := flag.Bool("isFirst", false, "if you add new type, it use") - flag.Parse() - if flag.NFlag() == 0 { - flag.Usage() - return - } - u, err := url.Parse(*repourl) - if err != nil { - panic(err) - } - - if u.Host == "github.com" { - //fmt.Println(u.Path) - name := strings.Split(u.Path, "/")[2] - //fmt.Println(name) - desc := "asdf" - resp, err := http.Get(*repourl) - if err != nil { - panic(err) - } - defer resp.Body.Close() - - if title, ok := GetHtmlTitle(resp.Body); ok { - if strings.Contains(string(title), ": ") { - desc = strings.Split(string(title), ": ")[1] - } else { - reader1 := bufio.NewReader(os.Stdin) - fmt.Println("[+] Don't have descriptions / input description") - a, _ := reader1.ReadString('\n') - desc = strings.TrimRight(a, "\r\n") - - } - } else { - println("Fail to get HTML title") - } - - typeFile, err := os.Open("type.lst") - // if we os.Open returns an error then handle it - if err != nil { - fmt.Println(err) - } - fmt.Println("Successfully Opened type.lst") - // defer the closing of our jsonFile so that we can parse it later on - defer typeFile.Close() - index := 0 - m := make(map[int]string) - reader := bufio.NewReader(typeFile) - for { - line, isPrefix, err := reader.ReadLine() - if isPrefix || err != nil { - break - } - m[index] = string(line) - fmt.Println("[" + strconv.Itoa(index) + "] " + string(line)) - index = index + 1 - } - var choicetype int - fmt.Println("[+] What is type?") - _, err = fmt.Scan(&choicetype) - fmt.Println(m[choicetype]) - reader1 := bufio.NewReader(os.Stdin) - fmt.Println("[+] What is method(e.g XSS, WVS, SSL, ETC..)?") - method, _ := reader1.ReadString('\n') - method = strings.TrimRight(method, "\r\n") - writeJSON(m[choicetype], name, method, "| "+m[choicetype]+"/"+method+" | ["+name+"]("+*repourl+") | "+desc+" | ![](https://img.shields.io/github/stars"+u.Path+") | ![](https://img.shields.io/github/languages/top"+u.Path+") |", desc) - } else { - reader := bufio.NewReader(os.Stdin) - fmt.Println("[+] What is name?") - name, _ := reader.ReadString('\n') - name = strings.TrimRight(name, "\r\n") - fmt.Println("[+] Input Description?") - udesc, _ := reader.ReadString('\n') - udesc = strings.TrimRight(udesc, "\r\n") - - typeFile, err := os.Open("type.lst") - // if we os.Open returns an error then handle it - if err != nil { - fmt.Println(err) - } - fmt.Println("Successfully Opened type.lst") - // defer the closing of our jsonFile so that we can parse it later on - defer typeFile.Close() - index := 0 - m := make(map[int]string) - readerF := bufio.NewReader(typeFile) - for { - line, isPrefix, err := readerF.ReadLine() - if isPrefix || err != nil { - break - } - m[index] = string(line) - fmt.Println("[" + strconv.Itoa(index) + "] " + string(line)) - index = index + 1 - } - var choicetype int - fmt.Println("What is type?") - _, err = fmt.Scan(&choicetype) - fmt.Println(m[choicetype]) - reader1 := bufio.NewReader(os.Stdin) - fmt.Println("[+] What is method(e.g XSS, WVS, SSL, ETC..)?") - method, _ := reader1.ReadString('\n') - method = strings.TrimRight(method, "\r\n") - writeJSON(m[choicetype], name, method, "| "+m[choicetype]+"/"+method+" | ["+name+"]("+*repourl+") | "+udesc+"|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)",udesc) - } - - if *first { - fmt.Println("| Type | Name | Description | Popularity | Language |") - fmt.Println("| ---------- | :---------- | :----------: | :----------: | :----------: |") - } - //fmt.Println("| [" + name + "](" + *repourl + ") | " + desc + " | ![](https://img.shields.io/github/stars" + u.Path + ") | ![](https://img.shields.io/github/languages/top" + u.Path + ") | ![](https://img.shields.io/github/repo-size" + u.Path + ")
![](https://img.shields.io/github/license" + u.Path + ")
![](https://img.shields.io/github/forks" + u.Path + ")
![](https://img.shields.io/github/watchers" + u.Path + ") |") -} diff --git a/distribute-readme.go b/distribute-readme.go deleted file mode 100644 index b7856c1..0000000 --- a/distribute-readme.go +++ /dev/null @@ -1,147 +0,0 @@ -package main - -import ( - "bufio" - "encoding/json" - "fmt" - "io/ioutil" - "os" - "reflect" - "sort" - "strings" - - au "github.com/logrusorgru/aurora" -) - -type mmm = map[string]interface{} - -func mergeKeys(left, right mmm) mmm { - for key, rightVal := range right { - if leftVal, present := left[key]; present { - //then we don't want to replace it - recurse - left[key] = mergeKeys(leftVal.(mmm), rightVal.(mmm)) - } else { - // key not in left so we can just shove it in - left[key] = rightVal - } - } - return left -} - -func main() { - typeFile, err := os.Open("type.lst") - // if we os.Open returns an error then handle it - if err != nil { - fmt.Println(err) - } - fmt.Println("Successfully Opened type.lst") - // defer the closing of our jsonFile so that we can parse it later on - defer typeFile.Close() - index := 0i - m := make(map[string]interface{}) - readerF := bufio.NewReader(typeFile) - for { - line, isPrefix, err := readerF.ReadLine() - if isPrefix || err != nil { - break - } - strings.TrimRight(string(line), "\r\n") - //m[string(line)] = "" - index = index + 1 - } - fmt.Println(m) - dataJson, err := os.Open("data.json") - // if we os.Open returns an error then handle it - if err != nil { - fmt.Println(err) - } - fmt.Println("Successfully Opened data.json") - // defer the closing of our dataJson so that we can parse it later on - defer dataJson.Close() - byteValue, _ := ioutil.ReadAll(dataJson) - var result map[string]interface{} - json.Unmarshal([]byte(byteValue), &result) - //result[name] = tool - for k, v := range result { - myMap := v.(map[string]interface{}) - t := myMap["Type"].(string) - d := myMap["Data"].(string) - mt := myMap["Method"].(string) - _ = d - _ = mt - tool := make(map[string]interface{}) - tool[k] = d - fmt.Println(m[t+"/"+mt]) - //fmt.Println(reflect.TypeOf(m[t+"/"+mt]).String()) - //if reflect.TypeOf(m[t+"/"+mt]).String() == "string" { - if m[t+"/"+mt] == nil { - m[t+"/"+mt] = tool - } else { - tool = mergeKeys(tool, m[t+"/"+mt].(map[string]interface{})) - //fmt.Println(tool) - m[t+"/"+mt] = tool - } - } - readme := "| Type | Name | Description | Popularity | Language |\r\n| ---------- | :---------- | :----------: | :----------: | :----------: | \r\n" - - keys := []string{} - for key := range m { - keys = append(keys, key) - } - sort.Strings(keys) - - for _, dat := range keys { - vv := m[dat] - keys := []string{} - _ = keys - if vv != nil && reflect.TypeOf(vv).String() != "string" { - v := vv.(map[string]interface{}) - for key := range v { - keys = append(keys, key) - } - sort.Strings(keys) - } - for _, val := range keys { - if reflect.TypeOf(val).String() != "string" { - } else { - vd := vv.(map[string]interface{})[val] - readme = readme + vd.(string) + "\r\n" - } - } - } - fmt.Println(readme) - top, err := os.Open("template/head.md") - if err != nil { - fmt.Println(err) - } - defer dataJson.Close() - head_data, _ := ioutil.ReadAll(top) - foot, err := os.Open("template/foot.md") - if err != nil { - fmt.Println(err) - } - defer dataJson.Close() - foot_data, _ := ioutil.ReadAll(foot) - readme = string(head_data) + readme + string(foot_data) - fmt.Println("======================result====================") - //fmt.Println(readme) - - file, err := os.OpenFile( - "README.md", - os.O_CREATE|os.O_RDWR|os.O_TRUNC, - - os.FileMode(0644)) - if err != nil { - fmt.Println(err) - return - } - defer file.Close() - _, err = file.Write([]byte(readme)) - if err != nil { - fmt.Println(err) - return - } - fmt.Println("[+] Patched README.md file") - fmt.Println("[+] Please check README file and git push") - fmt.Println("[ copy/paste this ] ", au.BrightYellow("git add data.json README.md ; git commit -m 'distribute readme'; git push")) -} diff --git a/go.mod b/go.mod deleted file mode 100644 index 8da04db..0000000 --- a/go.mod +++ /dev/null @@ -1,9 +0,0 @@ -module github.com/hahwul/WebHackerWeapons - -go 1.16 - -require ( - github.com/logrusorgru/aurora v2.0.3+incompatible - github.com/logrusorgru/aurora/v3 v3.0.0 // indirect - golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4 -) diff --git a/go.sum b/go.sum deleted file mode 100644 index 9e9461b..0000000 --- a/go.sum +++ /dev/null @@ -1,11 +0,0 @@ -github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8= -github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/logrusorgru/aurora/v3 v3.0.0 h1:R6zcoZZbvVcGMvDCKo45A9U/lzYyzl5NfYIvznmDfE4= -github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4 h1:b0LrWgu8+q7z4J+0Y3Umo5q1dL7NXBkKBWkaVkAq17E= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/CONTRIBUTORS.svg b/images/CONTRIBUTORS.svg similarity index 100% rename from CONTRIBUTORS.svg rename to images/CONTRIBUTORS.svg diff --git a/tool-template.md b/tool-template.md deleted file mode 100644 index 8c68814..0000000 --- a/tool-template.md +++ /dev/null @@ -1,4 +0,0 @@ -| Type | Method | Name | Description | Popularity | Language | -| ---------- | :---------- | :---------- | :---------- | :----------: | :----------: | -| Army-Knife | WVS | [WebHackersWeapons](https://github.com/hahwul/WebHackersWeapons) | Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting | ![](https://img.shields.io/github/stars/hahwul/WebHackersWeapons) | ![](https://img.shields.io/github/languages/top/hahwul/WebHackersWeapons) | -| Discovery | Clipboard | [Google](https://google.com) | Search engine|it's | github:dog:|" diff --git a/type.lst b/type.lst deleted file mode 100644 index a877478..0000000 --- a/type.lst +++ /dev/null @@ -1,6 +0,0 @@ -Army-Knife -Discovery -Fetch -Scanner -ToolBox -Utility From 3d2390e48be9d1ea1b48ff8c481157dbf5bdce31 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 23:18:05 +0900 Subject: [PATCH 08/42] Update migrate script --- scripts/migration.rb | 51 +++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/scripts/migration.rb b/scripts/migration.rb index 5dd7dc6..63ef307 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -20,28 +20,35 @@ def get_urls str return URI.extract(str).uniq end -file = File.read('./data.json') -data_hash = JSON.parse(file) +def migrate jsonfile + file = File.read(jsonfile) + data_hash = JSON.parse(file) -data_hash.each do | name, obj | - filename = name.gsub(' ','_')+".yaml" - # Make object - new_obj = {} - new_obj['name'] = name - new_obj['description'] = obj['Description'] - new_obj['urls'] = get_urls obj['Data'] - new_obj['category'] = 'tool' - new_obj['types'] = [] - if obj['Install'] != nil - new_obj['os'] = get_os(obj['Install']) + data_hash.each do | name, obj | + filename = name.gsub(' ','_')+".yaml" + # Make object + new_obj = {} + new_obj['name'] = name + new_obj['description'] = obj['Description'] + new_obj['urls'] = get_urls obj['Data'] + new_obj['category'] = 'tool' + new_obj['types'] = [] + if obj['Install'] != nil + new_obj['os'] = get_os(obj['Install']) + end + new_obj['lang'] = [] # parse DATA + new_obj['tags'] = [] + + # Convert to YAML + yaml_data = YAML.dump(new_obj) + + # Save yaml file + puts filename + #File.write("./data/#{filename}", yaml_data) end - new_obj['lang'] = [] # parse DATA - new_obj['tags'] = [] +end - # Convert to YAML - yaml_data = YAML.dump(new_obj) - - # Save yaml file - puts filename - #File.write("./data/#{filename}", yaml_data) -end \ No newline at end of file +migrate './data.json' +migrate './Bookmarklets/data.json' +migrate './Browser Extensions/data.json' +migrate './Burp and ZAP Extensions/data.json' \ No newline at end of file From 31c5d8206354db10d003a571f28817cd99df9c32 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 23:19:18 +0900 Subject: [PATCH 09/42] update migration --- scripts/migration.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/migration.rb b/scripts/migration.rb index 63ef307..cfb6aba 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -20,7 +20,7 @@ def get_urls str return URI.extract(str).uniq end -def migrate jsonfile +def migrate jsonfile, category file = File.read(jsonfile) data_hash = JSON.parse(file) @@ -31,7 +31,7 @@ def migrate jsonfile new_obj['name'] = name new_obj['description'] = obj['Description'] new_obj['urls'] = get_urls obj['Data'] - new_obj['category'] = 'tool' + new_obj['category'] = category new_obj['types'] = [] if obj['Install'] != nil new_obj['os'] = get_os(obj['Install']) @@ -48,7 +48,7 @@ def migrate jsonfile end end -migrate './data.json' -migrate './Bookmarklets/data.json' -migrate './Browser Extensions/data.json' -migrate './Burp and ZAP Extensions/data.json' \ No newline at end of file +migrate './data.json', 'tool' +migrate './Bookmarklets/data.json', 'bookmarklet' +migrate './Browser Extensions/data.json', 'browser-addon' +migrate './Burp and ZAP Extensions/data.json', 'tool-addon' \ No newline at end of file From f2e64b06887aa2c01266429d589e0473fe3741c9 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 23:26:04 +0900 Subject: [PATCH 10/42] Update script --- scripts/migration.rb | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/scripts/migration.rb b/scripts/migration.rb index cfb6aba..0e2ad24 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -16,6 +16,30 @@ def get_os install return lst end +def get_browser str + lst = [] + if str.include? 'Chrome' + lst.push 'chrome' + end + if str.include? 'Firefox' + lst.push 'firefox' + end + if str.include? 'Safari' + lst.push 'safari' + end + if str.include? 'Burp' + lst.push 'burpsuite' + end + if str.include? 'ZAP' + lst.push 'zap' + end + if str.include? 'All' + lst.push 'burpsuite' + lst.push 'zap' + end + return lst +end + def get_urls str return URI.extract(str).uniq end @@ -34,7 +58,12 @@ def migrate jsonfile, category new_obj['category'] = category new_obj['types'] = [] if obj['Install'] != nil - new_obj['os'] = get_os(obj['Install']) + new_obj['platform'] = get_os(obj['Install']) + end + if category.include? 'addon' + if obj['Type'].length > 0 + new_obj['platform'] = get_browser(obj['Type']) + end end new_obj['lang'] = [] # parse DATA new_obj['tags'] = [] From efb478945f4a557c5b77dc01381fa3116ea74df5 Mon Sep 17 00:00:00 2001 From: hahwul Date: Mon, 15 Aug 2022 23:39:39 +0900 Subject: [PATCH 11/42] Update migrate script and add erb script --- scripts/erb.rb | 46 ++++++++++++++++++++++++++++++++++++++++++++ scripts/migration.rb | 2 +- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 scripts/erb.rb diff --git a/scripts/erb.rb b/scripts/erb.rb new file mode 100644 index 0000000..081d65d --- /dev/null +++ b/scripts/erb.rb @@ -0,0 +1,46 @@ +require 'erb' + +template = %q{ +

+
+ +
+ + + + + + +

+A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting + +## Family project +[![WebHackersWeapons](https://img.shields.io/github/stars/hahwul/WebHackersWeapons?label=WebHackersWeapons)](https://github.com/hahwul/WebHackersWeapons) +[![MobileHackersWeapons](https://img.shields.io/github/stars/hahwul/MobileHackersWeapons?label=MobileHackersWeapons)](https://github.com/hahwul/MobileHackersWeapons) + +## Table of Contents +- [WHW-Tools](https://whw-tools.hahwul.com) +- [Weapons](#weapons) +- [Awesome Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) +- [Awesome Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) +- [Awesome Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) +- [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md) +- [Thanks to contributor](#thanks-to-contributor) + +## WHW-Tools +> Always use the latest tools 😎 + +`WHW-Tools` is tools web of `#WebHackersWeapons`. Easy install and Easy manage upgrade. Go to [WHW-Tools](https://whw-tools.hahwul.com/) + +## Weapons +<%= aa %> + +## Thanks to (Contributor) +I would like to thank everyone who helped with this project 👍😎 +![](/CONTRIBUTORS.svg) + +}.gsub(/^ /, '') +aa = 4414 + +markdown = ERB.new(template, trim_mode: "%<>") +puts markdown.result \ No newline at end of file diff --git a/scripts/migration.rb b/scripts/migration.rb index 0e2ad24..5ea0575 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -73,7 +73,7 @@ def migrate jsonfile, category # Save yaml file puts filename - #File.write("./data/#{filename}", yaml_data) + #File.write("./weapons/#{filename}", yaml_data) end end From b033717d4a30eb5b750d338daffda3fc3e3bdd7d Mon Sep 17 00:00:00 2001 From: hahwul Date: Tue, 16 Aug 2022 20:42:23 +0900 Subject: [PATCH 12/42] Update --- scripts/migration.rb | 8 ++++- template/foot.md | 4 --- template/head.md | 32 ------------------- weapons/230-OOB.yaml | 12 +++++++ weapons/3klCon.yaml | 13 ++++++++ weapons/AWSBucketDump.yaml | 12 +++++++ weapons/Amass.yaml | 14 ++++++++ weapons/Arjun.yaml | 15 +++++++++ weapons/Assetnote_Wordlists.yaml | 15 +++++++++ weapons/Atlas.yaml | 15 +++++++++ weapons/AuthMatrix.yaml | 13 ++++++++ weapons/Autorize.yaml | 13 ++++++++ weapons/Blacklist3r.yaml | 12 +++++++ weapons/BruteX.yaml | 12 +++++++ weapons/Bug-Bounty-Toolz.yaml | 12 +++++++ weapons/BurpBounty.yaml | 13 ++++++++ weapons/BurpCustomizer.yaml | 13 ++++++++ weapons/BurpJSLinkFinder.yaml | 13 ++++++++ weapons/BurpSuite-Secret_Finder.yaml | 13 ++++++++ weapons/BurpSuite.yaml | 11 +++++++ weapons/BurpSuiteHTTPSmuggler.yaml | 13 ++++++++ weapons/BurpSuiteLoggerPlusPlus.yaml | 13 ++++++++ weapons/CSP_Evaluator.yaml | 11 +++++++ weapons/CT_subdomains.yaml | 13 ++++++++ weapons/Chaos_Web.yaml | 12 +++++++ .../Chromium-based-XSS-Taint-Tracking.yaml | 13 ++++++++ weapons/CorsMe.yaml | 15 +++++++++ weapons/Corsy.yaml | 15 +++++++++ weapons/CyberChef.yaml | 13 ++++++++ weapons/DNSDumpster.yaml | 11 +++++++ weapons/DOMPurify.yaml | 15 +++++++++ weapons/DSSS.yaml | 12 +++++++ weapons/Dark_Reader.yaml | 13 ++++++++ weapons/Dark_Reader_for_Safari.yaml | 12 +++++++ weapons/DeepViolet.yaml | 12 +++++++ weapons/DirDar.yaml | 13 ++++++++ weapons/DotGit.yaml | 14 ++++++++ weapons/Edit-This-Cookie.yaml | 14 ++++++++ weapons/Emissary.yaml | 13 ++++++++ weapons/FavFreak.yaml | 15 +++++++++ weapons/Findsploit.yaml | 12 +++++++ weapons/Gf-Patterns.yaml | 16 ++++++++++ weapons/GitMiner.yaml | 15 +++++++++ weapons/Gopherus.yaml | 16 ++++++++++ weapons/GraphQLmap.yaml | 16 ++++++++++ weapons/HRS.yaml | 13 ++++++++ weapons/HUNT.yaml | 14 ++++++++ weapons/Hack-Tools.yaml | 14 ++++++++ weapons/HydraRecon.yaml | 12 +++++++ weapons/IntruderPayloads.yaml | 13 ++++++++ weapons/JSFScan.sh.yaml | 14 ++++++++ weapons/LFISuite.yaml | 15 +++++++++ weapons/LinkFinder.yaml | 15 +++++++++ weapons/MM3_ProxySwitch.yaml | 13 ++++++++ weapons/NoSQLMap.yaml | 16 ++++++++++ weapons/OneForAll.yaml | 15 +++++++++ weapons/OpenRedireX.yaml | 12 +++++++ weapons/Osmedeus.yaml | 16 ++++++++++ weapons/PPScan.yaml | 12 +++++++ weapons/ParamSpider.yaml | 15 +++++++++ weapons/Parth.yaml | 15 +++++++++ weapons/PayloadsAllTheThings.yaml | 13 ++++++++ weapons/Phoenix.yaml | 11 +++++++ weapons/Photon.yaml | 15 +++++++++ weapons/PoC-in-GitHub.yaml | 12 +++++++ weapons/RustScan.yaml | 15 +++++++++ weapons/S3Scanner.yaml | 15 +++++++++ weapons/SQLNinja.yaml | 11 +++++++ weapons/SQL_Ninja.yaml | 11 +++++++ weapons/SSRFmap.yaml | 15 +++++++++ weapons/STEWS.yaml | 12 +++++++ weapons/SecLists.yaml | 18 +++++++++++ weapons/SecretFinder.yaml | 16 ++++++++++ weapons/SecurityTrails.yaml | 11 +++++++ weapons/SequenceDiagram.yaml | 11 +++++++ weapons/Shodan.yaml | 11 +++++++ weapons/Silver.yaml | 15 +++++++++ weapons/Sn1per.yaml | 15 +++++++++ weapons/Stepper.yaml | 13 ++++++++ weapons/Striker.yaml | 15 +++++++++ weapons/SubOver.yaml | 12 +++++++ weapons/Sublist3r.yaml | 15 +++++++++ weapons/Taipan.yaml | 12 +++++++ weapons/TukTuk.yaml | 15 +++++++++ weapons/User-Agent_Switcher.yaml | 12 +++++++ weapons/VHostScan.yaml | 17 ++++++++++ weapons/Wayback_Machine.yaml | 12 +++++++ weapons/Web-Cache-Vulnerability-Scanner.yaml | 14 ++++++++ weapons/XSRFProbe.yaml | 12 +++++++ weapons/XSStrike.yaml | 15 +++++++++ weapons/XSpear.yaml | 15 +++++++++ weapons/XXEinjector.yaml | 13 ++++++++ weapons/a2sv.yaml | 15 +++++++++ weapons/altdns.yaml | 16 ++++++++++ weapons/anew.yaml | 15 +++++++++ weapons/apkleaks.yaml | 15 +++++++++ weapons/aquatone.yaml | 15 +++++++++ weapons/arachni.yaml | 14 ++++++++ weapons/assetfinder.yaml | 15 +++++++++ weapons/attack-surface-detector-zap.yaml | 13 ++++++++ weapons/auto-repeater.yaml | 13 ++++++++ weapons/autochrome.yaml | 12 +++++++ weapons/axiom.yaml | 14 ++++++++ weapons/bat.yaml | 12 +++++++ weapons/boast.yaml | 12 +++++++ weapons/bountyplz.yaml | 14 ++++++++ weapons/burl.yaml | 15 +++++++++ weapons/burp-exporter.yaml | 13 ++++++++ weapons/burp-piper.yaml | 13 ++++++++ weapons/burp-retire-js.yaml | 14 ++++++++ weapons/burp-send-to.yaml | 13 ++++++++ weapons/c-jwt-cracker.yaml | 15 +++++++++ weapons/can-i-take-over-xyz.yaml | 13 ++++++++ weapons/cariddi.yaml | 13 ++++++++ weapons/cc.py.yaml | 15 +++++++++ weapons/cf-check.yaml | 15 +++++++++ weapons/chaos-client.yaml | 15 +++++++++ weapons/clear-cache.yaml | 13 ++++++++ weapons/collaborator-everywhere.yaml | 13 ++++++++ weapons/commix.yaml | 12 +++++++ weapons/community-scripts.yaml | 13 ++++++++ weapons/confused.yaml | 13 ++++++++ weapons/cookie-quick-manager.yaml | 14 ++++++++ weapons/corsair_scan.yaml | 13 ++++++++ weapons/crawlergo.yaml | 12 +++++++ weapons/crlfuzz.yaml | 15 +++++++++ weapons/csp-auditor.yaml | 14 ++++++++ weapons/curl.yaml | 15 +++++++++ weapons/dalfox.yaml | 16 ++++++++++ weapons/dirsearch.yaml | 15 +++++++++ weapons/ditto.yaml | 12 +++++++ weapons/dmut.yaml | 13 ++++++++ weapons/dnsobserver.yaml | 14 ++++++++ weapons/dnsprobe.yaml | 16 ++++++++++ weapons/dnsvalidator.yaml | 13 ++++++++ weapons/dnsx.yaml | 13 ++++++++ weapons/docem.yaml | 13 ++++++++ weapons/domdig.yaml | 15 +++++++++ weapons/dontgo403.yaml | 12 +++++++ weapons/dotdotpwn.yaml | 15 +++++++++ weapons/eval_villain.yaml | 13 ++++++++ weapons/ezXSS.yaml | 16 ++++++++++ weapons/femida.yaml | 13 ++++++++ weapons/feroxbuster.yaml | 12 +++++++ weapons/ffuf.yaml | 15 +++++++++ weapons/fhc.yaml | 12 +++++++ weapons/findom-xss.yaml | 15 +++++++++ weapons/findomain.yaml | 16 ++++++++++ weapons/fockcache.yaml | 12 +++++++ weapons/fuzzparam.yaml | 12 +++++++ weapons/fzf.yaml | 15 +++++++++ weapons/gau.yaml | 16 ++++++++++ weapons/gauplus.yaml | 13 ++++++++ weapons/gee.yaml | 14 ++++++++ weapons/getJS.yaml | 12 +++++++ weapons/gf.yaml | 15 +++++++++ weapons/gitGraber.yaml | 15 +++++++++ weapons/github-endpoints.yaml | 12 +++++++ weapons/github-regexp.yaml | 12 +++++++ weapons/github-search.yaml | 15 +++++++++ weapons/github-subdomains.yaml | 12 +++++++ weapons/gitleaks.yaml | 12 +++++++ weapons/gitls.yaml | 12 +++++++ weapons/gitrob.yaml | 15 +++++++++ weapons/go-dork.yaml | 15 +++++++++ weapons/gobuster.yaml | 15 +++++++++ weapons/gospider.yaml | 15 +++++++++ weapons/gotator.yaml | 12 +++++++ weapons/gotestwaf.yaml | 13 ++++++++ weapons/gowitness.yaml | 16 ++++++++++ weapons/graphql-voyager.yaml | 15 +++++++++ weapons/grc.yaml | 12 +++++++ weapons/grex.yaml | 13 ++++++++ weapons/gron.yaml | 15 +++++++++ weapons/h2csmuggler.yaml | 15 +++++++++ weapons/hacks.yaml | 15 +++++++++ weapons/hakcheckurl.yaml | 12 +++++++ weapons/hakrawler.yaml | 16 ++++++++++ weapons/hakrevdns.yaml | 15 +++++++++ weapons/haktrails.yaml | 12 +++++++ weapons/hashcat.yaml | 12 +++++++ weapons/headi.yaml | 12 +++++++ weapons/hetty.yaml | 17 ++++++++++ weapons/hinject.yaml | 15 +++++++++ weapons/htcat.yaml | 15 +++++++++ weapons/http-request-smuggler.yaml | 13 ++++++++ weapons/http-request-smuggling.yaml | 12 +++++++ weapons/http-script-generator.yaml | 14 ++++++++ weapons/http2smugl.yaml | 13 ++++++++ weapons/httpie.yaml | 15 +++++++++ weapons/httprobe.yaml | 15 +++++++++ weapons/httptoolkit.yaml | 13 ++++++++ weapons/httpx.yaml | 17 ++++++++++ weapons/hurl.yaml | 12 +++++++ weapons/inql.yaml | 13 ++++++++ weapons/interactsh.yaml | 12 +++++++ weapons/intrigue-core.yaml | 15 +++++++++ weapons/jaeles.yaml | 15 +++++++++ weapons/jsfuck.yaml | 12 +++++++ weapons/jsonwebtoken.github.io.yaml | 14 ++++++++ weapons/jsprime.yaml | 12 +++++++ weapons/jwt-cracker.yaml | 15 +++++++++ weapons/jwt-hack.yaml | 16 ++++++++++ weapons/kiterunner.yaml | 12 +++++++ weapons/knife.yaml | 13 ++++++++ weapons/knock.yaml | 15 +++++++++ weapons/lazyrecon.yaml | 16 ++++++++++ weapons/longtongue.yaml | 12 +++++++ weapons/masscan.yaml | 16 ++++++++++ weapons/medusa.yaml | 15 +++++++++ weapons/meg.yaml | 15 +++++++++ weapons/megplus.yaml | 15 +++++++++ weapons/naabu.yaml | 17 ++++++++++ weapons/nikto.yaml | 15 +++++++++ weapons/nmap.yaml | 14 ++++++++ weapons/nosqli.yaml | 15 +++++++++ weapons/nuclei.yaml | 16 ++++++++++ weapons/ob_hacky_slack.yaml | 12 +++++++ weapons/owasp-zap-jwt-addon.yaml | 13 ++++++++ weapons/oxml_xxe.yaml | 15 +++++++++ weapons/pagodo.yaml | 13 ++++++++ weapons/param-miner.yaml | 13 ++++++++ weapons/parameth.yaml | 12 +++++++ weapons/pentest-tools.yaml | 15 +++++++++ weapons/pet.yaml | 14 ++++++++ weapons/plution.yaml | 12 +++++++ weapons/postMessage-tracker.yaml | 14 ++++++++ weapons/ppfuzz.yaml | 13 ++++++++ weapons/ppmap.yaml | 13 ++++++++ weapons/proxify.yaml | 13 ++++++++ weapons/puredns.yaml | 13 ++++++++ weapons/pwncat.yaml | 16 ++++++++++ weapons/qsreplace.yaml | 16 ++++++++++ weapons/quickjack.yaml | 13 ++++++++ weapons/rapidscan.yaml | 15 +++++++++ weapons/recon_profile.yaml | 15 +++++++++ weapons/reconftw.yaml | 13 ++++++++ weapons/reflect.yaml | 13 ++++++++ weapons/reflected-parameters.yaml | 13 ++++++++ weapons/rengine.yaml | 17 ++++++++++ weapons/rusolver.yaml | 12 +++++++ weapons/s3reverse.yaml | 16 ++++++++++ weapons/safecopy.yaml | 13 ++++++++ weapons/scilla.yaml | 16 ++++++++++ weapons/security-crawl-maze.yaml | 14 ++++++++ weapons/security-research-pocs.yaml | 13 ++++++++ weapons/shuffledns.yaml | 17 ++++++++++ weapons/singularity.yaml | 12 +++++++ weapons/slackcat.yaml | 12 +++++++ weapons/smuggler.yaml | 16 ++++++++++ weapons/sn0int.yaml | 12 +++++++ weapons/spiderfoot.yaml | 12 +++++++ weapons/sqliv.yaml | 12 +++++++ weapons/sqlmap.yaml | 14 ++++++++ weapons/ssrf-sheriff.yaml | 15 +++++++++ weapons/subfinder.yaml | 17 ++++++++++ weapons/subgen.yaml | 13 ++++++++ weapons/subjack.yaml | 15 +++++++++ weapons/subjs.yaml | 12 +++++++ weapons/subs_all.yaml | 15 +++++++++ weapons/subzy.yaml | 12 +++++++ weapons/taborator.yaml | 13 ++++++++ weapons/template-generator.yaml | 18 +++++++++++ weapons/testssl.sh.yaml | 15 +++++++++ weapons/thc-hydra.yaml | 15 +++++++++ weapons/tiscripts.yaml | 12 +++++++ weapons/tplmap.yaml | 13 ++++++++ weapons/turbo-intruder.yaml | 13 ++++++++ weapons/uncover.yaml | 13 ++++++++ weapons/unfurl.yaml | 15 +++++++++ weapons/urlgrab.yaml | 16 ++++++++++ weapons/urlhunter.yaml | 13 ++++++++ weapons/urlprobe.yaml | 15 +++++++++ weapons/uro.yaml | 12 +++++++ weapons/waybackurls.yaml | 15 +++++++++ weapons/weaponised-XSS-payloads.yaml | 12 +++++++ weapons/web_cache_poison.yaml | 12 +++++++ weapons/websocket-connection-smuggler.yaml | 12 +++++++ weapons/wfuzz.yaml | 15 +++++++++ weapons/wprecon.yaml | 13 ++++++++ weapons/wpscan.yaml | 17 ++++++++++ weapons/ws-smuggler.yaml | 12 +++++++ weapons/wssip.yaml | 13 ++++++++ weapons/wuzz.yaml | 15 +++++++++ weapons/x8.yaml | 12 +++++++ weapons/xsinator.com.yaml | 12 +++++++ weapons/xss-cheatsheet-data.yaml | 16 ++++++++++ weapons/xsscrapy.yaml | 16 ++++++++++ weapons/xsser.yaml | 16 ++++++++++ weapons/xssor2.yaml | 12 +++++++ weapons/xxeserv.yaml | 12 +++++++ weapons/ysoserial.net.yaml | 15 +++++++++ weapons/ysoserial.yaml | 16 ++++++++++ weapons/zap-cli.yaml | 15 +++++++++ weapons/zap-hud.yaml | 13 ++++++++ weapons/zaproxy.yaml | 12 +++++++ weapons/zdns.yaml | 12 +++++++ 297 files changed, 4052 insertions(+), 37 deletions(-) delete mode 100644 template/foot.md delete mode 100644 template/head.md create mode 100644 weapons/230-OOB.yaml create mode 100644 weapons/3klCon.yaml create mode 100644 weapons/AWSBucketDump.yaml create mode 100644 weapons/Amass.yaml create mode 100644 weapons/Arjun.yaml create mode 100644 weapons/Assetnote_Wordlists.yaml create mode 100644 weapons/Atlas.yaml create mode 100644 weapons/AuthMatrix.yaml create mode 100644 weapons/Autorize.yaml create mode 100644 weapons/Blacklist3r.yaml create mode 100644 weapons/BruteX.yaml create mode 100644 weapons/Bug-Bounty-Toolz.yaml create mode 100644 weapons/BurpBounty.yaml create mode 100644 weapons/BurpCustomizer.yaml create mode 100644 weapons/BurpJSLinkFinder.yaml create mode 100644 weapons/BurpSuite-Secret_Finder.yaml create mode 100644 weapons/BurpSuite.yaml create mode 100644 weapons/BurpSuiteHTTPSmuggler.yaml create mode 100644 weapons/BurpSuiteLoggerPlusPlus.yaml create mode 100644 weapons/CSP_Evaluator.yaml create mode 100644 weapons/CT_subdomains.yaml create mode 100644 weapons/Chaos_Web.yaml create mode 100644 weapons/Chromium-based-XSS-Taint-Tracking.yaml create mode 100644 weapons/CorsMe.yaml create mode 100644 weapons/Corsy.yaml create mode 100644 weapons/CyberChef.yaml create mode 100644 weapons/DNSDumpster.yaml create mode 100644 weapons/DOMPurify.yaml create mode 100644 weapons/DSSS.yaml create mode 100644 weapons/Dark_Reader.yaml create mode 100644 weapons/Dark_Reader_for_Safari.yaml create mode 100644 weapons/DeepViolet.yaml create mode 100644 weapons/DirDar.yaml create mode 100644 weapons/DotGit.yaml create mode 100644 weapons/Edit-This-Cookie.yaml create mode 100644 weapons/Emissary.yaml create mode 100644 weapons/FavFreak.yaml create mode 100644 weapons/Findsploit.yaml create mode 100644 weapons/Gf-Patterns.yaml create mode 100644 weapons/GitMiner.yaml create mode 100644 weapons/Gopherus.yaml create mode 100644 weapons/GraphQLmap.yaml create mode 100644 weapons/HRS.yaml create mode 100644 weapons/HUNT.yaml create mode 100644 weapons/Hack-Tools.yaml create mode 100644 weapons/HydraRecon.yaml create mode 100644 weapons/IntruderPayloads.yaml create mode 100644 weapons/JSFScan.sh.yaml create mode 100644 weapons/LFISuite.yaml create mode 100644 weapons/LinkFinder.yaml create mode 100644 weapons/MM3_ProxySwitch.yaml create mode 100644 weapons/NoSQLMap.yaml create mode 100644 weapons/OneForAll.yaml create mode 100644 weapons/OpenRedireX.yaml create mode 100644 weapons/Osmedeus.yaml create mode 100644 weapons/PPScan.yaml create mode 100644 weapons/ParamSpider.yaml create mode 100644 weapons/Parth.yaml create mode 100644 weapons/PayloadsAllTheThings.yaml create mode 100644 weapons/Phoenix.yaml create mode 100644 weapons/Photon.yaml create mode 100644 weapons/PoC-in-GitHub.yaml create mode 100644 weapons/RustScan.yaml create mode 100644 weapons/S3Scanner.yaml create mode 100644 weapons/SQLNinja.yaml create mode 100644 weapons/SQL_Ninja.yaml create mode 100644 weapons/SSRFmap.yaml create mode 100644 weapons/STEWS.yaml create mode 100644 weapons/SecLists.yaml create mode 100644 weapons/SecretFinder.yaml create mode 100644 weapons/SecurityTrails.yaml create mode 100644 weapons/SequenceDiagram.yaml create mode 100644 weapons/Shodan.yaml create mode 100644 weapons/Silver.yaml create mode 100644 weapons/Sn1per.yaml create mode 100644 weapons/Stepper.yaml create mode 100644 weapons/Striker.yaml create mode 100644 weapons/SubOver.yaml create mode 100644 weapons/Sublist3r.yaml create mode 100644 weapons/Taipan.yaml create mode 100644 weapons/TukTuk.yaml create mode 100644 weapons/User-Agent_Switcher.yaml create mode 100644 weapons/VHostScan.yaml create mode 100644 weapons/Wayback_Machine.yaml create mode 100644 weapons/Web-Cache-Vulnerability-Scanner.yaml create mode 100644 weapons/XSRFProbe.yaml create mode 100644 weapons/XSStrike.yaml create mode 100644 weapons/XSpear.yaml create mode 100644 weapons/XXEinjector.yaml create mode 100644 weapons/a2sv.yaml create mode 100644 weapons/altdns.yaml create mode 100644 weapons/anew.yaml create mode 100644 weapons/apkleaks.yaml create mode 100644 weapons/aquatone.yaml create mode 100644 weapons/arachni.yaml create mode 100644 weapons/assetfinder.yaml create mode 100644 weapons/attack-surface-detector-zap.yaml create mode 100644 weapons/auto-repeater.yaml create mode 100644 weapons/autochrome.yaml create mode 100644 weapons/axiom.yaml create mode 100644 weapons/bat.yaml create mode 100644 weapons/boast.yaml create mode 100644 weapons/bountyplz.yaml create mode 100644 weapons/burl.yaml create mode 100644 weapons/burp-exporter.yaml create mode 100644 weapons/burp-piper.yaml create mode 100644 weapons/burp-retire-js.yaml create mode 100644 weapons/burp-send-to.yaml create mode 100644 weapons/c-jwt-cracker.yaml create mode 100644 weapons/can-i-take-over-xyz.yaml create mode 100644 weapons/cariddi.yaml create mode 100644 weapons/cc.py.yaml create mode 100644 weapons/cf-check.yaml create mode 100644 weapons/chaos-client.yaml create mode 100644 weapons/clear-cache.yaml create mode 100644 weapons/collaborator-everywhere.yaml create mode 100644 weapons/commix.yaml create mode 100644 weapons/community-scripts.yaml create mode 100644 weapons/confused.yaml create mode 100644 weapons/cookie-quick-manager.yaml create mode 100644 weapons/corsair_scan.yaml create mode 100644 weapons/crawlergo.yaml create mode 100644 weapons/crlfuzz.yaml create mode 100644 weapons/csp-auditor.yaml create mode 100644 weapons/curl.yaml create mode 100644 weapons/dalfox.yaml create mode 100644 weapons/dirsearch.yaml create mode 100644 weapons/ditto.yaml create mode 100644 weapons/dmut.yaml create mode 100644 weapons/dnsobserver.yaml create mode 100644 weapons/dnsprobe.yaml create mode 100644 weapons/dnsvalidator.yaml create mode 100644 weapons/dnsx.yaml create mode 100644 weapons/docem.yaml create mode 100644 weapons/domdig.yaml create mode 100644 weapons/dontgo403.yaml create mode 100644 weapons/dotdotpwn.yaml create mode 100644 weapons/eval_villain.yaml create mode 100644 weapons/ezXSS.yaml create mode 100644 weapons/femida.yaml create mode 100644 weapons/feroxbuster.yaml create mode 100644 weapons/ffuf.yaml create mode 100644 weapons/fhc.yaml create mode 100644 weapons/findom-xss.yaml create mode 100644 weapons/findomain.yaml create mode 100644 weapons/fockcache.yaml create mode 100644 weapons/fuzzparam.yaml create mode 100644 weapons/fzf.yaml create mode 100644 weapons/gau.yaml create mode 100644 weapons/gauplus.yaml create mode 100644 weapons/gee.yaml create mode 100644 weapons/getJS.yaml create mode 100644 weapons/gf.yaml create mode 100644 weapons/gitGraber.yaml create mode 100644 weapons/github-endpoints.yaml create mode 100644 weapons/github-regexp.yaml create mode 100644 weapons/github-search.yaml create mode 100644 weapons/github-subdomains.yaml create mode 100644 weapons/gitleaks.yaml create mode 100644 weapons/gitls.yaml create mode 100644 weapons/gitrob.yaml create mode 100644 weapons/go-dork.yaml create mode 100644 weapons/gobuster.yaml create mode 100644 weapons/gospider.yaml create mode 100644 weapons/gotator.yaml create mode 100644 weapons/gotestwaf.yaml create mode 100644 weapons/gowitness.yaml create mode 100644 weapons/graphql-voyager.yaml create mode 100644 weapons/grc.yaml create mode 100644 weapons/grex.yaml create mode 100644 weapons/gron.yaml create mode 100644 weapons/h2csmuggler.yaml create mode 100644 weapons/hacks.yaml create mode 100644 weapons/hakcheckurl.yaml create mode 100644 weapons/hakrawler.yaml create mode 100644 weapons/hakrevdns.yaml create mode 100644 weapons/haktrails.yaml create mode 100644 weapons/hashcat.yaml create mode 100644 weapons/headi.yaml create mode 100644 weapons/hetty.yaml create mode 100644 weapons/hinject.yaml create mode 100644 weapons/htcat.yaml create mode 100644 weapons/http-request-smuggler.yaml create mode 100644 weapons/http-request-smuggling.yaml create mode 100644 weapons/http-script-generator.yaml create mode 100644 weapons/http2smugl.yaml create mode 100644 weapons/httpie.yaml create mode 100644 weapons/httprobe.yaml create mode 100644 weapons/httptoolkit.yaml create mode 100644 weapons/httpx.yaml create mode 100644 weapons/hurl.yaml create mode 100644 weapons/inql.yaml create mode 100644 weapons/interactsh.yaml create mode 100644 weapons/intrigue-core.yaml create mode 100644 weapons/jaeles.yaml create mode 100644 weapons/jsfuck.yaml create mode 100644 weapons/jsonwebtoken.github.io.yaml create mode 100644 weapons/jsprime.yaml create mode 100644 weapons/jwt-cracker.yaml create mode 100644 weapons/jwt-hack.yaml create mode 100644 weapons/kiterunner.yaml create mode 100644 weapons/knife.yaml create mode 100644 weapons/knock.yaml create mode 100644 weapons/lazyrecon.yaml create mode 100644 weapons/longtongue.yaml create mode 100644 weapons/masscan.yaml create mode 100644 weapons/medusa.yaml create mode 100644 weapons/meg.yaml create mode 100644 weapons/megplus.yaml create mode 100644 weapons/naabu.yaml create mode 100644 weapons/nikto.yaml create mode 100644 weapons/nmap.yaml create mode 100644 weapons/nosqli.yaml create mode 100644 weapons/nuclei.yaml create mode 100644 weapons/ob_hacky_slack.yaml create mode 100644 weapons/owasp-zap-jwt-addon.yaml create mode 100644 weapons/oxml_xxe.yaml create mode 100644 weapons/pagodo.yaml create mode 100644 weapons/param-miner.yaml create mode 100644 weapons/parameth.yaml create mode 100644 weapons/pentest-tools.yaml create mode 100644 weapons/pet.yaml create mode 100644 weapons/plution.yaml create mode 100644 weapons/postMessage-tracker.yaml create mode 100644 weapons/ppfuzz.yaml create mode 100644 weapons/ppmap.yaml create mode 100644 weapons/proxify.yaml create mode 100644 weapons/puredns.yaml create mode 100644 weapons/pwncat.yaml create mode 100644 weapons/qsreplace.yaml create mode 100644 weapons/quickjack.yaml create mode 100644 weapons/rapidscan.yaml create mode 100644 weapons/recon_profile.yaml create mode 100644 weapons/reconftw.yaml create mode 100644 weapons/reflect.yaml create mode 100644 weapons/reflected-parameters.yaml create mode 100644 weapons/rengine.yaml create mode 100644 weapons/rusolver.yaml create mode 100644 weapons/s3reverse.yaml create mode 100644 weapons/safecopy.yaml create mode 100644 weapons/scilla.yaml create mode 100644 weapons/security-crawl-maze.yaml create mode 100644 weapons/security-research-pocs.yaml create mode 100644 weapons/shuffledns.yaml create mode 100644 weapons/singularity.yaml create mode 100644 weapons/slackcat.yaml create mode 100644 weapons/smuggler.yaml create mode 100644 weapons/sn0int.yaml create mode 100644 weapons/spiderfoot.yaml create mode 100644 weapons/sqliv.yaml create mode 100644 weapons/sqlmap.yaml create mode 100644 weapons/ssrf-sheriff.yaml create mode 100644 weapons/subfinder.yaml create mode 100644 weapons/subgen.yaml create mode 100644 weapons/subjack.yaml create mode 100644 weapons/subjs.yaml create mode 100644 weapons/subs_all.yaml create mode 100644 weapons/subzy.yaml create mode 100644 weapons/taborator.yaml create mode 100644 weapons/template-generator.yaml create mode 100644 weapons/testssl.sh.yaml create mode 100644 weapons/thc-hydra.yaml create mode 100644 weapons/tiscripts.yaml create mode 100644 weapons/tplmap.yaml create mode 100644 weapons/turbo-intruder.yaml create mode 100644 weapons/uncover.yaml create mode 100644 weapons/unfurl.yaml create mode 100644 weapons/urlgrab.yaml create mode 100644 weapons/urlhunter.yaml create mode 100644 weapons/urlprobe.yaml create mode 100644 weapons/uro.yaml create mode 100644 weapons/waybackurls.yaml create mode 100644 weapons/weaponised-XSS-payloads.yaml create mode 100644 weapons/web_cache_poison.yaml create mode 100644 weapons/websocket-connection-smuggler.yaml create mode 100644 weapons/wfuzz.yaml create mode 100644 weapons/wprecon.yaml create mode 100644 weapons/wpscan.yaml create mode 100644 weapons/ws-smuggler.yaml create mode 100644 weapons/wssip.yaml create mode 100644 weapons/wuzz.yaml create mode 100644 weapons/x8.yaml create mode 100644 weapons/xsinator.com.yaml create mode 100644 weapons/xss-cheatsheet-data.yaml create mode 100644 weapons/xsscrapy.yaml create mode 100644 weapons/xsser.yaml create mode 100644 weapons/xssor2.yaml create mode 100644 weapons/xxeserv.yaml create mode 100644 weapons/ysoserial.net.yaml create mode 100644 weapons/ysoserial.yaml create mode 100644 weapons/zap-cli.yaml create mode 100644 weapons/zap-hud.yaml create mode 100644 weapons/zaproxy.yaml create mode 100644 weapons/zdns.yaml diff --git a/scripts/migration.rb b/scripts/migration.rb index 5ea0575..fd8ed30 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -44,6 +44,12 @@ def get_urls str return URI.extract(str).uniq end +def get_lang url + if url.include? "https://github.com" + + end +end + def migrate jsonfile, category file = File.read(jsonfile) data_hash = JSON.parse(file) @@ -73,7 +79,7 @@ def migrate jsonfile, category # Save yaml file puts filename - #File.write("./weapons/#{filename}", yaml_data) + File.write("./weapons/#{filename}", yaml_data) end end diff --git a/template/foot.md b/template/foot.md deleted file mode 100644 index a79f0ae..0000000 --- a/template/foot.md +++ /dev/null @@ -1,4 +0,0 @@ - -## Thanks to (Contributor) -I would like to thank everyone who helped with this project 👍😎 -![](/CONTRIBUTORS.svg) diff --git a/template/head.md b/template/head.md deleted file mode 100644 index d18def1..0000000 --- a/template/head.md +++ /dev/null @@ -1,32 +0,0 @@ -

-
- -
- - - - - - -

-A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting - -## Family project -[![WebHackersWeapons](https://img.shields.io/github/stars/hahwul/WebHackersWeapons?label=WebHackersWeapons)](https://github.com/hahwul/WebHackersWeapons) -[![MobileHackersWeapons](https://img.shields.io/github/stars/hahwul/MobileHackersWeapons?label=MobileHackersWeapons)](https://github.com/hahwul/MobileHackersWeapons) - -## Table of Contents -- [WHW-Tools](https://whw-tools.hahwul.com) -- [Weapons](#weapons) -- [Awesome Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) -- [Awesome Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) -- [Awesome Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) -- [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md) -- [Thanks to contributor](#thanks-to-contributor) - -## WHW-Tools -> Always use the latest tools 😎 - -`WHW-Tools` is tools web of `#WebHackersWeapons`. Easy install and Easy manage upgrade. Go to [WHW-Tools](https://whw-tools.hahwul.com/) - -## Weapons diff --git a/weapons/230-OOB.yaml b/weapons/230-OOB.yaml new file mode 100644 index 0000000..d8668ee --- /dev/null +++ b/weapons/230-OOB.yaml @@ -0,0 +1,12 @@ +--- +name: 230-OOB +description: An Out-of-Band XXE server for retrieving file contents over FTP. +urls: +- https://github.com/lc/230-OOB) +- https://img.shields.io/github/stars/lc/230-OOB) +- https://img.shields.io/github/languages/top/lc/230-OOB) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/3klCon.yaml b/weapons/3klCon.yaml new file mode 100644 index 0000000..e0a7ee1 --- /dev/null +++ b/weapons/3klCon.yaml @@ -0,0 +1,13 @@ +--- +name: 3klCon +description: Automation Recon tool which works with Large & Medium scopes. It performs + more than 20 tasks and gets back all the results in separated files. +urls: +- https://github.com/eslam3kl/3klCon) +- https://img.shields.io/github/stars/eslam3kl/3klCon) +- https://img.shields.io/github/languages/top/eslam3kl/3klCon) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/AWSBucketDump.yaml b/weapons/AWSBucketDump.yaml new file mode 100644 index 0000000..a9cfe58 --- /dev/null +++ b/weapons/AWSBucketDump.yaml @@ -0,0 +1,12 @@ +--- +name: AWSBucketDump +description: Security Tool to Look For Interesting Files in S3 Buckets +urls: +- https://github.com/jordanpotti/AWSBucketDump) +- https://img.shields.io/github/stars/jordanpotti/AWSBucketDump) +- https://img.shields.io/github/languages/top/jordanpotti/AWSBucketDump) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Amass.yaml b/weapons/Amass.yaml new file mode 100644 index 0000000..9f05cfa --- /dev/null +++ b/weapons/Amass.yaml @@ -0,0 +1,14 @@ +--- +name: Amass +description: 'In-depth Attack Surface Mapping and Asset Discovery ' +urls: +- https://github.com/OWASP/Amass) +- https://img.shields.io/github/stars/OWASP/Amass) +- https://img.shields.io/github/languages/top/OWASP/Amass) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/Arjun.yaml b/weapons/Arjun.yaml new file mode 100644 index 0000000..777782a --- /dev/null +++ b/weapons/Arjun.yaml @@ -0,0 +1,15 @@ +--- +name: Arjun +description: 'HTTP parameter discovery suite. ' +urls: +- https://github.com/s0md3v/Arjun) +- https://img.shields.io/github/stars/s0md3v/Arjun) +- https://img.shields.io/github/languages/top/s0md3v/Arjun) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Assetnote_Wordlists.yaml b/weapons/Assetnote_Wordlists.yaml new file mode 100644 index 0000000..ebafb17 --- /dev/null +++ b/weapons/Assetnote_Wordlists.yaml @@ -0,0 +1,15 @@ +--- +name: Assetnote Wordlists +description: Automated & Manual Wordlists provided by Assetnote +urls: +- https://github.com/assetnote/wordlists) +- https://img.shields.io/github/stars/assetnote/wordlists) +- https://img.shields.io/github/languages/top/assetnote/wordlists) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Atlas.yaml b/weapons/Atlas.yaml new file mode 100644 index 0000000..7b12922 --- /dev/null +++ b/weapons/Atlas.yaml @@ -0,0 +1,15 @@ +--- +name: Atlas +description: 'Quick SQLMap Tamper Suggester ' +urls: +- https://github.com/m4ll0k/Atlas) +- https://img.shields.io/github/stars/m4ll0k/Atlas) +- https://img.shields.io/github/languages/top/m4ll0k/Atlas) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/AuthMatrix.yaml b/weapons/AuthMatrix.yaml new file mode 100644 index 0000000..c47de09 --- /dev/null +++ b/weapons/AuthMatrix.yaml @@ -0,0 +1,13 @@ +--- +name: AuthMatrix +description: +urls: +- https://github.com/SecurityInnovation/AuthMatrix) +- https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix) +- https://img.shields.io/github/languages/top/SecurityInnovation/AuthMatrix) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/Autorize.yaml b/weapons/Autorize.yaml new file mode 100644 index 0000000..1771858 --- /dev/null +++ b/weapons/Autorize.yaml @@ -0,0 +1,13 @@ +--- +name: Autorize +description: +urls: +- https://github.com/Quitten/Autorize) +- https://img.shields.io/github/stars/Quitten/Autorize) +- https://img.shields.io/github/languages/top/Quitten/Autorize) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/Blacklist3r.yaml b/weapons/Blacklist3r.yaml new file mode 100644 index 0000000..3a355d0 --- /dev/null +++ b/weapons/Blacklist3r.yaml @@ -0,0 +1,12 @@ +--- +name: Blacklist3r +description: 'project-blacklist3r ' +urls: +- https://github.com/NotSoSecure/Blacklist3r) +- https://img.shields.io/github/stars/NotSoSecure/Blacklist3r) +- https://img.shields.io/github/languages/top/NotSoSecure/Blacklist3r) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/BruteX.yaml b/weapons/BruteX.yaml new file mode 100644 index 0000000..0201932 --- /dev/null +++ b/weapons/BruteX.yaml @@ -0,0 +1,12 @@ +--- +name: BruteX +description: Automatically brute force all services running on a target. +urls: +- https://github.com/1N3/BruteX) +- https://img.shields.io/github/stars/1N3/BruteX) +- https://img.shields.io/github/languages/top/1N3/BruteX) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Bug-Bounty-Toolz.yaml b/weapons/Bug-Bounty-Toolz.yaml new file mode 100644 index 0000000..8aaaefb --- /dev/null +++ b/weapons/Bug-Bounty-Toolz.yaml @@ -0,0 +1,12 @@ +--- +name: Bug-Bounty-Toolz +description: 'BBT - Bug Bounty Tools ' +urls: +- https://github.com/m4ll0k/Bug-Bounty-Toolz) +- https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz) +- https://img.shields.io/github/languages/top/m4ll0k/Bug-Bounty-Toolz) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/BurpBounty.yaml b/weapons/BurpBounty.yaml new file mode 100644 index 0000000..a60a4f3 --- /dev/null +++ b/weapons/BurpBounty.yaml @@ -0,0 +1,13 @@ +--- +name: BurpBounty +description: +urls: +- https://github.com/wagiro/BurpBounty) +- https://img.shields.io/github/stars/wagiro/BurpBounty) +- https://img.shields.io/github/languages/top/wagiro/BurpBounty) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/BurpCustomizer.yaml b/weapons/BurpCustomizer.yaml new file mode 100644 index 0000000..e00ae5d --- /dev/null +++ b/weapons/BurpCustomizer.yaml @@ -0,0 +1,13 @@ +--- +name: BurpCustomizer +description: Because just a dark theme wasn't enough! +urls: +- https://github.com/CoreyD97/BurpCustomizer) +- https://img.shields.io/github/stars/CoreyD97/BurpCustomizer) +- https://img.shields.io/github/languages/top/CoreyD97/BurpCustomizer) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/BurpJSLinkFinder.yaml b/weapons/BurpJSLinkFinder.yaml new file mode 100644 index 0000000..1c26643 --- /dev/null +++ b/weapons/BurpJSLinkFinder.yaml @@ -0,0 +1,13 @@ +--- +name: BurpJSLinkFinder +description: +urls: +- https://github.com/InitRoot/BurpJSLinkFinder) +- https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder) +- https://img.shields.io/github/languages/top/InitRoot/BurpJSLinkFinder) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/BurpSuite-Secret_Finder.yaml b/weapons/BurpSuite-Secret_Finder.yaml new file mode 100644 index 0000000..fc549d4 --- /dev/null +++ b/weapons/BurpSuite-Secret_Finder.yaml @@ -0,0 +1,13 @@ +--- +name: BurpSuite-Secret_Finder +description: +urls: +- https://github.com/m4ll0k/BurpSuite-Secret_Finder) +- https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder) +- https://img.shields.io/github/languages/top/m4ll0k/BurpSuite-Secret_Finder) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/BurpSuite.yaml b/weapons/BurpSuite.yaml new file mode 100644 index 0000000..b9da140 --- /dev/null +++ b/weapons/BurpSuite.yaml @@ -0,0 +1,11 @@ +--- +name: BurpSuite +description: the BurpSuite Project +urls: +- https://portswigger.net/burp) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/BurpSuiteHTTPSmuggler.yaml b/weapons/BurpSuiteHTTPSmuggler.yaml new file mode 100644 index 0000000..7ff8c86 --- /dev/null +++ b/weapons/BurpSuiteHTTPSmuggler.yaml @@ -0,0 +1,13 @@ +--- +name: BurpSuiteHTTPSmuggler +description: +urls: +- https://github.com/nccgroup/BurpSuiteHTTPSmuggler) +- https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler) +- https://img.shields.io/github/languages/top/nccgroup/BurpSuiteHTTPSmuggler) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/BurpSuiteLoggerPlusPlus.yaml b/weapons/BurpSuiteLoggerPlusPlus.yaml new file mode 100644 index 0000000..5774b3b --- /dev/null +++ b/weapons/BurpSuiteLoggerPlusPlus.yaml @@ -0,0 +1,13 @@ +--- +name: BurpSuiteLoggerPlusPlus +description: +urls: +- https://github.com/nccgroup/BurpSuiteLoggerPlusPlus) +- https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus) +- https://img.shields.io/github/languages/top/nccgroup/BurpSuiteLoggerPlusPlus) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml new file mode 100644 index 0000000..536eed0 --- /dev/null +++ b/weapons/CSP_Evaluator.yaml @@ -0,0 +1,11 @@ +--- +name: CSP Evaluator +description: " Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://csp-evaluator.withgoogle.com +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/CT_subdomains.yaml b/weapons/CT_subdomains.yaml new file mode 100644 index 0000000..42e930d --- /dev/null +++ b/weapons/CT_subdomains.yaml @@ -0,0 +1,13 @@ +--- +name: CT_subdomains +description: 'An hourly updated list of subdomains gathered from certificate transparency + logs ' +urls: +- https://github.com/internetwache/CT_subdomains) +- https://img.shields.io/github/stars/internetwache/CT_subdomains) +- https://img.shields.io/github/languages/top/internetwache/CT_subdomains) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml new file mode 100644 index 0000000..15c3a2d --- /dev/null +++ b/weapons/Chaos_Web.yaml @@ -0,0 +1,12 @@ +--- +name: Chaos Web +description: " actively scan and maintain internet-wide assets' data. enhance research + and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)" +urls: +- https://chaos.projectdiscovery.io +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Chromium-based-XSS-Taint-Tracking.yaml b/weapons/Chromium-based-XSS-Taint-Tracking.yaml new file mode 100644 index 0000000..e04863f --- /dev/null +++ b/weapons/Chromium-based-XSS-Taint-Tracking.yaml @@ -0,0 +1,13 @@ +--- +name: Chromium-based-XSS-Taint-Tracking +description: Cyclops is a web browser with XSS detection feature, it is chromium-based + xss detection that used to find the flows from a source to a sink. +urls: +- https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) +- https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking) +- https://img.shields.io/github/languages/top/v8blink/Chromium-based-XSS-Taint-Tracking) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/CorsMe.yaml b/weapons/CorsMe.yaml new file mode 100644 index 0000000..1ba5dc7 --- /dev/null +++ b/weapons/CorsMe.yaml @@ -0,0 +1,15 @@ +--- +name: CorsMe +description: 'Cross Origin Resource Sharing MisConfiguration Scanner ' +urls: +- https://github.com/Shivangx01b/CorsMe) +- https://img.shields.io/github/stars/Shivangx01b/CorsMe) +- https://img.shields.io/github/languages/top/Shivangx01b/CorsMe) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Corsy.yaml b/weapons/Corsy.yaml new file mode 100644 index 0000000..095062f --- /dev/null +++ b/weapons/Corsy.yaml @@ -0,0 +1,15 @@ +--- +name: Corsy +description: 'CORS Misconfiguration Scanner ' +urls: +- https://github.com/s0md3v/Corsy) +- https://img.shields.io/github/stars/s0md3v/Corsy) +- https://img.shields.io/github/languages/top/s0md3v/Corsy) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/CyberChef.yaml b/weapons/CyberChef.yaml new file mode 100644 index 0000000..332d560 --- /dev/null +++ b/weapons/CyberChef.yaml @@ -0,0 +1,13 @@ +--- +name: CyberChef +description: 'The Cyber Swiss Army Knife - a web app for encryption, encoding, compression + and data analysis ' +urls: +- https://github.com/gchq/CyberChef) +- https://img.shields.io/github/stars/gchq/CyberChef) +- https://img.shields.io/github/languages/top/gchq/CyberChef) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml new file mode 100644 index 0000000..528c0ba --- /dev/null +++ b/weapons/DNSDumpster.yaml @@ -0,0 +1,11 @@ +--- +name: DNSDumpster +description: " Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://dnsdumpster.com +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/DOMPurify.yaml b/weapons/DOMPurify.yaml new file mode 100644 index 0000000..b4bb921 --- /dev/null +++ b/weapons/DOMPurify.yaml @@ -0,0 +1,15 @@ +--- +name: DOMPurify +description: 'DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for + HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of + configurability and hooks. Demo:' +urls: +- https://github.com/cure53/DOMPurify) +- 'Demo:' +- https://img.shields.io/github/stars/cure53/DOMPurify) +- https://img.shields.io/github/languages/top/cure53/DOMPurify) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/DSSS.yaml b/weapons/DSSS.yaml new file mode 100644 index 0000000..d630c9c --- /dev/null +++ b/weapons/DSSS.yaml @@ -0,0 +1,12 @@ +--- +name: DSSS +description: Damn Small SQLi Scanner +urls: +- https://github.com/stamparm/DSSS) +- https://img.shields.io/github/stars/stamparm/DSSS) +- https://img.shields.io/github/languages/top/stamparm/DSSS) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Dark_Reader.yaml b/weapons/Dark_Reader.yaml new file mode 100644 index 0000000..8800447 --- /dev/null +++ b/weapons/Dark_Reader.yaml @@ -0,0 +1,13 @@ +--- +name: Dark Reader +description: Dark mode to any site +urls: +- https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: browser-addon +types: [] +platform: +- chrome +- firefox +lang: [] +tags: [] diff --git a/weapons/Dark_Reader_for_Safari.yaml b/weapons/Dark_Reader_for_Safari.yaml new file mode 100644 index 0000000..ad3de67 --- /dev/null +++ b/weapons/Dark_Reader_for_Safari.yaml @@ -0,0 +1,12 @@ +--- +name: Dark Reader for Safari +description: Dark mode to any site +urls: +- https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: browser-addon +types: [] +platform: +- safari +lang: [] +tags: [] diff --git a/weapons/DeepViolet.yaml b/weapons/DeepViolet.yaml new file mode 100644 index 0000000..b995dbd --- /dev/null +++ b/weapons/DeepViolet.yaml @@ -0,0 +1,12 @@ +--- +name: DeepViolet +description: Tool for introspection of SSL\TLS sessions +urls: +- https://github.com/spoofzu/DeepViolet) +- https://img.shields.io/github/stars/spoofzu/DeepViolet) +- https://img.shields.io/github/languages/top/spoofzu/DeepViolet) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/DirDar.yaml b/weapons/DirDar.yaml new file mode 100644 index 0000000..a443fba --- /dev/null +++ b/weapons/DirDar.yaml @@ -0,0 +1,13 @@ +--- +name: DirDar +description: DirDar is a tool that searches for (403-Forbidden) directories to break + it and get dir listing on it +urls: +- https://github.com/M4DM0e/DirDar) +- https://img.shields.io/github/stars/M4DM0e/DirDar) +- https://img.shields.io/github/languages/top/M4DM0e/DirDar) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/DotGit.yaml b/weapons/DotGit.yaml new file mode 100644 index 0000000..f177dd3 --- /dev/null +++ b/weapons/DotGit.yaml @@ -0,0 +1,14 @@ +--- +name: DotGit +description: An extension for checking if .git is exposed in visited websites +urls: +- https://github.com/davtur19/DotGit) +- https://img.shields.io/github/stars/davtur19/DotGit) +- https://img.shields.io/github/languages/top/davtur19/DotGit) +category: browser-addon +types: [] +platform: +- chrome +- firefox +lang: [] +tags: [] diff --git a/weapons/Edit-This-Cookie.yaml b/weapons/Edit-This-Cookie.yaml new file mode 100644 index 0000000..cc3c897 --- /dev/null +++ b/weapons/Edit-This-Cookie.yaml @@ -0,0 +1,14 @@ +--- +name: Edit-This-Cookie +description: EditThisCookie is the famous Google Chrome/Chromium extension for editing + cookies +urls: +- https://github.com/ETCExtensions/Edit-This-Cookie) +- https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie) +- https://img.shields.io/github/languages/top/ETCExtensions/Edit-This-Cookie) +category: browser-addon +types: [] +platform: +- chrome +lang: [] +tags: [] diff --git a/weapons/Emissary.yaml b/weapons/Emissary.yaml new file mode 100644 index 0000000..30b9167 --- /dev/null +++ b/weapons/Emissary.yaml @@ -0,0 +1,13 @@ +--- +name: Emissary +description: Send notifications on different channels such as Slack, Telegram, Discord + etc. +urls: +- https://github.com/BountyStrike/Emissary) +- https://img.shields.io/github/stars/BountyStrike/Emissary) +- https://img.shields.io/github/languages/top/BountyStrike/Emissary) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/FavFreak.yaml b/weapons/FavFreak.yaml new file mode 100644 index 0000000..ea8c50c --- /dev/null +++ b/weapons/FavFreak.yaml @@ -0,0 +1,15 @@ +--- +name: FavFreak +description: 'Making Favicon.ico based Recon Great again ! ' +urls: +- https://github.com/devanshbatham/FavFreak) +- https://img.shields.io/github/stars/devanshbatham/FavFreak) +- https://img.shields.io/github/languages/top/devanshbatham/FavFreak) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Findsploit.yaml b/weapons/Findsploit.yaml new file mode 100644 index 0000000..9a22722 --- /dev/null +++ b/weapons/Findsploit.yaml @@ -0,0 +1,12 @@ +--- +name: Findsploit +description: Find exploits in local and online databases instantly +urls: +- https://github.com/1N3/Findsploit) +- https://img.shields.io/github/stars/1N3/Findsploit) +- https://img.shields.io/github/languages/top/1N3/Findsploit) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Gf-Patterns.yaml b/weapons/Gf-Patterns.yaml new file mode 100644 index 0000000..547f75c --- /dev/null +++ b/weapons/Gf-Patterns.yaml @@ -0,0 +1,16 @@ +--- +name: Gf-Patterns +description: 'GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) + parameters grep ' +urls: +- https://github.com/1ndianl33t/Gf-Patterns) +- https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns) +- https://img.shields.io/github/languages/top/1ndianl33t/Gf-Patterns) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/GitMiner.yaml b/weapons/GitMiner.yaml new file mode 100644 index 0000000..6ffda62 --- /dev/null +++ b/weapons/GitMiner.yaml @@ -0,0 +1,15 @@ +--- +name: GitMiner +description: 'Tool for advanced mining for content on Github ' +urls: +- https://github.com/UnkL4b/GitMiner) +- https://img.shields.io/github/stars/UnkL4b/GitMiner) +- https://img.shields.io/github/languages/top/UnkL4b/GitMiner) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Gopherus.yaml b/weapons/Gopherus.yaml new file mode 100644 index 0000000..b01435f --- /dev/null +++ b/weapons/Gopherus.yaml @@ -0,0 +1,16 @@ +--- +name: Gopherus +description: 'This tool generates gopher link for exploiting SSRF and gaining RCE + in various servers ' +urls: +- https://github.com/tarunkant/Gopherus) +- https://img.shields.io/github/stars/tarunkant/Gopherus) +- https://img.shields.io/github/languages/top/tarunkant/Gopherus) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/GraphQLmap.yaml b/weapons/GraphQLmap.yaml new file mode 100644 index 0000000..e820337 --- /dev/null +++ b/weapons/GraphQLmap.yaml @@ -0,0 +1,16 @@ +--- +name: GraphQLmap +description: 'GraphQLmap is a scripting engine to interact with a graphql endpoint + for pentesting purposes. ' +urls: +- https://github.com/swisskyrepo/GraphQLmap) +- https://img.shields.io/github/stars/swisskyrepo/GraphQLmap) +- https://img.shields.io/github/languages/top/swisskyrepo/GraphQLmap) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/HRS.yaml b/weapons/HRS.yaml new file mode 100644 index 0000000..4da51a5 --- /dev/null +++ b/weapons/HRS.yaml @@ -0,0 +1,13 @@ +--- +name: HRS +description: HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and + 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. +urls: +- https://github.com/SafeBreach-Labs/HRS) +- https://img.shields.io/github/stars/SafeBreach-Labs/HRS) +- https://img.shields.io/github/languages/top/SafeBreach-Labs/HRS) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/HUNT.yaml b/weapons/HUNT.yaml new file mode 100644 index 0000000..16bc893 --- /dev/null +++ b/weapons/HUNT.yaml @@ -0,0 +1,14 @@ +--- +name: HUNT +description: +urls: +- https://github.com/bugcrowd/HUNT) +- https://img.shields.io/github/stars/bugcrowd/HUNT) +- https://img.shields.io/github/languages/top/bugcrowd/HUNT) +category: tool-addon +types: [] +platform: +- burpsuite +- zap +lang: [] +tags: [] diff --git a/weapons/Hack-Tools.yaml b/weapons/Hack-Tools.yaml new file mode 100644 index 0000000..fc5bd04 --- /dev/null +++ b/weapons/Hack-Tools.yaml @@ -0,0 +1,14 @@ +--- +name: Hack-Tools +description: "The all-in-one Red Team extension for Web Pentester \U0001F6E0" +urls: +- https://github.com/LasCC/Hack-Tools) +- https://img.shields.io/github/stars/LasCC/Hack-Tools) +- https://img.shields.io/github/languages/top/LasCC/Hack-Tools) +category: browser-addon +types: [] +platform: +- chrome +- firefox +lang: [] +tags: [] diff --git a/weapons/HydraRecon.yaml b/weapons/HydraRecon.yaml new file mode 100644 index 0000000..02ced66 --- /dev/null +++ b/weapons/HydraRecon.yaml @@ -0,0 +1,12 @@ +--- +name: HydraRecon +description: All In One, Fast, Easy Recon Tool +urls: +- https://github.com/aufzayed/HydraRecon) +- https://img.shields.io/github/stars/aufzayed/HydraRecon) +- https://img.shields.io/github/languages/top/aufzayed/HydraRecon) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/IntruderPayloads.yaml b/weapons/IntruderPayloads.yaml new file mode 100644 index 0000000..4a4238a --- /dev/null +++ b/weapons/IntruderPayloads.yaml @@ -0,0 +1,13 @@ +--- +name: IntruderPayloads +description: +urls: +- https://github.com/1N3/IntruderPayloads) +- https://img.shields.io/github/stars/1N3/IntruderPayloads) +- https://img.shields.io/github/languages/top/1N3/IntruderPayloads) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/JSFScan.sh.yaml b/weapons/JSFScan.sh.yaml new file mode 100644 index 0000000..435809e --- /dev/null +++ b/weapons/JSFScan.sh.yaml @@ -0,0 +1,14 @@ +--- +name: JSFScan.sh +description: 'Automation for javascript recon in bug bounty. ' +urls: +- https://github.com/KathanP19/JSFScan.sh) +- https://img.shields.io/github/stars/KathanP19/JSFScan.sh) +- https://img.shields.io/github/languages/top/KathanP19/JSFScan.sh) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/LFISuite.yaml b/weapons/LFISuite.yaml new file mode 100644 index 0000000..f605e7d --- /dev/null +++ b/weapons/LFISuite.yaml @@ -0,0 +1,15 @@ +--- +name: LFISuite +description: 'Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ' +urls: +- https://github.com/D35m0nd142/LFISuite) +- https://img.shields.io/github/stars/D35m0nd142/LFISuite) +- https://img.shields.io/github/languages/top/D35m0nd142/LFISuite) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/LinkFinder.yaml b/weapons/LinkFinder.yaml new file mode 100644 index 0000000..43b0654 --- /dev/null +++ b/weapons/LinkFinder.yaml @@ -0,0 +1,15 @@ +--- +name: LinkFinder +description: 'A python script that finds endpoints in JavaScript files ' +urls: +- https://github.com/GerbenJavado/LinkFinder) +- https://img.shields.io/github/stars/GerbenJavado/LinkFinder) +- https://img.shields.io/github/languages/top/GerbenJavado/LinkFinder) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/MM3_ProxySwitch.yaml b/weapons/MM3_ProxySwitch.yaml new file mode 100644 index 0000000..76a3096 --- /dev/null +++ b/weapons/MM3_ProxySwitch.yaml @@ -0,0 +1,13 @@ +--- +name: MM3 ProxySwitch +description: Proxy Switch in Firefox and Chrome +urls: +- https://proxy-offline-browser.com/ProxySwitch/) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: browser-addon +types: [] +platform: +- chrome +- firefox +lang: [] +tags: [] diff --git a/weapons/NoSQLMap.yaml b/weapons/NoSQLMap.yaml new file mode 100644 index 0000000..3f28e2f --- /dev/null +++ b/weapons/NoSQLMap.yaml @@ -0,0 +1,16 @@ +--- +name: NoSQLMap +description: 'Automated NoSQL database enumeration and web application exploitation + tool. ' +urls: +- https://github.com/codingo/NoSQLMap) +- https://img.shields.io/github/stars/codingo/NoSQLMap) +- https://img.shields.io/github/languages/top/codingo/NoSQLMap) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/OneForAll.yaml b/weapons/OneForAll.yaml new file mode 100644 index 0000000..d4008b2 --- /dev/null +++ b/weapons/OneForAll.yaml @@ -0,0 +1,15 @@ +--- +name: OneForAll +description: 'OneForAll是一款功能强大的子域收集工具 ' +urls: +- https://github.com/shmilylty/OneForAll) +- https://img.shields.io/github/stars/shmilylty/OneForAll) +- https://img.shields.io/github/languages/top/shmilylty/OneForAll) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/OpenRedireX.yaml b/weapons/OpenRedireX.yaml new file mode 100644 index 0000000..e687642 --- /dev/null +++ b/weapons/OpenRedireX.yaml @@ -0,0 +1,12 @@ +--- +name: OpenRedireX +description: A Fuzzer for OpenRedirect issues +urls: +- https://github.com/devanshbatham/OpenRedireX) +- https://img.shields.io/github/stars/devanshbatham/OpenRedireX) +- https://img.shields.io/github/languages/top/devanshbatham/OpenRedireX) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Osmedeus.yaml b/weapons/Osmedeus.yaml new file mode 100644 index 0000000..63df72a --- /dev/null +++ b/weapons/Osmedeus.yaml @@ -0,0 +1,16 @@ +--- +name: Osmedeus +description: 'Fully automated offensive security framework for reconnaissance and + vulnerability scanning ' +urls: +- https://github.com/j3ssie/Osmedeus) +- https://img.shields.io/github/stars/j3ssie/Osmedeus) +- https://img.shields.io/github/languages/top/j3ssie/Osmedeus) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/PPScan.yaml b/weapons/PPScan.yaml new file mode 100644 index 0000000..3449788 --- /dev/null +++ b/weapons/PPScan.yaml @@ -0,0 +1,12 @@ +--- +name: PPScan +description: Client Side Prototype Pollution Scanner +urls: +- https://github.com/msrkp/PPScan) +- https://img.shields.io/github/stars/msrkp/PPScan) +- https://img.shields.io/github/languages/top/msrkp/PPScan) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/ParamSpider.yaml b/weapons/ParamSpider.yaml new file mode 100644 index 0000000..7706b1e --- /dev/null +++ b/weapons/ParamSpider.yaml @@ -0,0 +1,15 @@ +--- +name: ParamSpider +description: 'Mining parameters from dark corners of Web Archives ' +urls: +- https://github.com/devanshbatham/ParamSpider) +- https://img.shields.io/github/stars/devanshbatham/ParamSpider) +- https://img.shields.io/github/languages/top/devanshbatham/ParamSpider) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Parth.yaml b/weapons/Parth.yaml new file mode 100644 index 0000000..aadc050 --- /dev/null +++ b/weapons/Parth.yaml @@ -0,0 +1,15 @@ +--- +name: Parth +description: 'Heuristic Vulnerable Parameter Scanner ' +urls: +- https://github.com/s0md3v/Parth) +- https://img.shields.io/github/stars/s0md3v/Parth) +- https://img.shields.io/github/languages/top/s0md3v/Parth) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/PayloadsAllTheThings.yaml b/weapons/PayloadsAllTheThings.yaml new file mode 100644 index 0000000..9f9327a --- /dev/null +++ b/weapons/PayloadsAllTheThings.yaml @@ -0,0 +1,13 @@ +--- +name: PayloadsAllTheThings +description: 'A list of useful payloads and bypass for Web Application Security and + Pentest/CTF ' +urls: +- https://github.com/swisskyrepo/PayloadsAllTheThings) +- https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) +- https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml new file mode 100644 index 0000000..ceabd29 --- /dev/null +++ b/weapons/Phoenix.yaml @@ -0,0 +1,11 @@ +--- +name: Phoenix +description: " hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://www.hahwul.com/p/phoenix.html) +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Photon.yaml b/weapons/Photon.yaml new file mode 100644 index 0000000..346d75b --- /dev/null +++ b/weapons/Photon.yaml @@ -0,0 +1,15 @@ +--- +name: Photon +description: 'Incredibly fast crawler designed for OSINT. ' +urls: +- https://github.com/s0md3v/Photon) +- https://img.shields.io/github/stars/s0md3v/Photon) +- https://img.shields.io/github/languages/top/s0md3v/Photon) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/PoC-in-GitHub.yaml b/weapons/PoC-in-GitHub.yaml new file mode 100644 index 0000000..8f48564 --- /dev/null +++ b/weapons/PoC-in-GitHub.yaml @@ -0,0 +1,12 @@ +--- +name: PoC-in-GitHub +description: "\U0001F4E1 PoC auto collect from GitHub. Be careful malware." +urls: +- https://github.com/nomi-sec/PoC-in-GitHub) +- https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub) +- https://img.shields.io/github/languages/top/nomi-sec/PoC-in-GitHub) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/RustScan.yaml b/weapons/RustScan.yaml new file mode 100644 index 0000000..4c4d12d --- /dev/null +++ b/weapons/RustScan.yaml @@ -0,0 +1,15 @@ +--- +name: RustScan +description: 'Faster Nmap Scanning with Rust ' +urls: +- https://github.com/brandonskerritt/RustScan) +- https://img.shields.io/github/stars/brandonskerritt/RustScan) +- https://img.shields.io/github/languages/top/brandonskerritt/RustScan) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/S3Scanner.yaml b/weapons/S3Scanner.yaml new file mode 100644 index 0000000..45d27f3 --- /dev/null +++ b/weapons/S3Scanner.yaml @@ -0,0 +1,15 @@ +--- +name: S3Scanner +description: 'Scan for open AWS S3 buckets and dump the contents ' +urls: +- https://github.com/sa7mon/S3Scanner) +- https://img.shields.io/github/stars/sa7mon/S3Scanner) +- https://img.shields.io/github/languages/top/sa7mon/S3Scanner) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml new file mode 100644 index 0000000..c061549 --- /dev/null +++ b/weapons/SQLNinja.yaml @@ -0,0 +1,11 @@ +--- +name: SQLNinja +description: " SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://gitlab.com/kalilinux/packages/sqlninja) +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/SQL_Ninja.yaml b/weapons/SQL_Ninja.yaml new file mode 100644 index 0000000..3f2a104 --- /dev/null +++ b/weapons/SQL_Ninja.yaml @@ -0,0 +1,11 @@ +--- +name: SQL Ninja +description: SQL Injection scanner +urls: +- https://gitlab.com/kalilinux/packages/sqlninja) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/SSRFmap.yaml b/weapons/SSRFmap.yaml new file mode 100644 index 0000000..eff6c0c --- /dev/null +++ b/weapons/SSRFmap.yaml @@ -0,0 +1,15 @@ +--- +name: SSRFmap +description: 'Automatic SSRF fuzzer and exploitation tool ' +urls: +- https://github.com/swisskyrepo/SSRFmap) +- https://img.shields.io/github/stars/swisskyrepo/SSRFmap) +- https://img.shields.io/github/languages/top/swisskyrepo/SSRFmap) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/STEWS.yaml b/weapons/STEWS.yaml new file mode 100644 index 0000000..a51faaf --- /dev/null +++ b/weapons/STEWS.yaml @@ -0,0 +1,12 @@ +--- +name: STEWS +description: A Security Tool for Enumerating WebSockets +urls: +- https://github.com/PalindromeLabs/STEWS) +- https://img.shields.io/github/stars/PalindromeLabs/STEWS) +- https://img.shields.io/github/languages/top/PalindromeLabs/STEWS) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/SecLists.yaml b/weapons/SecLists.yaml new file mode 100644 index 0000000..95ed929 --- /dev/null +++ b/weapons/SecLists.yaml @@ -0,0 +1,18 @@ +--- +name: SecLists +description: 'SecLists is the security tester''s companion. It''s a collection of + multiple types of lists used during security assessments, collected in one place. + List types include usernames, passwords, URLs, sensitive data patterns, fuzzing + payloads, web shells, and many more. ' +urls: +- https://github.com/danielmiessler/SecLists) +- https://img.shields.io/github/stars/danielmiessler/SecLists) +- https://img.shields.io/github/languages/top/danielmiessler/SecLists) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/SecretFinder.yaml b/weapons/SecretFinder.yaml new file mode 100644 index 0000000..086397b --- /dev/null +++ b/weapons/SecretFinder.yaml @@ -0,0 +1,16 @@ +--- +name: SecretFinder +description: 'SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) + and search anything on javascript files ' +urls: +- https://github.com/m4ll0k/SecretFinder) +- https://img.shields.io/github/stars/m4ll0k/SecretFinder) +- https://img.shields.io/github/languages/top/m4ll0k/SecretFinder) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml new file mode 100644 index 0000000..6a817ed --- /dev/null +++ b/weapons/SecurityTrails.yaml @@ -0,0 +1,11 @@ +--- +name: SecurityTrails +description: " Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://securitytrails.com +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml new file mode 100644 index 0000000..e2aca06 --- /dev/null +++ b/weapons/SequenceDiagram.yaml @@ -0,0 +1,11 @@ +--- +name: SequenceDiagram +description: " Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://sequencediagram.org +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml new file mode 100644 index 0000000..bf3ba8c --- /dev/null +++ b/weapons/Shodan.yaml @@ -0,0 +1,11 @@ +--- +name: Shodan +description: " World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +urls: +- https://www.shodan.io/) +- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Silver.yaml b/weapons/Silver.yaml new file mode 100644 index 0000000..606978e --- /dev/null +++ b/weapons/Silver.yaml @@ -0,0 +1,15 @@ +--- +name: Silver +description: 'Mass scan IPs for vulnerable services ' +urls: +- https://github.com/s0md3v/Silver) +- https://img.shields.io/github/stars/s0md3v/Silver) +- https://img.shields.io/github/languages/top/s0md3v/Silver) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Sn1per.yaml b/weapons/Sn1per.yaml new file mode 100644 index 0000000..0c81288 --- /dev/null +++ b/weapons/Sn1per.yaml @@ -0,0 +1,15 @@ +--- +name: Sn1per +description: 'Automated pentest framework for offensive security experts ' +urls: +- https://github.com/1N3/Sn1per) +- https://img.shields.io/github/stars/1N3/Sn1per) +- https://img.shields.io/github/languages/top/1N3/Sn1per) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Stepper.yaml b/weapons/Stepper.yaml new file mode 100644 index 0000000..f309a27 --- /dev/null +++ b/weapons/Stepper.yaml @@ -0,0 +1,13 @@ +--- +name: Stepper +description: +urls: +- https://github.com/CoreyD97/Stepper) +- https://img.shields.io/github/stars/CoreyD97/Stepper) +- https://img.shields.io/github/languages/top/CoreyD97/Stepper) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/Striker.yaml b/weapons/Striker.yaml new file mode 100644 index 0000000..b29b1ab --- /dev/null +++ b/weapons/Striker.yaml @@ -0,0 +1,15 @@ +--- +name: Striker +description: 'Striker is an offensive information and vulnerability scanner. ' +urls: +- https://github.com/s0md3v/Striker) +- https://img.shields.io/github/stars/s0md3v/Striker) +- https://img.shields.io/github/languages/top/s0md3v/Striker) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/SubOver.yaml b/weapons/SubOver.yaml new file mode 100644 index 0000000..314691c --- /dev/null +++ b/weapons/SubOver.yaml @@ -0,0 +1,12 @@ +--- +name: SubOver +description: A Powerful Subdomain Takeover Tool +urls: +- https://github.com/Ice3man543/SubOver) +- https://img.shields.io/github/stars/Ice3man543/SubOver) +- https://img.shields.io/github/languages/top/Ice3man543/SubOver) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/Sublist3r.yaml b/weapons/Sublist3r.yaml new file mode 100644 index 0000000..1014f7c --- /dev/null +++ b/weapons/Sublist3r.yaml @@ -0,0 +1,15 @@ +--- +name: Sublist3r +description: 'Fast subdomains enumeration tool for penetration testers ' +urls: +- https://github.com/aboul3la/Sublist3r) +- https://img.shields.io/github/stars/aboul3la/Sublist3r) +- https://img.shields.io/github/languages/top/aboul3la/Sublist3r) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Taipan.yaml b/weapons/Taipan.yaml new file mode 100644 index 0000000..466f182 --- /dev/null +++ b/weapons/Taipan.yaml @@ -0,0 +1,12 @@ +--- +name: Taipan +description: Web application vulnerability scanner +urls: +- https://github.com/enkomio/Taipan) +- https://img.shields.io/github/stars/enkomio/Taipan) +- https://img.shields.io/github/languages/top/enkomio/Taipan) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/TukTuk.yaml b/weapons/TukTuk.yaml new file mode 100644 index 0000000..c60644b --- /dev/null +++ b/weapons/TukTuk.yaml @@ -0,0 +1,15 @@ +--- +name: TukTuk +description: 'Tool for catching and logging different types of requests. ' +urls: +- https://github.com/ArturSS7/TukTuk) +- https://img.shields.io/github/stars/ArturSS7/TukTuk) +- https://img.shields.io/github/languages/top/ArturSS7/TukTuk) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/User-Agent_Switcher.yaml b/weapons/User-Agent_Switcher.yaml new file mode 100644 index 0000000..530a391 --- /dev/null +++ b/weapons/User-Agent_Switcher.yaml @@ -0,0 +1,12 @@ +--- +name: User-Agent Switcher +description: quick and easy way to switch between user-agents. +urls: +- https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: browser-addon +types: [] +platform: +- chrome +lang: [] +tags: [] diff --git a/weapons/VHostScan.yaml b/weapons/VHostScan.yaml new file mode 100644 index 0000000..3485580 --- /dev/null +++ b/weapons/VHostScan.yaml @@ -0,0 +1,17 @@ +--- +name: VHostScan +description: 'A virtual host scanner that performs reverse lookups, can be used with + pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic + default pages. ' +urls: +- https://github.com/codingo/VHostScan) +- https://img.shields.io/github/stars/codingo/VHostScan) +- https://img.shields.io/github/languages/top/codingo/VHostScan) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/Wayback_Machine.yaml b/weapons/Wayback_Machine.yaml new file mode 100644 index 0000000..f73e9e9 --- /dev/null +++ b/weapons/Wayback_Machine.yaml @@ -0,0 +1,12 @@ +--- +name: Wayback Machine +description: History of website +urls: +- https://apps.apple.com/us/app/wayback-machine/id1472432422) +- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +category: browser-addon +types: [] +platform: +- safari +lang: [] +tags: [] diff --git a/weapons/Web-Cache-Vulnerability-Scanner.yaml b/weapons/Web-Cache-Vulnerability-Scanner.yaml new file mode 100644 index 0000000..af5431f --- /dev/null +++ b/weapons/Web-Cache-Vulnerability-Scanner.yaml @@ -0,0 +1,14 @@ +--- +name: Web-Cache-Vulnerability-Scanner +description: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for + web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). +urls: +- https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner) +- http://hackmanit.de/). +- https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner) +- https://img.shields.io/github/languages/top/Hackmanit/Web-Cache-Vulnerability-Scanner) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/XSRFProbe.yaml b/weapons/XSRFProbe.yaml new file mode 100644 index 0000000..8b98934 --- /dev/null +++ b/weapons/XSRFProbe.yaml @@ -0,0 +1,12 @@ +--- +name: XSRFProbe +description: The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. +urls: +- https://github.com/0xInfection/XSRFProbe) +- https://img.shields.io/github/stars/0xInfection/XSRFProbe) +- https://img.shields.io/github/languages/top/0xInfection/XSRFProbe) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/XSStrike.yaml b/weapons/XSStrike.yaml new file mode 100644 index 0000000..3dac24e --- /dev/null +++ b/weapons/XSStrike.yaml @@ -0,0 +1,15 @@ +--- +name: XSStrike +description: 'Most advanced XSS scanner. ' +urls: +- https://github.com/s0md3v/XSStrike) +- https://img.shields.io/github/stars/s0md3v/XSStrike) +- https://img.shields.io/github/languages/top/s0md3v/XSStrike) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/XSpear.yaml b/weapons/XSpear.yaml new file mode 100644 index 0000000..04bc5ba --- /dev/null +++ b/weapons/XSpear.yaml @@ -0,0 +1,15 @@ +--- +name: XSpear +description: 'Powerfull XSS Scanning and Parameter analysis tool&gem ' +urls: +- https://github.com/hahwul/XSpear) +- https://img.shields.io/github/stars/hahwul/XSpear) +- https://img.shields.io/github/languages/top/hahwul/XSpear) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/XXEinjector.yaml b/weapons/XXEinjector.yaml new file mode 100644 index 0000000..d5e1928 --- /dev/null +++ b/weapons/XXEinjector.yaml @@ -0,0 +1,13 @@ +--- +name: XXEinjector +description: Tool for automatic exploitation of XXE vulnerability using direct and + different out of band methods. +urls: +- https://github.com/enjoiz/XXEinjector) +- https://img.shields.io/github/stars/enjoiz/XXEinjector) +- https://img.shields.io/github/languages/top/enjoiz/XXEinjector) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/a2sv.yaml b/weapons/a2sv.yaml new file mode 100644 index 0000000..9abb552 --- /dev/null +++ b/weapons/a2sv.yaml @@ -0,0 +1,15 @@ +--- +name: a2sv +description: 'Auto Scanning to SSL Vulnerability ' +urls: +- https://github.com/hahwul/a2sv) +- https://img.shields.io/github/stars/hahwul/a2sv) +- https://img.shields.io/github/languages/top/hahwul/a2sv) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/altdns.yaml b/weapons/altdns.yaml new file mode 100644 index 0000000..df1c1ad --- /dev/null +++ b/weapons/altdns.yaml @@ -0,0 +1,16 @@ +--- +name: altdns +description: 'Generates permutations, alterations and mutations of subdomains and + then resolves them ' +urls: +- https://github.com/infosec-au/altdns) +- https://img.shields.io/github/stars/infosec-au/altdns) +- https://img.shields.io/github/languages/top/infosec-au/altdns) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/anew.yaml b/weapons/anew.yaml new file mode 100644 index 0000000..a198799 --- /dev/null +++ b/weapons/anew.yaml @@ -0,0 +1,15 @@ +--- +name: anew +description: A tool for adding new lines to files, skipping duplicates +urls: +- https://github.com/tomnomnom/anew) +- https://img.shields.io/github/stars/tomnomnom/anew) +- https://img.shields.io/github/languages/top/tomnomnom/anew) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/apkleaks.yaml b/weapons/apkleaks.yaml new file mode 100644 index 0000000..0320d59 --- /dev/null +++ b/weapons/apkleaks.yaml @@ -0,0 +1,15 @@ +--- +name: apkleaks +description: 'Scanning APK file for URIs, endpoints & secrets. ' +urls: +- https://github.com/dwisiswant0/apkleaks) +- https://img.shields.io/github/stars/dwisiswant0/apkleaks) +- https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/aquatone.yaml b/weapons/aquatone.yaml new file mode 100644 index 0000000..e6a5924 --- /dev/null +++ b/weapons/aquatone.yaml @@ -0,0 +1,15 @@ +--- +name: aquatone +description: 'A Tool for Domain Flyovers ' +urls: +- https://github.com/michenriksen/aquatone) +- https://img.shields.io/github/stars/michenriksen/aquatone) +- https://img.shields.io/github/languages/top/michenriksen/aquatone) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/arachni.yaml b/weapons/arachni.yaml new file mode 100644 index 0000000..94f0597 --- /dev/null +++ b/weapons/arachni.yaml @@ -0,0 +1,14 @@ +--- +name: arachni +description: 'Web Application Security Scanner Framework ' +urls: +- https://github.com/Arachni/arachni) +- https://img.shields.io/github/stars/Arachni/arachni) +- https://img.shields.io/github/languages/top/Arachni/arachni) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/assetfinder.yaml b/weapons/assetfinder.yaml new file mode 100644 index 0000000..11563dd --- /dev/null +++ b/weapons/assetfinder.yaml @@ -0,0 +1,15 @@ +--- +name: assetfinder +description: 'Find domains and subdomains related to a given domain ' +urls: +- https://github.com/tomnomnom/assetfinder) +- https://img.shields.io/github/stars/tomnomnom/assetfinder) +- https://img.shields.io/github/languages/top/tomnomnom/assetfinder) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/attack-surface-detector-zap.yaml b/weapons/attack-surface-detector-zap.yaml new file mode 100644 index 0000000..a4cd5fe --- /dev/null +++ b/weapons/attack-surface-detector-zap.yaml @@ -0,0 +1,13 @@ +--- +name: attack-surface-detector-zap +description: +urls: +- https://github.com/secdec/attack-surface-detector-zap) +- https://img.shields.io/github/stars/secdec/attack-surface-detector-zap) +- https://img.shields.io/github/languages/top/secdec/attack-surface-detector-zap) +category: tool-addon +types: [] +platform: +- zap +lang: [] +tags: [] diff --git a/weapons/auto-repeater.yaml b/weapons/auto-repeater.yaml new file mode 100644 index 0000000..0184349 --- /dev/null +++ b/weapons/auto-repeater.yaml @@ -0,0 +1,13 @@ +--- +name: auto-repeater +description: +urls: +- https://github.com/PortSwigger/auto-repeater) +- https://img.shields.io/github/stars/PortSwigger/auto-repeater) +- https://img.shields.io/github/languages/top/PortSwigger/auto-repeater) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/autochrome.yaml b/weapons/autochrome.yaml new file mode 100644 index 0000000..9dd3286 --- /dev/null +++ b/weapons/autochrome.yaml @@ -0,0 +1,12 @@ +--- +name: autochrome +description: This tool downloads, installs, and configures a shiny new copy of Chromium. +urls: +- https://github.com/nccgroup/autochrome) +- https://img.shields.io/github/stars/nccgroup/autochrome) +- https://img.shields.io/github/languages/top/nccgroup/autochrome) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/axiom.yaml b/weapons/axiom.yaml new file mode 100644 index 0000000..4674c77 --- /dev/null +++ b/weapons/axiom.yaml @@ -0,0 +1,14 @@ +--- +name: axiom +description: 'A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ' +urls: +- https://github.com/pry0cc/axiom) +- https://img.shields.io/github/stars/pry0cc/axiom) +- https://img.shields.io/github/languages/top/pry0cc/axiom) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/bat.yaml b/weapons/bat.yaml new file mode 100644 index 0000000..63a2aa9 --- /dev/null +++ b/weapons/bat.yaml @@ -0,0 +1,12 @@ +--- +name: bat +description: A cat(1) clone with wings. +urls: +- https://github.com/sharkdp/bat) +- https://img.shields.io/github/stars/sharkdp/bat) +- https://img.shields.io/github/languages/top/sharkdp/bat) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/boast.yaml b/weapons/boast.yaml new file mode 100644 index 0000000..88050c6 --- /dev/null +++ b/weapons/boast.yaml @@ -0,0 +1,12 @@ +--- +name: boast +description: The BOAST Outpost for AppSec Testing (v0.1.0) +urls: +- https://github.com/marcoagner/boast) +- https://img.shields.io/github/stars/marcoagner/boast) +- https://img.shields.io/github/languages/top/marcoagner/boast) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/bountyplz.yaml b/weapons/bountyplz.yaml new file mode 100644 index 0000000..33d10d2 --- /dev/null +++ b/weapons/bountyplz.yaml @@ -0,0 +1,14 @@ +--- +name: bountyplz +description: 'Automated security reporting from markdown templates (HackerOne and + Bugcrowd are currently the platforms supported) ' +urls: +- https://github.com/fransr/bountyplz) +- https://img.shields.io/github/stars/fransr/bountyplz) +- https://img.shields.io/github/languages/top/fransr/bountyplz) +category: tool +types: [] +platform: +- macos +lang: [] +tags: [] diff --git a/weapons/burl.yaml b/weapons/burl.yaml new file mode 100644 index 0000000..c22b133 --- /dev/null +++ b/weapons/burl.yaml @@ -0,0 +1,15 @@ +--- +name: burl +description: 'A Broken-URL Checker ' +urls: +- https://github.com/tomnomnom/burl) +- https://img.shields.io/github/stars/tomnomnom/burl) +- https://img.shields.io/github/languages/top/tomnomnom/burl) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/burp-exporter.yaml b/weapons/burp-exporter.yaml new file mode 100644 index 0000000..f68c5a2 --- /dev/null +++ b/weapons/burp-exporter.yaml @@ -0,0 +1,13 @@ +--- +name: burp-exporter +description: +urls: +- https://github.com/artssec/burp-exporter) +- https://img.shields.io/github/stars/artssec/burp-exporter) +- https://img.shields.io/github/languages/top/artssec/burp-exporter) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/burp-piper.yaml b/weapons/burp-piper.yaml new file mode 100644 index 0000000..f708066 --- /dev/null +++ b/weapons/burp-piper.yaml @@ -0,0 +1,13 @@ +--- +name: burp-piper +description: +urls: +- https://github.com/silentsignal/burp-piper) +- https://img.shields.io/github/stars/silentsignal/burp-piper) +- https://img.shields.io/github/languages/top/silentsignal/burp-piper) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/burp-retire-js.yaml b/weapons/burp-retire-js.yaml new file mode 100644 index 0000000..aca1928 --- /dev/null +++ b/weapons/burp-retire-js.yaml @@ -0,0 +1,14 @@ +--- +name: burp-retire-js +description: +urls: +- https://github.com/h3xstream/burp-retire-js) +- https://img.shields.io/github/stars/h3xstream/burp-retire-js) +- https://img.shields.io/github/languages/top/h3xstream/burp-retire-js) +category: tool-addon +types: [] +platform: +- burpsuite +- zap +lang: [] +tags: [] diff --git a/weapons/burp-send-to.yaml b/weapons/burp-send-to.yaml new file mode 100644 index 0000000..344396a --- /dev/null +++ b/weapons/burp-send-to.yaml @@ -0,0 +1,13 @@ +--- +name: burp-send-to +description: +urls: +- https://github.com/bytebutcher/burp-send-to) +- https://img.shields.io/github/stars/bytebutcher/burp-send-to) +- https://img.shields.io/github/languages/top/bytebutcher/burp-send-to) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/c-jwt-cracker.yaml b/weapons/c-jwt-cracker.yaml new file mode 100644 index 0000000..e18676c --- /dev/null +++ b/weapons/c-jwt-cracker.yaml @@ -0,0 +1,15 @@ +--- +name: c-jwt-cracker +description: 'JWT brute force cracker written in C ' +urls: +- https://github.com/brendan-rius/c-jwt-cracker) +- https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker) +- https://img.shields.io/github/languages/top/brendan-rius/c-jwt-cracker) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/can-i-take-over-xyz.yaml b/weapons/can-i-take-over-xyz.yaml new file mode 100644 index 0000000..1b742f9 --- /dev/null +++ b/weapons/can-i-take-over-xyz.yaml @@ -0,0 +1,13 @@ +--- +name: can-i-take-over-xyz +description: '"Can I take over XYZ?" — a list of services and how to claim (sub)domains + with dangling DNS records.' +urls: +- https://github.com/EdOverflow/can-i-take-over-xyz) +- https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz) +- https://img.shields.io/github/languages/top/EdOverflow/can-i-take-over-xyz) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/cariddi.yaml b/weapons/cariddi.yaml new file mode 100644 index 0000000..402cae9 --- /dev/null +++ b/weapons/cariddi.yaml @@ -0,0 +1,13 @@ +--- +name: cariddi +description: Take a list of domains and scan for endpoints, secrets, api keys, file + extensions, tokens and more... +urls: +- https://github.com/edoardottt/cariddi) +- https://img.shields.io/github/stars/edoardottt/cariddi) +- https://img.shields.io/github/languages/top/edoardottt/cariddi) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/cc.py.yaml b/weapons/cc.py.yaml new file mode 100644 index 0000000..4c25d86 --- /dev/null +++ b/weapons/cc.py.yaml @@ -0,0 +1,15 @@ +--- +name: cc.py +description: 'Extracting URLs of a specific target based on the results of "commoncrawl.org" ' +urls: +- https://github.com/si9int/cc.py) +- https://img.shields.io/github/stars/si9int/cc.py) +- https://img.shields.io/github/languages/top/si9int/cc.py) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/cf-check.yaml b/weapons/cf-check.yaml new file mode 100644 index 0000000..e423d6c --- /dev/null +++ b/weapons/cf-check.yaml @@ -0,0 +1,15 @@ +--- +name: cf-check +description: 'Cloudflare Checker written in Go ' +urls: +- https://github.com/dwisiswant0/cf-check) +- https://img.shields.io/github/stars/dwisiswant0/cf-check) +- https://img.shields.io/github/languages/top/dwisiswant0/cf-check) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/chaos-client.yaml b/weapons/chaos-client.yaml new file mode 100644 index 0000000..9c4ac40 --- /dev/null +++ b/weapons/chaos-client.yaml @@ -0,0 +1,15 @@ +--- +name: chaos-client +description: 'Go client to communicate with Chaos DNS API. ' +urls: +- https://github.com/projectdiscovery/chaos-client) +- https://img.shields.io/github/stars/projectdiscovery/chaos-client) +- https://img.shields.io/github/languages/top/projectdiscovery/chaos-client) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/clear-cache.yaml b/weapons/clear-cache.yaml new file mode 100644 index 0000000..7794f57 --- /dev/null +++ b/weapons/clear-cache.yaml @@ -0,0 +1,13 @@ +--- +name: clear-cache +description: Add-on to clear browser cache with a single click or via the F9 key. +urls: +- https://github.com/TenSoja/clear-cache) +- https://img.shields.io/github/stars/TenSoja/clear-cache) +- https://img.shields.io/github/languages/top/TenSoja/clear-cache) +category: browser-addon +types: [] +platform: +- firefox +lang: [] +tags: [] diff --git a/weapons/collaborator-everywhere.yaml b/weapons/collaborator-everywhere.yaml new file mode 100644 index 0000000..b786081 --- /dev/null +++ b/weapons/collaborator-everywhere.yaml @@ -0,0 +1,13 @@ +--- +name: collaborator-everywhere +description: +urls: +- https://github.com/PortSwigger/collaborator-everywhere) +- https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere) +- https://img.shields.io/github/languages/top/PortSwigger/collaborator-everywhere) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/commix.yaml b/weapons/commix.yaml new file mode 100644 index 0000000..43f3031 --- /dev/null +++ b/weapons/commix.yaml @@ -0,0 +1,12 @@ +--- +name: commix +description: Automated All-in-One OS Command Injection Exploitation Tool. +urls: +- https://github.com/commixproject/commix) +- https://img.shields.io/github/stars/commixproject/commix) +- https://img.shields.io/github/languages/top/commixproject/commix) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/community-scripts.yaml b/weapons/community-scripts.yaml new file mode 100644 index 0000000..45efea1 --- /dev/null +++ b/weapons/community-scripts.yaml @@ -0,0 +1,13 @@ +--- +name: community-scripts +description: +urls: +- https://github.com/zaproxy/community-scripts) +- https://img.shields.io/github/stars/zaproxy/community-scripts) +- https://img.shields.io/github/languages/top/zaproxy/community-scripts) +category: tool-addon +types: [] +platform: +- zap +lang: [] +tags: [] diff --git a/weapons/confused.yaml b/weapons/confused.yaml new file mode 100644 index 0000000..dbb4855 --- /dev/null +++ b/weapons/confused.yaml @@ -0,0 +1,13 @@ +--- +name: confused +description: Tool to check for dependency confusion vulnerabilities in multiple package + management systems +urls: +- https://github.com/visma-prodsec/confused) +- https://img.shields.io/github/stars/visma-prodsec/confused) +- https://img.shields.io/github/languages/top/visma-prodsec/confused) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/cookie-quick-manager.yaml b/weapons/cookie-quick-manager.yaml new file mode 100644 index 0000000..26bab7f --- /dev/null +++ b/weapons/cookie-quick-manager.yaml @@ -0,0 +1,14 @@ +--- +name: cookie-quick-manager +description: An addon to manage (view, search, create, edit, remove, backup, restore) + cookies on Firefox. +urls: +- https://github.com/ysard/cookie-quick-manager) +- https://img.shields.io/github/stars/ysard/cookie-quick-manager) +- https://img.shields.io/github/languages/top/ysard/cookie-quick-manager) +category: browser-addon +types: [] +platform: +- firefox +lang: [] +tags: [] diff --git a/weapons/corsair_scan.yaml b/weapons/corsair_scan.yaml new file mode 100644 index 0000000..25f6c43 --- /dev/null +++ b/weapons/corsair_scan.yaml @@ -0,0 +1,13 @@ +--- +name: corsair_scan +description: Corsair_scan is a security tool to test Cross-Origin Resource Sharing + (CORS). +urls: +- https://github.com/Santandersecurityresearch/corsair_scan) +- https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan) +- https://img.shields.io/github/languages/top/Santandersecurityresearch/corsair_scan) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/crawlergo.yaml b/weapons/crawlergo.yaml new file mode 100644 index 0000000..b741110 --- /dev/null +++ b/weapons/crawlergo.yaml @@ -0,0 +1,12 @@ +--- +name: crawlergo +description: A powerful browser crawler for web vulnerability scanners +urls: +- https://github.com/Qianlitp/crawlergo) +- https://img.shields.io/github/stars/Qianlitp/crawlergo) +- https://img.shields.io/github/languages/top/Qianlitp/crawlergo) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/crlfuzz.yaml b/weapons/crlfuzz.yaml new file mode 100644 index 0000000..a6a2b22 --- /dev/null +++ b/weapons/crlfuzz.yaml @@ -0,0 +1,15 @@ +--- +name: crlfuzz +description: 'A fast tool to scan CRLF vulnerability written in Go ' +urls: +- https://github.com/dwisiswant0/crlfuzz) +- https://img.shields.io/github/stars/dwisiswant0/crlfuzz) +- https://img.shields.io/github/languages/top/dwisiswant0/crlfuzz) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/csp-auditor.yaml b/weapons/csp-auditor.yaml new file mode 100644 index 0000000..adfaafa --- /dev/null +++ b/weapons/csp-auditor.yaml @@ -0,0 +1,14 @@ +--- +name: csp-auditor +description: +urls: +- https://github.com/GoSecure/csp-auditor) +- https://img.shields.io/github/stars/GoSecure/csp-auditor) +- https://img.shields.io/github/languages/top/GoSecure/csp-auditor) +category: tool-addon +types: [] +platform: +- burpsuite +- zap +lang: [] +tags: [] diff --git a/weapons/curl.yaml b/weapons/curl.yaml new file mode 100644 index 0000000..4eee758 --- /dev/null +++ b/weapons/curl.yaml @@ -0,0 +1,15 @@ +--- +name: curl +description: A command line tool and library for transferring data with URL syntax, + supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, + LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful + features +urls: +- https://github.com/curl/curl) +- https://img.shields.io/github/stars/curl/curl) +- https://img.shields.io/github/languages/top/curl/curl) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/dalfox.yaml b/weapons/dalfox.yaml new file mode 100644 index 0000000..53614c8 --- /dev/null +++ b/weapons/dalfox.yaml @@ -0,0 +1,16 @@ +--- +name: dalfox +description: "\U0001F318\U0001F98A DalFox(Finder Of XSS) / Parameter Analysis and + XSS Scanning tool based on golang " +urls: +- https://github.com/hahwul/dalfox) +- https://img.shields.io/github/stars/hahwul/dalfox) +- https://img.shields.io/github/languages/top/hahwul/dalfox) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/dirsearch.yaml b/weapons/dirsearch.yaml new file mode 100644 index 0000000..71a9a68 --- /dev/null +++ b/weapons/dirsearch.yaml @@ -0,0 +1,15 @@ +--- +name: dirsearch +description: 'Web path scanner ' +urls: +- https://github.com/maurosoria/dirsearch) +- https://img.shields.io/github/stars/maurosoria/dirsearch) +- https://img.shields.io/github/languages/top/maurosoria/dirsearch) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/ditto.yaml b/weapons/ditto.yaml new file mode 100644 index 0000000..162ecd0 --- /dev/null +++ b/weapons/ditto.yaml @@ -0,0 +1,12 @@ +--- +name: ditto +description: A tool for IDN homograph attacks and detection. +urls: +- https://github.com/evilsocket/ditto) +- https://img.shields.io/github/stars/evilsocket/ditto) +- https://img.shields.io/github/languages/top/evilsocket/ditto) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/dmut.yaml b/weapons/dmut.yaml new file mode 100644 index 0000000..273781a --- /dev/null +++ b/weapons/dmut.yaml @@ -0,0 +1,13 @@ +--- +name: dmut +description: A tool to perform permutations, mutations and alteration of subdomains + in golang. +urls: +- https://github.com/bp0lr/dmut) +- https://img.shields.io/github/stars/bp0lr/dmut) +- https://img.shields.io/github/languages/top/bp0lr/dmut) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/dnsobserver.yaml b/weapons/dnsobserver.yaml new file mode 100644 index 0000000..e733027 --- /dev/null +++ b/weapons/dnsobserver.yaml @@ -0,0 +1,14 @@ +--- +name: dnsobserver +description: 'A handy DNS service written in Go to aid in the detection of several + types of blind vulnerabilities. It monitors a pentester''s server for out-of-band + DNS interactions and sends lookup notifications via Slack. ' +urls: +- https://github.com/allyomalley/dnsobserver) +- https://img.shields.io/github/stars/allyomalley/dnsobserver) +- https://img.shields.io/github/languages/top/allyomalley/dnsobserver) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/dnsprobe.yaml b/weapons/dnsprobe.yaml new file mode 100644 index 0000000..ae6bd05 --- /dev/null +++ b/weapons/dnsprobe.yaml @@ -0,0 +1,16 @@ +--- +name: dnsprobe +description: 'DNSProb (beta) is a tool built on top of retryabledns that allows you + to perform multiple dns queries of your choice with a list of user supplied resolvers. ' +urls: +- https://github.com/projectdiscovery/dnsprobe) +- https://img.shields.io/github/stars/projectdiscovery/dnsprobe) +- https://img.shields.io/github/languages/top/projectdiscovery/dnsprobe) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/dnsvalidator.yaml b/weapons/dnsvalidator.yaml new file mode 100644 index 0000000..df489b8 --- /dev/null +++ b/weapons/dnsvalidator.yaml @@ -0,0 +1,13 @@ +--- +name: dnsvalidator +description: Maintains a list of IPv4 DNS servers by verifying them against baseline + servers, and ensuring accurate responses. +urls: +- https://github.com/vortexau/dnsvalidator) +- https://img.shields.io/github/stars/vortexau/dnsvalidator) +- https://img.shields.io/github/languages/top/vortexau/dnsvalidator) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/dnsx.yaml b/weapons/dnsx.yaml new file mode 100644 index 0000000..5011348 --- /dev/null +++ b/weapons/dnsx.yaml @@ -0,0 +1,13 @@ +--- +name: dnsx +description: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS + queries of your choice with a list of user-supplied resolvers. +urls: +- https://github.com/projectdiscovery/dnsx) +- https://img.shields.io/github/stars/projectdiscovery/dnsx) +- https://img.shields.io/github/languages/top/projectdiscovery/dnsx) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/docem.yaml b/weapons/docem.yaml new file mode 100644 index 0000000..19eba25 --- /dev/null +++ b/weapons/docem.yaml @@ -0,0 +1,13 @@ +--- +name: docem +description: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on + steroids) +urls: +- https://github.com/whitel1st/docem) +- https://img.shields.io/github/stars/whitel1st/docem) +- https://img.shields.io/github/languages/top/whitel1st/docem) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/domdig.yaml b/weapons/domdig.yaml new file mode 100644 index 0000000..01b47cc --- /dev/null +++ b/weapons/domdig.yaml @@ -0,0 +1,15 @@ +--- +name: domdig +description: 'DOM XSS scanner for Single Page Applications ' +urls: +- https://github.com/fcavallarin/domdig) +- https://img.shields.io/github/stars/fcavallarin/domdig) +- https://img.shields.io/github/languages/top/fcavallarin/domdig) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/dontgo403.yaml b/weapons/dontgo403.yaml new file mode 100644 index 0000000..b308746 --- /dev/null +++ b/weapons/dontgo403.yaml @@ -0,0 +1,12 @@ +--- +name: dontgo403 +description: Tool to bypass 40X response codes. +urls: +- https://github.com/devploit/dontgo403) +- https://img.shields.io/github/stars/devploit/dontgo403) +- https://img.shields.io/github/languages/top/devploit/dontgo403) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/dotdotpwn.yaml b/weapons/dotdotpwn.yaml new file mode 100644 index 0000000..8a79181 --- /dev/null +++ b/weapons/dotdotpwn.yaml @@ -0,0 +1,15 @@ +--- +name: dotdotpwn +description: 'DotDotPwn - The Directory Traversal Fuzzer ' +urls: +- https://github.com/wireghoul/dotdotpwn) +- https://img.shields.io/github/stars/wireghoul/dotdotpwn) +- https://img.shields.io/github/languages/top/wireghoul/dotdotpwn) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/eval_villain.yaml b/weapons/eval_villain.yaml new file mode 100644 index 0000000..e7976a5 --- /dev/null +++ b/weapons/eval_villain.yaml @@ -0,0 +1,13 @@ +--- +name: eval_villain +description: A Firefox Web Extension to improve the discovery of DOM XSS. +urls: +- https://github.com/swoops/eval_villain) +- https://img.shields.io/github/stars/swoops/eval_villain) +- https://img.shields.io/github/languages/top/swoops/eval_villain) +category: browser-addon +types: [] +platform: +- firefox +lang: [] +tags: [] diff --git a/weapons/ezXSS.yaml b/weapons/ezXSS.yaml new file mode 100644 index 0000000..e8daaae --- /dev/null +++ b/weapons/ezXSS.yaml @@ -0,0 +1,16 @@ +--- +name: ezXSS +description: 'ezXSS is an easy way for penetration testers and bug bounty hunters + to test (blind) Cross Site Scripting. ' +urls: +- https://github.com/ssl/ezXSS) +- https://img.shields.io/github/stars/ssl/ezXSS) +- https://img.shields.io/github/languages/top/ssl/ezXSS) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/femida.yaml b/weapons/femida.yaml new file mode 100644 index 0000000..18cceeb --- /dev/null +++ b/weapons/femida.yaml @@ -0,0 +1,13 @@ +--- +name: femida +description: +urls: +- https://github.com/wish-i-was/femida) +- https://img.shields.io/github/stars/wish-i-was/femida) +- https://img.shields.io/github/languages/top/wish-i-was/femida) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/feroxbuster.yaml b/weapons/feroxbuster.yaml new file mode 100644 index 0000000..05d6ffa --- /dev/null +++ b/weapons/feroxbuster.yaml @@ -0,0 +1,12 @@ +--- +name: feroxbuster +description: A fast, simple, recursive content discovery tool written in Rust. +urls: +- https://github.com/epi052/feroxbuster) +- https://img.shields.io/github/stars/epi052/feroxbuster) +- https://img.shields.io/github/languages/top/epi052/feroxbuster) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/ffuf.yaml b/weapons/ffuf.yaml new file mode 100644 index 0000000..b906005 --- /dev/null +++ b/weapons/ffuf.yaml @@ -0,0 +1,15 @@ +--- +name: ffuf +description: 'Fast web fuzzer written in Go ' +urls: +- https://github.com/ffuf/ffuf) +- https://img.shields.io/github/stars/ffuf/ffuf) +- https://img.shields.io/github/languages/top/ffuf/ffuf) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/fhc.yaml b/weapons/fhc.yaml new file mode 100644 index 0000000..298915c --- /dev/null +++ b/weapons/fhc.yaml @@ -0,0 +1,12 @@ +--- +name: fhc +description: Fast HTTP Checker. +urls: +- https://github.com/Edu4rdSHL/fhc) +- https://img.shields.io/github/stars/Edu4rdSHL/fhc) +- https://img.shields.io/github/languages/top/Edu4rdSHL/fhc) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/findom-xss.yaml b/weapons/findom-xss.yaml new file mode 100644 index 0000000..50d5854 --- /dev/null +++ b/weapons/findom-xss.yaml @@ -0,0 +1,15 @@ +--- +name: findom-xss +description: 'A fast DOM based XSS vulnerability scanner with simplicity. ' +urls: +- https://github.com/dwisiswant0/findom-xss) +- https://img.shields.io/github/stars/dwisiswant0/findom-xss) +- https://img.shields.io/github/languages/top/dwisiswant0/findom-xss) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/findomain.yaml b/weapons/findomain.yaml new file mode 100644 index 0000000..b42df81 --- /dev/null +++ b/weapons/findomain.yaml @@ -0,0 +1,16 @@ +--- +name: findomain +description: 'The fastest and cross-platform subdomain enumerator, do not waste your + time. ' +urls: +- https://github.com/Edu4rdSHL/findomain) +- https://img.shields.io/github/stars/Edu4rdSHL/findomain) +- https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/fockcache.yaml b/weapons/fockcache.yaml new file mode 100644 index 0000000..2e70a5c --- /dev/null +++ b/weapons/fockcache.yaml @@ -0,0 +1,12 @@ +--- +name: fockcache +description: FockCache - Minimalized Test Cache Poisoning +urls: +- https://github.com/tismayil/fockcache) +- https://img.shields.io/github/stars/tismayil/fockcache) +- https://img.shields.io/github/languages/top/tismayil/fockcache) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/fuzzparam.yaml b/weapons/fuzzparam.yaml new file mode 100644 index 0000000..d50bf2c --- /dev/null +++ b/weapons/fuzzparam.yaml @@ -0,0 +1,12 @@ +--- +name: fuzzparam +description: A fast go based param miner to fuzz possible parameters a URL can have. +urls: +- https://github.com/0xsapra/fuzzparam) +- https://img.shields.io/github/stars/0xsapra/fuzzparam) +- https://img.shields.io/github/languages/top/0xsapra/fuzzparam) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/fzf.yaml b/weapons/fzf.yaml new file mode 100644 index 0000000..de9de4f --- /dev/null +++ b/weapons/fzf.yaml @@ -0,0 +1,15 @@ +--- +name: fzf +description: A command-line fuzzy finder +urls: +- https://github.com/junegunn/fzf) +- https://img.shields.io/github/stars/junegunn/fzf) +- https://img.shields.io/github/languages/top/junegunn/fzf) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/gau.yaml b/weapons/gau.yaml new file mode 100644 index 0000000..9f1b784 --- /dev/null +++ b/weapons/gau.yaml @@ -0,0 +1,16 @@ +--- +name: gau +description: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback + Machine, and Common Crawl. +urls: +- https://github.com/lc/gau) +- https://img.shields.io/github/stars/lc/gau) +- https://img.shields.io/github/languages/top/lc/gau) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/gauplus.yaml b/weapons/gauplus.yaml new file mode 100644 index 0000000..5cabbde --- /dev/null +++ b/weapons/gauplus.yaml @@ -0,0 +1,13 @@ +--- +name: gauplus +description: A modified version of gau for personal usage. Support workers, proxies + and some extra things. +urls: +- https://github.com/bp0lr/gauplus) +- https://img.shields.io/github/stars/bp0lr/gauplus) +- https://img.shields.io/github/languages/top/bp0lr/gauplus) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gee.yaml b/weapons/gee.yaml new file mode 100644 index 0000000..640a49e --- /dev/null +++ b/weapons/gee.yaml @@ -0,0 +1,14 @@ +--- +name: gee +description: "\U0001F3F5 Gee is tool of stdin to each files and stdout. It is similar + to the tee command, but there are more functions for convenience. In addition, it + was written as go" +urls: +- https://github.com/hahwul/gee) +- https://img.shields.io/github/stars/hahwul/gee) +- https://img.shields.io/github/languages/top/hahwul/gee) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/getJS.yaml b/weapons/getJS.yaml new file mode 100644 index 0000000..955b18f --- /dev/null +++ b/weapons/getJS.yaml @@ -0,0 +1,12 @@ +--- +name: getJS +description: A tool to fastly get all javascript sources/files +urls: +- https://github.com/003random/getJS) +- https://img.shields.io/github/stars/003random/getJS) +- https://img.shields.io/github/languages/top/003random/getJS) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gf.yaml b/weapons/gf.yaml new file mode 100644 index 0000000..0d1712d --- /dev/null +++ b/weapons/gf.yaml @@ -0,0 +1,15 @@ +--- +name: gf +description: 'A wrapper around grep, to help you grep for things ' +urls: +- https://github.com/tomnomnom/gf) +- https://img.shields.io/github/stars/tomnomnom/gf) +- https://img.shields.io/github/languages/top/tomnomnom/gf) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/gitGraber.yaml b/weapons/gitGraber.yaml new file mode 100644 index 0000000..b07c02a --- /dev/null +++ b/weapons/gitGraber.yaml @@ -0,0 +1,15 @@ +--- +name: gitGraber +description: 'gitGraber ' +urls: +- https://github.com/hisxo/gitGraber) +- https://img.shields.io/github/stars/hisxo/gitGraber) +- https://img.shields.io/github/languages/top/hisxo/gitGraber) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/github-endpoints.yaml b/weapons/github-endpoints.yaml new file mode 100644 index 0000000..7f71d7d --- /dev/null +++ b/weapons/github-endpoints.yaml @@ -0,0 +1,12 @@ +--- +name: github-endpoints +description: Find endpoints on GitHub. +urls: +- https://github.com/gwen001/github-endpoints) +- https://img.shields.io/github/stars/gwen001/github-endpoints) +- https://img.shields.io/github/languages/top/gwen001/github-endpoints) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/github-regexp.yaml b/weapons/github-regexp.yaml new file mode 100644 index 0000000..9bf90a3 --- /dev/null +++ b/weapons/github-regexp.yaml @@ -0,0 +1,12 @@ +--- +name: github-regexp +description: Basically a regexp over a GitHub search. +urls: +- https://github.com/gwen001/github-regexp) +- https://img.shields.io/github/stars/gwen001/github-regexp) +- https://img.shields.io/github/languages/top/gwen001/github-regexp) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/github-search.yaml b/weapons/github-search.yaml new file mode 100644 index 0000000..e7571ca --- /dev/null +++ b/weapons/github-search.yaml @@ -0,0 +1,15 @@ +--- +name: github-search +description: 'Tools to perform basic search on GitHub. ' +urls: +- https://github.com/gwen001/github-search) +- https://img.shields.io/github/stars/gwen001/github-search) +- https://img.shields.io/github/languages/top/gwen001/github-search) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/github-subdomains.yaml b/weapons/github-subdomains.yaml new file mode 100644 index 0000000..522fef8 --- /dev/null +++ b/weapons/github-subdomains.yaml @@ -0,0 +1,12 @@ +--- +name: github-subdomains +description: Find subdomains on GitHub +urls: +- https://github.com/gwen001/github-subdomains) +- https://img.shields.io/github/stars/gwen001/github-subdomains) +- https://img.shields.io/github/languages/top/gwen001/github-subdomains) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gitleaks.yaml b/weapons/gitleaks.yaml new file mode 100644 index 0000000..c84c827 --- /dev/null +++ b/weapons/gitleaks.yaml @@ -0,0 +1,12 @@ +--- +name: gitleaks +description: "Scan git repos (or files) for secrets using regex and entropy \U0001F511" +urls: +- https://github.com/zricethezav/gitleaks) +- https://img.shields.io/github/stars/zricethezav/gitleaks) +- https://img.shields.io/github/languages/top/zricethezav/gitleaks) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gitls.yaml b/weapons/gitls.yaml new file mode 100644 index 0000000..18b7bfe --- /dev/null +++ b/weapons/gitls.yaml @@ -0,0 +1,12 @@ +--- +name: gitls +description: Listing git repository from URL/User/Org +urls: +- https://github.com/hahwul/gitls) +- https://img.shields.io/github/stars/hahwul/gitls) +- https://img.shields.io/github/languages/top/hahwul/gitls) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gitrob.yaml b/weapons/gitrob.yaml new file mode 100644 index 0000000..2559a88 --- /dev/null +++ b/weapons/gitrob.yaml @@ -0,0 +1,15 @@ +--- +name: gitrob +description: 'Reconnaissance tool for GitHub organizations ' +urls: +- https://github.com/michenriksen/gitrob) +- https://img.shields.io/github/stars/michenriksen/gitrob) +- https://img.shields.io/github/languages/top/michenriksen/gitrob) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/go-dork.yaml b/weapons/go-dork.yaml new file mode 100644 index 0000000..8328da0 --- /dev/null +++ b/weapons/go-dork.yaml @@ -0,0 +1,15 @@ +--- +name: go-dork +description: 'The fastest dork scanner written in Go. ' +urls: +- https://github.com/dwisiswant0/go-dork) +- https://img.shields.io/github/stars/dwisiswant0/go-dork) +- https://img.shields.io/github/languages/top/dwisiswant0/go-dork) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/gobuster.yaml b/weapons/gobuster.yaml new file mode 100644 index 0000000..79f2d8c --- /dev/null +++ b/weapons/gobuster.yaml @@ -0,0 +1,15 @@ +--- +name: gobuster +description: 'Directory/File, DNS and VHost busting tool written in Go ' +urls: +- https://github.com/OJ/gobuster) +- https://img.shields.io/github/stars/OJ/gobuster) +- https://img.shields.io/github/languages/top/OJ/gobuster) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/gospider.yaml b/weapons/gospider.yaml new file mode 100644 index 0000000..c324c3e --- /dev/null +++ b/weapons/gospider.yaml @@ -0,0 +1,15 @@ +--- +name: gospider +description: 'Gospider - Fast web spider written in Go ' +urls: +- https://github.com/jaeles-project/gospider) +- https://img.shields.io/github/stars/jaeles-project/gospider) +- https://img.shields.io/github/languages/top/jaeles-project/gospider) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/gotator.yaml b/weapons/gotator.yaml new file mode 100644 index 0000000..069511f --- /dev/null +++ b/weapons/gotator.yaml @@ -0,0 +1,12 @@ +--- +name: gotator +description: Gotator is a tool to generate DNS wordlists through permutations. +urls: +- https://github.com/Josue87/gotator) +- https://img.shields.io/github/stars/Josue87/gotator) +- https://img.shields.io/github/languages/top/Josue87/gotator) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gotestwaf.yaml b/weapons/gotestwaf.yaml new file mode 100644 index 0000000..0ce8d2d --- /dev/null +++ b/weapons/gotestwaf.yaml @@ -0,0 +1,13 @@ +--- +name: gotestwaf +description: An open-source project in Golang to test different web application firewalls + (WAF) for detection logic and bypasses +urls: +- https://github.com/wallarm/gotestwaf) +- https://img.shields.io/github/stars/wallarm/gotestwaf) +- https://img.shields.io/github/languages/top/wallarm/gotestwaf) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gowitness.yaml b/weapons/gowitness.yaml new file mode 100644 index 0000000..61fa78a --- /dev/null +++ b/weapons/gowitness.yaml @@ -0,0 +1,16 @@ +--- +name: gowitness +description: "\U0001F50D gowitness - a golang, web screenshot utility using Chrome + Headless " +urls: +- https://github.com/sensepost/gowitness) +- https://img.shields.io/github/stars/sensepost/gowitness) +- https://img.shields.io/github/languages/top/sensepost/gowitness) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/graphql-voyager.yaml b/weapons/graphql-voyager.yaml new file mode 100644 index 0000000..1ae12f2 --- /dev/null +++ b/weapons/graphql-voyager.yaml @@ -0,0 +1,15 @@ +--- +name: graphql-voyager +description: "\U0001F6F0️ Represent any GraphQL API as an interactive graph " +urls: +- https://github.com/APIs-guru/graphql-voyager) +- https://img.shields.io/github/stars/APIs-guru/graphql-voyager) +- https://img.shields.io/github/languages/top/APIs-guru/graphql-voyager) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/grc.yaml b/weapons/grc.yaml new file mode 100644 index 0000000..2e4de8c --- /dev/null +++ b/weapons/grc.yaml @@ -0,0 +1,12 @@ +--- +name: grc +description: generic colouriser +urls: +- https://github.com/garabik/grc) +- https://img.shields.io/github/stars/garabik/grc) +- https://img.shields.io/github/languages/top/garabik/grc) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/grex.yaml b/weapons/grex.yaml new file mode 100644 index 0000000..27835a6 --- /dev/null +++ b/weapons/grex.yaml @@ -0,0 +1,13 @@ +--- +name: grex +description: A command-line tool and library for generating regular expressions from + user-provided test cases +urls: +- https://github.com/pemistahl/grex) +- https://img.shields.io/github/stars/pemistahl/grex) +- https://img.shields.io/github/languages/top/pemistahl/grex) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/gron.yaml b/weapons/gron.yaml new file mode 100644 index 0000000..ffb6136 --- /dev/null +++ b/weapons/gron.yaml @@ -0,0 +1,15 @@ +--- +name: gron +description: 'Make JSON greppable! ' +urls: +- https://github.com/tomnomnom/gron) +- https://img.shields.io/github/stars/tomnomnom/gron) +- https://img.shields.io/github/languages/top/tomnomnom/gron) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/h2csmuggler.yaml b/weapons/h2csmuggler.yaml new file mode 100644 index 0000000..cd3714c --- /dev/null +++ b/weapons/h2csmuggler.yaml @@ -0,0 +1,15 @@ +--- +name: h2csmuggler +description: HTTP Request Smuggling Detection Tool +urls: +- https://github.com/assetnote/h2csmuggler) +- https://img.shields.io/github/stars/assetnote/h2csmuggler) +- https://img.shields.io/github/languages/top/assetnote/h2csmuggler) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/hacks.yaml b/weapons/hacks.yaml new file mode 100644 index 0000000..f015781 --- /dev/null +++ b/weapons/hacks.yaml @@ -0,0 +1,15 @@ +--- +name: hacks +description: 'A collection of hacks and one-off scripts ' +urls: +- https://github.com/tomnomnom/hacks) +- https://img.shields.io/github/stars/tomnomnom/hacks) +- https://img.shields.io/github/languages/top/tomnomnom/hacks) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/hakcheckurl.yaml b/weapons/hakcheckurl.yaml new file mode 100644 index 0000000..80bf7c6 --- /dev/null +++ b/weapons/hakcheckurl.yaml @@ -0,0 +1,12 @@ +--- +name: hakcheckurl +description: Takes a list of URLs and returns their HTTP response codes +urls: +- https://github.com/hakluke/hakcheckurl) +- https://img.shields.io/github/stars/hakluke/hakcheckurl) +- https://img.shields.io/github/languages/top/hakluke/hakcheckurl) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/hakrawler.yaml b/weapons/hakrawler.yaml new file mode 100644 index 0000000..2185850 --- /dev/null +++ b/weapons/hakrawler.yaml @@ -0,0 +1,16 @@ +--- +name: hakrawler +description: 'Simple, fast web crawler designed for easy, quick discovery of endpoints + and assets within a web application ' +urls: +- https://github.com/hakluke/hakrawler) +- https://img.shields.io/github/stars/hakluke/hakrawler) +- https://img.shields.io/github/languages/top/hakluke/hakrawler) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/hakrevdns.yaml b/weapons/hakrevdns.yaml new file mode 100644 index 0000000..7964126 --- /dev/null +++ b/weapons/hakrevdns.yaml @@ -0,0 +1,15 @@ +--- +name: hakrevdns +description: 'Small, fast tool for performing reverse DNS lookups en masse. ' +urls: +- https://github.com/hakluke/hakrevdns) +- https://img.shields.io/github/stars/hakluke/hakrevdns) +- https://img.shields.io/github/languages/top/hakluke/hakrevdns) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/haktrails.yaml b/weapons/haktrails.yaml new file mode 100644 index 0000000..f441719 --- /dev/null +++ b/weapons/haktrails.yaml @@ -0,0 +1,12 @@ +--- +name: haktrails +description: Golang client for querying SecurityTrails API data +urls: +- https://github.com/hakluke/haktrails) +- https://img.shields.io/github/stars/hakluke/haktrails) +- https://img.shields.io/github/languages/top/hakluke/haktrails) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/hashcat.yaml b/weapons/hashcat.yaml new file mode 100644 index 0000000..de3a859 --- /dev/null +++ b/weapons/hashcat.yaml @@ -0,0 +1,12 @@ +--- +name: hashcat +description: 'World''s fastest and most advanced password recovery utility ' +urls: +- https://github.com/hashcat/hashcat/) +- https://img.shields.io/github/stars/hashcat/hashcat/) +- https://img.shields.io/github/languages/top/hashcat/hashcat/) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/headi.yaml b/weapons/headi.yaml new file mode 100644 index 0000000..c567b3e --- /dev/null +++ b/weapons/headi.yaml @@ -0,0 +1,12 @@ +--- +name: headi +description: Customisable and automated HTTP header injection +urls: +- https://github.com/mlcsec/headi) +- https://img.shields.io/github/stars/mlcsec/headi) +- https://img.shields.io/github/languages/top/mlcsec/headi) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/hetty.yaml b/weapons/hetty.yaml new file mode 100644 index 0000000..c589ccd --- /dev/null +++ b/weapons/hetty.yaml @@ -0,0 +1,17 @@ +--- +name: hetty +description: Hetty is an HTTP toolkit for security research. It aims to become an + open source alternative to commercial software like Burp Suite Pro, with powerful + features tailored to the needs of the infosec and bug bounty community. +urls: +- https://github.com/dstotijn/hetty) +- https://img.shields.io/github/stars/dstotijn/hetty) +- https://img.shields.io/github/languages/top/dstotijn/hetty) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/hinject.yaml b/weapons/hinject.yaml new file mode 100644 index 0000000..24eafe1 --- /dev/null +++ b/weapons/hinject.yaml @@ -0,0 +1,15 @@ +--- +name: hinject +description: 'Host Header Injection Checker ' +urls: +- https://github.com/dwisiswant0/hinject) +- https://img.shields.io/github/stars/dwisiswant0/hinject) +- https://img.shields.io/github/languages/top/dwisiswant0/hinject) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/htcat.yaml b/weapons/htcat.yaml new file mode 100644 index 0000000..12bb558 --- /dev/null +++ b/weapons/htcat.yaml @@ -0,0 +1,15 @@ +--- +name: htcat +description: 'Parallel and Pipelined HTTP GET Utility ' +urls: +- https://github.com/htcat/htcat) +- https://img.shields.io/github/stars/htcat/htcat) +- https://img.shields.io/github/languages/top/htcat/htcat) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/http-request-smuggler.yaml b/weapons/http-request-smuggler.yaml new file mode 100644 index 0000000..2b0e0eb --- /dev/null +++ b/weapons/http-request-smuggler.yaml @@ -0,0 +1,13 @@ +--- +name: http-request-smuggler +description: +urls: +- https://github.com/PortSwigger/http-request-smuggler) +- https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) +- https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/http-request-smuggling.yaml b/weapons/http-request-smuggling.yaml new file mode 100644 index 0000000..58dd1aa --- /dev/null +++ b/weapons/http-request-smuggling.yaml @@ -0,0 +1,12 @@ +--- +name: http-request-smuggling +description: HTTP Request Smuggling Detection Tool +urls: +- https://github.com/anshumanpattnaik/http-request-smuggling) +- https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling) +- https://img.shields.io/github/languages/top/anshumanpattnaik/http-request-smuggling) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/http-script-generator.yaml b/weapons/http-script-generator.yaml new file mode 100644 index 0000000..948870e --- /dev/null +++ b/weapons/http-script-generator.yaml @@ -0,0 +1,14 @@ +--- +name: http-script-generator +description: +urls: +- https://github.com/h3xstream/http-script-generator) +- https://img.shields.io/github/stars/h3xstream/http-script-generator) +- https://img.shields.io/github/languages/top/h3xstream/http-script-generator) +category: tool-addon +types: [] +platform: +- burpsuite +- zap +lang: [] +tags: [] diff --git a/weapons/http2smugl.yaml b/weapons/http2smugl.yaml new file mode 100644 index 0000000..13f0207 --- /dev/null +++ b/weapons/http2smugl.yaml @@ -0,0 +1,13 @@ +--- +name: http2smugl +description: This tool helps to detect and exploit HTTP request smuggling in cases + it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. +urls: +- https://github.com/neex/http2smugl) +- https://img.shields.io/github/stars/neex/http2smugl) +- https://img.shields.io/github/languages/top/neex/http2smugl) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/httpie.yaml b/weapons/httpie.yaml new file mode 100644 index 0000000..f2cac1c --- /dev/null +++ b/weapons/httpie.yaml @@ -0,0 +1,15 @@ +--- +name: httpie +description: "As easy as /aitch-tee-tee-pie/ \U0001F967 Modern, user-friendly command-line + HTTP client for the API era. JSON support, colors, sessions, downloads, plugins + & more. https://twitter.com/httpie" +urls: +- https://github.com/httpie/httpie) +- https://twitter.com/httpie +- https://img.shields.io/github/stars/httpie/httpie) +- https://img.shields.io/github/languages/top/httpie/httpie) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/httprobe.yaml b/weapons/httprobe.yaml new file mode 100644 index 0000000..e2fd2e5 --- /dev/null +++ b/weapons/httprobe.yaml @@ -0,0 +1,15 @@ +--- +name: httprobe +description: 'Take a list of domains and probe for working HTTP and HTTPS servers ' +urls: +- https://github.com/tomnomnom/httprobe) +- https://img.shields.io/github/stars/tomnomnom/httprobe) +- https://img.shields.io/github/languages/top/tomnomnom/httprobe) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/httptoolkit.yaml b/weapons/httptoolkit.yaml new file mode 100644 index 0000000..b1f29ca --- /dev/null +++ b/weapons/httptoolkit.yaml @@ -0,0 +1,13 @@ +--- +name: httptoolkit +description: HTTP Toolkit is a beautiful & open-source tool for debugging, testing + and building with HTTP(S) on Windows, Linux & Mac +urls: +- https://github.com/httptoolkit/httptoolkit) +- https://img.shields.io/github/stars/httptoolkit/httptoolkit) +- https://img.shields.io/github/languages/top/httptoolkit/httptoolkit) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/httpx.yaml b/weapons/httpx.yaml new file mode 100644 index 0000000..a6a0370 --- /dev/null +++ b/weapons/httpx.yaml @@ -0,0 +1,17 @@ +--- +name: httpx +description: 'httpx is a fast and multi-purpose HTTP toolkit allow to run multiple + probers using retryablehttp library, it is designed to maintain the result reliability + with increased threads. ' +urls: +- https://github.com/projectdiscovery/httpx) +- https://img.shields.io/github/stars/projectdiscovery/httpx) +- https://img.shields.io/github/languages/top/projectdiscovery/httpx) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/hurl.yaml b/weapons/hurl.yaml new file mode 100644 index 0000000..6e48be3 --- /dev/null +++ b/weapons/hurl.yaml @@ -0,0 +1,12 @@ +--- +name: hurl +description: Hurl, run and test HTTP requests. +urls: +- https://github.com/Orange-OpenSource/hurl) +- https://img.shields.io/github/stars/Orange-OpenSource/hurl) +- https://img.shields.io/github/languages/top/Orange-OpenSource/hurl) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/inql.yaml b/weapons/inql.yaml new file mode 100644 index 0000000..de41ea3 --- /dev/null +++ b/weapons/inql.yaml @@ -0,0 +1,13 @@ +--- +name: inql +description: +urls: +- https://github.com/doyensec/inql) +- https://img.shields.io/github/stars/doyensec/inql) +- https://img.shields.io/github/languages/top/doyensec/inql) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/interactsh.yaml b/weapons/interactsh.yaml new file mode 100644 index 0000000..fdc827f --- /dev/null +++ b/weapons/interactsh.yaml @@ -0,0 +1,12 @@ +--- +name: interactsh +description: An OOB interaction gathering server and client library +urls: +- https://github.com/projectdiscovery/interactsh) +- https://img.shields.io/github/stars/projectdiscovery/interactsh) +- https://img.shields.io/github/languages/top/projectdiscovery/interactsh) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/intrigue-core.yaml b/weapons/intrigue-core.yaml new file mode 100644 index 0000000..881a76e --- /dev/null +++ b/weapons/intrigue-core.yaml @@ -0,0 +1,15 @@ +--- +name: intrigue-core +description: 'Discover Your Attack Surface ' +urls: +- https://github.com/intrigueio/intrigue-core) +- https://img.shields.io/github/stars/intrigueio/intrigue-core) +- https://img.shields.io/github/languages/top/intrigueio/intrigue-core) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/jaeles.yaml b/weapons/jaeles.yaml new file mode 100644 index 0000000..cfff22b --- /dev/null +++ b/weapons/jaeles.yaml @@ -0,0 +1,15 @@ +--- +name: jaeles +description: 'The Swiss Army knife for automated Web Application Testing ' +urls: +- https://github.com/jaeles-project/jaeles) +- https://img.shields.io/github/stars/jaeles-project/jaeles) +- https://img.shields.io/github/languages/top/jaeles-project/jaeles) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/jsfuck.yaml b/weapons/jsfuck.yaml new file mode 100644 index 0000000..f775dd8 --- /dev/null +++ b/weapons/jsfuck.yaml @@ -0,0 +1,12 @@ +--- +name: jsfuck +description: Write any JavaScript with 6 Characters +urls: +- https://github.com/aemkei/jsfuck) +- https://img.shields.io/github/stars/aemkei/jsfuck) +- https://img.shields.io/github/languages/top/aemkei/jsfuck) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/jsonwebtoken.github.io.yaml b/weapons/jsonwebtoken.github.io.yaml new file mode 100644 index 0000000..fefcbaf --- /dev/null +++ b/weapons/jsonwebtoken.github.io.yaml @@ -0,0 +1,14 @@ +--- +name: jsonwebtoken.github.io +description: JWT En/Decode and Verify +urls: +- https://github.com/jsonwebtoken/jsonwebtoken.github.io) +- https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io) +- https://img.shields.io/github/languages/top/jsonwebtoken/jsonwebtoken.github.io) +category: browser-addon +types: [] +platform: +- chrome +- firefox +lang: [] +tags: [] diff --git a/weapons/jsprime.yaml b/weapons/jsprime.yaml new file mode 100644 index 0000000..823d0dc --- /dev/null +++ b/weapons/jsprime.yaml @@ -0,0 +1,12 @@ +--- +name: jsprime +description: a javascript static security analysis tool +urls: +- https://github.com/dpnishant/jsprime) +- https://img.shields.io/github/stars/dpnishant/jsprime) +- https://img.shields.io/github/languages/top/dpnishant/jsprime) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/jwt-cracker.yaml b/weapons/jwt-cracker.yaml new file mode 100644 index 0000000..639d1d3 --- /dev/null +++ b/weapons/jwt-cracker.yaml @@ -0,0 +1,15 @@ +--- +name: jwt-cracker +description: 'Simple HS256 JWT token brute force cracker ' +urls: +- https://github.com/lmammino/jwt-cracker) +- https://img.shields.io/github/stars/lmammino/jwt-cracker) +- https://img.shields.io/github/languages/top/lmammino/jwt-cracker) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/jwt-hack.yaml b/weapons/jwt-hack.yaml new file mode 100644 index 0000000..f816b01 --- /dev/null +++ b/weapons/jwt-hack.yaml @@ -0,0 +1,16 @@ +--- +name: jwt-hack +description: "\U0001F529 jwt-hack is tool for hacking / security testing to JWT. Supported + for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)" +urls: +- https://github.com/hahwul/jwt-hack) +- https://img.shields.io/github/stars/hahwul/jwt-hack) +- https://img.shields.io/github/languages/top/hahwul/jwt-hack) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/kiterunner.yaml b/weapons/kiterunner.yaml new file mode 100644 index 0000000..b245de9 --- /dev/null +++ b/weapons/kiterunner.yaml @@ -0,0 +1,12 @@ +--- +name: kiterunner +description: Contextual Content Discovery Tool +urls: +- https://github.com/assetnote/kiterunner) +- https://img.shields.io/github/stars/assetnote/kiterunner) +- https://img.shields.io/github/languages/top/assetnote/kiterunner) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/knife.yaml b/weapons/knife.yaml new file mode 100644 index 0000000..6c8dc4e --- /dev/null +++ b/weapons/knife.yaml @@ -0,0 +1,13 @@ +--- +name: knife +description: A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 +urls: +- https://github.com/bit4woo/knife) +- https://img.shields.io/github/stars/bit4woo/knife) +- https://img.shields.io/github/languages/top/bit4woo/knife) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/knock.yaml b/weapons/knock.yaml new file mode 100644 index 0000000..539952b --- /dev/null +++ b/weapons/knock.yaml @@ -0,0 +1,15 @@ +--- +name: knock +description: 'Knock Subdomain Scan ' +urls: +- https://github.com/guelfoweb/knock) +- https://img.shields.io/github/stars/guelfoweb/knock) +- https://img.shields.io/github/languages/top/guelfoweb/knock) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/lazyrecon.yaml b/weapons/lazyrecon.yaml new file mode 100644 index 0000000..69fa40f --- /dev/null +++ b/weapons/lazyrecon.yaml @@ -0,0 +1,16 @@ +--- +name: lazyrecon +description: 'This script is intended to automate your reconnaissance process in an + organized fashion ' +urls: +- https://github.com/nahamsec/lazyrecon) +- https://img.shields.io/github/stars/nahamsec/lazyrecon) +- https://img.shields.io/github/languages/top/nahamsec/lazyrecon) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/longtongue.yaml b/weapons/longtongue.yaml new file mode 100644 index 0000000..3e550a5 --- /dev/null +++ b/weapons/longtongue.yaml @@ -0,0 +1,12 @@ +--- +name: longtongue +description: Customized Password/Passphrase List inputting Target Info +urls: +- https://github.com/edoardottt/longtongue) +- https://img.shields.io/github/stars/edoardottt/longtongue) +- https://img.shields.io/github/languages/top/edoardottt/longtongue) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/masscan.yaml b/weapons/masscan.yaml new file mode 100644 index 0000000..d9b4528 --- /dev/null +++ b/weapons/masscan.yaml @@ -0,0 +1,16 @@ +--- +name: masscan +description: 'TCP port scanner, spews SYN packets asynchronously, scanning entire + Internet in under 5 minutes. ' +urls: +- https://github.com/robertdavidgraham/masscan) +- https://img.shields.io/github/stars/robertdavidgraham/masscan) +- https://img.shields.io/github/languages/top/robertdavidgraham/masscan) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/medusa.yaml b/weapons/medusa.yaml new file mode 100644 index 0000000..5fa72fa --- /dev/null +++ b/weapons/medusa.yaml @@ -0,0 +1,15 @@ +--- +name: medusa +description: 'Fastest recursive HTTP fuzzer, like a Ferrari. ' +urls: +- https://github.com/riza/medusa) +- https://img.shields.io/github/stars/riza/medusa) +- https://img.shields.io/github/languages/top/riza/medusa) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/meg.yaml b/weapons/meg.yaml new file mode 100644 index 0000000..5e2ab76 --- /dev/null +++ b/weapons/meg.yaml @@ -0,0 +1,15 @@ +--- +name: meg +description: 'Fetch many paths for many hosts - without killing the hosts ' +urls: +- https://github.com/tomnomnom/meg) +- https://img.shields.io/github/stars/tomnomnom/meg) +- https://img.shields.io/github/languages/top/tomnomnom/meg) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/megplus.yaml b/weapons/megplus.yaml new file mode 100644 index 0000000..2ba48de --- /dev/null +++ b/weapons/megplus.yaml @@ -0,0 +1,15 @@ +--- +name: megplus +description: 'Automated reconnaissance wrapper — TomNomNom''s meg on steroids. [DEPRECATED] ' +urls: +- https://github.com/EdOverflow/megplus) +- https://img.shields.io/github/stars/EdOverflow/megplus) +- https://img.shields.io/github/languages/top/EdOverflow/megplus) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/naabu.yaml b/weapons/naabu.yaml new file mode 100644 index 0000000..67cb90a --- /dev/null +++ b/weapons/naabu.yaml @@ -0,0 +1,17 @@ +--- +name: naabu +description: 'A fast port scanner written in go with focus on reliability and simplicity. + Designed to be used in combination with other tools for attack surface discovery + in bug bounties and pentests ' +urls: +- https://github.com/projectdiscovery/naabu) +- https://img.shields.io/github/stars/projectdiscovery/naabu) +- https://img.shields.io/github/languages/top/projectdiscovery/naabu) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/nikto.yaml b/weapons/nikto.yaml new file mode 100644 index 0000000..27d5af9 --- /dev/null +++ b/weapons/nikto.yaml @@ -0,0 +1,15 @@ +--- +name: nikto +description: 'Nikto web server scanner ' +urls: +- https://github.com/sullo/nikto) +- https://img.shields.io/github/stars/sullo/nikto) +- https://img.shields.io/github/languages/top/sullo/nikto) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/nmap.yaml b/weapons/nmap.yaml new file mode 100644 index 0000000..d13fc9d --- /dev/null +++ b/weapons/nmap.yaml @@ -0,0 +1,14 @@ +--- +name: nmap +description: 'Nmap - the Network Mapper. Github mirror of official SVN repository. ' +urls: +- https://github.com/nmap/nmap) +- https://img.shields.io/github/stars/nmap/nmap) +- https://img.shields.io/github/languages/top/nmap/nmap) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/nosqli.yaml b/weapons/nosqli.yaml new file mode 100644 index 0000000..d1226d6 --- /dev/null +++ b/weapons/nosqli.yaml @@ -0,0 +1,15 @@ +--- +name: nosqli +description: NoSql Injection CLI tool +urls: +- https://github.com/Charlie-belmer/nosqli) +- https://img.shields.io/github/stars/Charlie-belmer/nosqli) +- https://img.shields.io/github/languages/top/Charlie-belmer/nosqli) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/nuclei.yaml b/weapons/nuclei.yaml new file mode 100644 index 0000000..ef7141c --- /dev/null +++ b/weapons/nuclei.yaml @@ -0,0 +1,16 @@ +--- +name: nuclei +description: 'Nuclei is a fast tool for configurable targeted scanning based on templates + offering massive extensibility and ease of use. ' +urls: +- https://github.com/projectdiscovery/nuclei) +- https://img.shields.io/github/stars/projectdiscovery/nuclei) +- https://img.shields.io/github/languages/top/projectdiscovery/nuclei) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/ob_hacky_slack.yaml b/weapons/ob_hacky_slack.yaml new file mode 100644 index 0000000..e0d7c98 --- /dev/null +++ b/weapons/ob_hacky_slack.yaml @@ -0,0 +1,12 @@ +--- +name: ob_hacky_slack +description: Hacky Slack - a bash script that sends beautiful messages to Slack +urls: +- https://github.com/openbridge/ob_hacky_slack) +- https://img.shields.io/github/stars/openbridge/ob_hacky_slack) +- https://img.shields.io/github/languages/top/openbridge/ob_hacky_slack) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/owasp-zap-jwt-addon.yaml b/weapons/owasp-zap-jwt-addon.yaml new file mode 100644 index 0000000..4fb8297 --- /dev/null +++ b/weapons/owasp-zap-jwt-addon.yaml @@ -0,0 +1,13 @@ +--- +name: owasp-zap-jwt-addon +description: +urls: +- https://github.com/SasanLabs/owasp-zap-jwt-addon) +- https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon) +- https://img.shields.io/github/languages/top/SasanLabs/owasp-zap-jwt-addon) +category: tool-addon +types: [] +platform: +- zap +lang: [] +tags: [] diff --git a/weapons/oxml_xxe.yaml b/weapons/oxml_xxe.yaml new file mode 100644 index 0000000..1d4bd8a --- /dev/null +++ b/weapons/oxml_xxe.yaml @@ -0,0 +1,15 @@ +--- +name: oxml_xxe +description: 'A tool for embedding XXE/XML exploits into different filetypes ' +urls: +- https://github.com/BuffaloWill/oxml_xxe) +- https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) +- https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/pagodo.yaml b/weapons/pagodo.yaml new file mode 100644 index 0000000..5b58da8 --- /dev/null +++ b/weapons/pagodo.yaml @@ -0,0 +1,13 @@ +--- +name: pagodo +description: pagodo (Passive Google Dork) - Automate Google Hacking Database scraping + and searching +urls: +- https://github.com/opsdisk/pagodo) +- https://img.shields.io/github/stars/opsdisk/pagodo) +- https://img.shields.io/github/languages/top/opsdisk/pagodo) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/param-miner.yaml b/weapons/param-miner.yaml new file mode 100644 index 0000000..e12ab9c --- /dev/null +++ b/weapons/param-miner.yaml @@ -0,0 +1,13 @@ +--- +name: param-miner +description: +urls: +- https://github.com/PortSwigger/param-miner) +- https://img.shields.io/github/stars/PortSwigger/param-miner) +- https://img.shields.io/github/languages/top/PortSwigger/param-miner) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/parameth.yaml b/weapons/parameth.yaml new file mode 100644 index 0000000..d12373c --- /dev/null +++ b/weapons/parameth.yaml @@ -0,0 +1,12 @@ +--- +name: parameth +description: This tool can be used to brute discover GET and POST parameters +urls: +- https://github.com/maK-/parameth) +- https://img.shields.io/github/stars/maK-/parameth) +- https://img.shields.io/github/languages/top/maK-/parameth) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/pentest-tools.yaml b/weapons/pentest-tools.yaml new file mode 100644 index 0000000..eaa9d58 --- /dev/null +++ b/weapons/pentest-tools.yaml @@ -0,0 +1,15 @@ +--- +name: pentest-tools +description: 'Custom pentesting tools ' +urls: +- https://github.com/gwen001/pentest-tools) +- https://img.shields.io/github/stars/gwen001/pentest-tools) +- https://img.shields.io/github/languages/top/gwen001/pentest-tools) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/pet.yaml b/weapons/pet.yaml new file mode 100644 index 0000000..5a026dc --- /dev/null +++ b/weapons/pet.yaml @@ -0,0 +1,14 @@ +--- +name: pet +description: Simple command-line snippet manager, written in Go. +urls: +- https://github.com/knqyf263/pet) +- https://img.shields.io/github/stars/knqyf263/pet) +- https://img.shields.io/github/languages/top/knqyf263/pet) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/plution.yaml b/weapons/plution.yaml new file mode 100644 index 0000000..f5de5ad --- /dev/null +++ b/weapons/plution.yaml @@ -0,0 +1,12 @@ +--- +name: plution +description: Prototype pollution scanner using headless chrome +urls: +- https://github.com/raverrr/plution) +- https://img.shields.io/github/stars/raverrr/plution) +- https://img.shields.io/github/languages/top/raverrr/plution) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/postMessage-tracker.yaml b/weapons/postMessage-tracker.yaml new file mode 100644 index 0000000..50ac4ac --- /dev/null +++ b/weapons/postMessage-tracker.yaml @@ -0,0 +1,14 @@ +--- +name: postMessage-tracker +description: A Chrome Extension to track postMessage usage (url, domain and stack) + both by logging using CORS and also visually as an extension-icon +urls: +- https://github.com/fransr/postMessage-tracker) +- https://img.shields.io/github/stars/fransr/postMessage-tracker) +- https://img.shields.io/github/languages/top/fransr/postMessage-tracker) +category: browser-addon +types: [] +platform: +- chrome +lang: [] +tags: [] diff --git a/weapons/ppfuzz.yaml b/weapons/ppfuzz.yaml new file mode 100644 index 0000000..d502be9 --- /dev/null +++ b/weapons/ppfuzz.yaml @@ -0,0 +1,13 @@ +--- +name: ppfuzz +description: "A fast tool to scan client-side prototype pollution vulnerability written + in Rust. \U0001F980" +urls: +- https://github.com/dwisiswant0/ppfuzz) +- https://img.shields.io/github/stars/dwisiswant0/ppfuzz) +- https://img.shields.io/github/languages/top/dwisiswant0/ppfuzz) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/ppmap.yaml b/weapons/ppmap.yaml new file mode 100644 index 0000000..f19d025 --- /dev/null +++ b/weapons/ppmap.yaml @@ -0,0 +1,13 @@ +--- +name: ppmap +description: A scanner/exploitation tool written in GO, which leverages client-side + Prototype Pollution to XSS by exploiting known gadgets. +urls: +- https://github.com/kleiton0x00/ppmap) +- https://img.shields.io/github/stars/kleiton0x00/ppmap) +- https://img.shields.io/github/languages/top/kleiton0x00/ppmap) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/proxify.yaml b/weapons/proxify.yaml new file mode 100644 index 0000000..e742817 --- /dev/null +++ b/weapons/proxify.yaml @@ -0,0 +1,13 @@ +--- +name: proxify +description: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation + and replay +urls: +- https://github.com/projectdiscovery/proxify) +- https://img.shields.io/github/stars/projectdiscovery/proxify) +- https://img.shields.io/github/languages/top/projectdiscovery/proxify) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/puredns.yaml b/weapons/puredns.yaml new file mode 100644 index 0000000..abf8736 --- /dev/null +++ b/weapons/puredns.yaml @@ -0,0 +1,13 @@ +--- +name: puredns +description: Puredns is a fast domain resolver and subdomain bruteforcing tool that + can accurately filter out wildcard subdomains and DNS poisoned entries. +urls: +- https://github.com/d3mondev/puredns) +- https://img.shields.io/github/stars/d3mondev/puredns) +- https://img.shields.io/github/languages/top/d3mondev/puredns) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/pwncat.yaml b/weapons/pwncat.yaml new file mode 100644 index 0000000..34a54c6 --- /dev/null +++ b/weapons/pwncat.yaml @@ -0,0 +1,16 @@ +--- +name: pwncat +description: 'pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and + reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable + with Python (PSE) ' +urls: +- https://github.com/cytopia/pwncat) +- https://img.shields.io/github/stars/cytopia/pwncat) +- https://img.shields.io/github/languages/top/cytopia/pwncat) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/qsreplace.yaml b/weapons/qsreplace.yaml new file mode 100644 index 0000000..432755a --- /dev/null +++ b/weapons/qsreplace.yaml @@ -0,0 +1,16 @@ +--- +name: qsreplace +description: 'Accept URLs on stdin, replace all query string values with a user-supplied + value ' +urls: +- https://github.com/tomnomnom/qsreplace) +- https://img.shields.io/github/stars/tomnomnom/qsreplace) +- https://img.shields.io/github/languages/top/tomnomnom/qsreplace) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/quickjack.yaml b/weapons/quickjack.yaml new file mode 100644 index 0000000..38849b7 --- /dev/null +++ b/weapons/quickjack.yaml @@ -0,0 +1,13 @@ +--- +name: quickjack +description: Quickjack is a point-and-click tool for intuitively producing advanced + clickjacking and frame slicing attacks. +urls: +- https://github.com/samyk/quickjack) +- https://img.shields.io/github/stars/samyk/quickjack) +- https://img.shields.io/github/languages/top/samyk/quickjack) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/rapidscan.yaml b/weapons/rapidscan.yaml new file mode 100644 index 0000000..4a1092f --- /dev/null +++ b/weapons/rapidscan.yaml @@ -0,0 +1,15 @@ +--- +name: rapidscan +description: 'The Multi-Tool Web Vulnerability Scanner. ' +urls: +- https://github.com/skavngr/rapidscan) +- https://img.shields.io/github/stars/skavngr/rapidscan) +- https://img.shields.io/github/languages/top/skavngr/rapidscan) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/recon_profile.yaml b/weapons/recon_profile.yaml new file mode 100644 index 0000000..90eb02e --- /dev/null +++ b/weapons/recon_profile.yaml @@ -0,0 +1,15 @@ +--- +name: recon_profile +description: 'Recon profile (bash profile) for bugbounty ' +urls: +- https://github.com/nahamsec/recon_profile) +- https://img.shields.io/github/stars/nahamsec/recon_profile) +- https://img.shields.io/github/languages/top/nahamsec/recon_profile) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/reconftw.yaml b/weapons/reconftw.yaml new file mode 100644 index 0000000..4207aa6 --- /dev/null +++ b/weapons/reconftw.yaml @@ -0,0 +1,13 @@ +--- +name: reconftw +description: reconFTW is a tool designed to perform automated recon on a target domain + by running the best set of tools to perform scanning and finding out vulnerabilities +urls: +- https://github.com/six2dez/reconftw) +- https://img.shields.io/github/stars/six2dez/reconftw) +- https://img.shields.io/github/languages/top/six2dez/reconftw) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/reflect.yaml b/weapons/reflect.yaml new file mode 100644 index 0000000..d533b35 --- /dev/null +++ b/weapons/reflect.yaml @@ -0,0 +1,13 @@ +--- +name: reflect +description: +urls: +- https://github.com/TypeError/reflect) +- https://img.shields.io/github/stars/TypeError/reflect) +- https://img.shields.io/github/languages/top/TypeError/reflect) +category: tool-addon +types: [] +platform: +- zap +lang: [] +tags: [] diff --git a/weapons/reflected-parameters.yaml b/weapons/reflected-parameters.yaml new file mode 100644 index 0000000..5f9b9e9 --- /dev/null +++ b/weapons/reflected-parameters.yaml @@ -0,0 +1,13 @@ +--- +name: reflected-parameters +description: +urls: +- https://github.com/PortSwigger/reflected-parameters) +- https://img.shields.io/github/stars/PortSwigger/reflected-parameters) +- https://img.shields.io/github/languages/top/PortSwigger/reflected-parameters) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/rengine.yaml b/weapons/rengine.yaml new file mode 100644 index 0000000..4af8331 --- /dev/null +++ b/weapons/rengine.yaml @@ -0,0 +1,17 @@ +--- +name: rengine +description: 'reNgine is an automated reconnaissance framework meant for gathering + information during penetration testing of web applications. reNgine has customizable + scan engines, which can be used to scan the websites, endpoints, and gather information. ' +urls: +- https://github.com/yogeshojha/rengine) +- https://img.shields.io/github/stars/yogeshojha/rengine) +- https://img.shields.io/github/languages/top/yogeshojha/rengine) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/rusolver.yaml b/weapons/rusolver.yaml new file mode 100644 index 0000000..42bfdb8 --- /dev/null +++ b/weapons/rusolver.yaml @@ -0,0 +1,12 @@ +--- +name: rusolver +description: Fast and accurate DNS resolver. +urls: +- https://github.com/Edu4rdSHL/rusolver) +- https://img.shields.io/github/stars/Edu4rdSHL/rusolver) +- https://img.shields.io/github/languages/top/Edu4rdSHL/rusolver) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/s3reverse.yaml b/weapons/s3reverse.yaml new file mode 100644 index 0000000..a736c8d --- /dev/null +++ b/weapons/s3reverse.yaml @@ -0,0 +1,16 @@ +--- +name: s3reverse +description: 'The format of various s3 buckets is convert in one format. for bugbounty + and security testing. ' +urls: +- https://github.com/hahwul/s3reverse) +- https://img.shields.io/github/stars/hahwul/s3reverse) +- https://img.shields.io/github/languages/top/hahwul/s3reverse) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/safecopy.yaml b/weapons/safecopy.yaml new file mode 100644 index 0000000..bccea33 --- /dev/null +++ b/weapons/safecopy.yaml @@ -0,0 +1,13 @@ +--- +name: safecopy +description: +urls: +- https://github.com/yashrs/safecopy) +- https://img.shields.io/github/stars/yashrs/safecopy) +- https://img.shields.io/github/languages/top/yashrs/safecopy) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/scilla.yaml b/weapons/scilla.yaml new file mode 100644 index 0000000..18f0fcc --- /dev/null +++ b/weapons/scilla.yaml @@ -0,0 +1,16 @@ +--- +name: scilla +description: "\U0001F3F4‍☠️ Information Gathering tool \U0001F3F4‍☠️ dns/subdomain/port + enumeration" +urls: +- https://github.com/edoardottt/scilla) +- https://img.shields.io/github/stars/edoardottt/scilla) +- https://img.shields.io/github/languages/top/edoardottt/scilla) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/security-crawl-maze.yaml b/weapons/security-crawl-maze.yaml new file mode 100644 index 0000000..85cf3ab --- /dev/null +++ b/weapons/security-crawl-maze.yaml @@ -0,0 +1,14 @@ +--- +name: security-crawl-maze +description: Security Crawl Maze is a comprehensive testbed for web security crawlers. + It contains pages representing many ways in which one can link resources from a + valid HTML document. +urls: +- https://github.com/google/security-crawl-maze) +- https://img.shields.io/github/stars/google/security-crawl-maze) +- https://img.shields.io/github/languages/top/google/security-crawl-maze) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/security-research-pocs.yaml b/weapons/security-research-pocs.yaml new file mode 100644 index 0000000..da31b3d --- /dev/null +++ b/weapons/security-research-pocs.yaml @@ -0,0 +1,13 @@ +--- +name: security-research-pocs +description: Proof-of-concept codes created as part of security research done by Google + Security Team. +urls: +- https://github.com/google/security-research-pocs) +- https://img.shields.io/github/stars/google/security-research-pocs) +- https://img.shields.io/github/languages/top/google/security-research-pocs) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/shuffledns.yaml b/weapons/shuffledns.yaml new file mode 100644 index 0000000..8ba3685 --- /dev/null +++ b/weapons/shuffledns.yaml @@ -0,0 +1,17 @@ +--- +name: shuffledns +description: 'shuffleDNS is a wrapper around massdns written in go that allows you + to enumerate valid subdomains using active bruteforce as well as resolve subdomains + with wildcard handling and easy input-output support. ' +urls: +- https://github.com/projectdiscovery/shuffledns) +- https://img.shields.io/github/stars/projectdiscovery/shuffledns) +- https://img.shields.io/github/languages/top/projectdiscovery/shuffledns) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/singularity.yaml b/weapons/singularity.yaml new file mode 100644 index 0000000..e55ea46 --- /dev/null +++ b/weapons/singularity.yaml @@ -0,0 +1,12 @@ +--- +name: singularity +description: A DNS rebinding attack framework. +urls: +- https://github.com/nccgroup/singularity) +- https://img.shields.io/github/stars/nccgroup/singularity) +- https://img.shields.io/github/languages/top/nccgroup/singularity) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/slackcat.yaml b/weapons/slackcat.yaml new file mode 100644 index 0000000..6dc8646 --- /dev/null +++ b/weapons/slackcat.yaml @@ -0,0 +1,12 @@ +--- +name: slackcat +description: CLI utility to post files and command output to slack +urls: +- https://github.com/bcicen/slackcat) +- https://img.shields.io/github/stars/bcicen/slackcat) +- https://img.shields.io/github/languages/top/bcicen/slackcat) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/smuggler.yaml b/weapons/smuggler.yaml new file mode 100644 index 0000000..75d54b2 --- /dev/null +++ b/weapons/smuggler.yaml @@ -0,0 +1,16 @@ +--- +name: smuggler +description: 'Smuggler - An HTTP Request Smuggling / Desync testing tool written in + Python 3 ' +urls: +- https://github.com/defparam/smuggler) +- https://img.shields.io/github/stars/defparam/smuggler) +- https://img.shields.io/github/languages/top/defparam/smuggler) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/sn0int.yaml b/weapons/sn0int.yaml new file mode 100644 index 0000000..32db1ba --- /dev/null +++ b/weapons/sn0int.yaml @@ -0,0 +1,12 @@ +--- +name: sn0int +description: Semi-automatic OSINT framework and package manager +urls: +- https://github.com/kpcyrd/sn0int) +- https://img.shields.io/github/stars/kpcyrd/sn0int) +- https://img.shields.io/github/languages/top/kpcyrd/sn0int) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/spiderfoot.yaml b/weapons/spiderfoot.yaml new file mode 100644 index 0000000..e58cfbb --- /dev/null +++ b/weapons/spiderfoot.yaml @@ -0,0 +1,12 @@ +--- +name: spiderfoot +description: SpiderFoot automates OSINT collection so that you can focus on analysis. +urls: +- https://github.com/smicallef/spiderfoot) +- https://img.shields.io/github/stars/smicallef/spiderfoot) +- https://img.shields.io/github/languages/top/smicallef/spiderfoot) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/sqliv.yaml b/weapons/sqliv.yaml new file mode 100644 index 0000000..61ab844 --- /dev/null +++ b/weapons/sqliv.yaml @@ -0,0 +1,12 @@ +--- +name: sqliv +description: massive SQL injection vulnerability scanner +urls: +- https://github.com/the-robot/sqliv) +- https://img.shields.io/github/stars/the-robot/sqliv) +- https://img.shields.io/github/languages/top/the-robot/sqliv) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/sqlmap.yaml b/weapons/sqlmap.yaml new file mode 100644 index 0000000..0857324 --- /dev/null +++ b/weapons/sqlmap.yaml @@ -0,0 +1,14 @@ +--- +name: sqlmap +description: Automatic SQL injection and database takeover tool +urls: +- https://github.com/sqlmapproject/sqlmap) +- https://img.shields.io/github/stars/sqlmapproject/sqlmap) +- https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) +category: tool +types: [] +platform: +- linux +- macos +lang: [] +tags: [] diff --git a/weapons/ssrf-sheriff.yaml b/weapons/ssrf-sheriff.yaml new file mode 100644 index 0000000..f29fc86 --- /dev/null +++ b/weapons/ssrf-sheriff.yaml @@ -0,0 +1,15 @@ +--- +name: ssrf-sheriff +description: 'A simple SSRF-testing sheriff written in Go ' +urls: +- https://github.com/teknogeek/ssrf-sheriff) +- https://img.shields.io/github/stars/teknogeek/ssrf-sheriff) +- https://img.shields.io/github/languages/top/teknogeek/ssrf-sheriff) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/subfinder.yaml b/weapons/subfinder.yaml new file mode 100644 index 0000000..e498d2f --- /dev/null +++ b/weapons/subfinder.yaml @@ -0,0 +1,17 @@ +--- +name: subfinder +description: 'Subfinder is a subdomain discovery tool that discovers valid subdomains + for websites. Designed as a passive framework to be useful for bug bounties and + safe for penetration testing. ' +urls: +- https://github.com/projectdiscovery/subfinder) +- https://img.shields.io/github/stars/projectdiscovery/subfinder) +- https://img.shields.io/github/languages/top/projectdiscovery/subfinder) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/subgen.yaml b/weapons/subgen.yaml new file mode 100644 index 0000000..10843f3 --- /dev/null +++ b/weapons/subgen.yaml @@ -0,0 +1,13 @@ +--- +name: subgen +description: A really simple utility to concate wordlists to a domain name - to pipe + into your favourite resolver! +urls: +- https://github.com/pry0cc/subgen) +- https://img.shields.io/github/stars/pry0cc/subgen) +- https://img.shields.io/github/languages/top/pry0cc/subgen) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/subjack.yaml b/weapons/subjack.yaml new file mode 100644 index 0000000..1b54d46 --- /dev/null +++ b/weapons/subjack.yaml @@ -0,0 +1,15 @@ +--- +name: subjack +description: 'Subdomain Takeover tool written in Go ' +urls: +- https://github.com/haccer/subjack) +- https://img.shields.io/github/stars/haccer/subjack) +- https://img.shields.io/github/languages/top/haccer/subjack) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/subjs.yaml b/weapons/subjs.yaml new file mode 100644 index 0000000..50f2c86 --- /dev/null +++ b/weapons/subjs.yaml @@ -0,0 +1,12 @@ +--- +name: subjs +description: Fetches javascript file from a list of URLS or subdomains. +urls: +- https://github.com/lc/subjs) +- https://img.shields.io/github/stars/lc/subjs) +- https://img.shields.io/github/languages/top/lc/subjs) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/subs_all.yaml b/weapons/subs_all.yaml new file mode 100644 index 0000000..4303823 --- /dev/null +++ b/weapons/subs_all.yaml @@ -0,0 +1,15 @@ +--- +name: subs_all +description: 'Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ' +urls: +- https://github.com/emadshanab/subs_all) +- https://img.shields.io/github/stars/emadshanab/subs_all) +- https://img.shields.io/github/languages/top/emadshanab/subs_all) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/subzy.yaml b/weapons/subzy.yaml new file mode 100644 index 0000000..c24d637 --- /dev/null +++ b/weapons/subzy.yaml @@ -0,0 +1,12 @@ +--- +name: subzy +description: Subdomain takeover vulnerability checker +urls: +- https://github.com/LukaSikic/subzy) +- https://img.shields.io/github/stars/LukaSikic/subzy) +- https://img.shields.io/github/languages/top/LukaSikic/subzy) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/taborator.yaml b/weapons/taborator.yaml new file mode 100644 index 0000000..d57d661 --- /dev/null +++ b/weapons/taborator.yaml @@ -0,0 +1,13 @@ +--- +name: taborator +description: +urls: +- https://github.com/hackvertor/taborator) +- https://img.shields.io/github/stars/hackvertor/taborator) +- https://img.shields.io/github/languages/top/hackvertor/taborator) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/template-generator.yaml b/weapons/template-generator.yaml new file mode 100644 index 0000000..7b0d05f --- /dev/null +++ b/weapons/template-generator.yaml @@ -0,0 +1,18 @@ +--- +name: template-generator +description: 'A simple variable based template editor using handlebarjs+strapdownjs. + The idea is to use variables in markdown based files to easily replace the variables + with content. Data is saved temporarily in local storage. PHP is only needed to + generate the list of files in the dropdown of templates. ' +urls: +- https://github.com/fransr/template-generator) +- https://img.shields.io/github/stars/fransr/template-generator) +- https://img.shields.io/github/languages/top/fransr/template-generator) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/testssl.sh.yaml b/weapons/testssl.sh.yaml new file mode 100644 index 0000000..e6c126f --- /dev/null +++ b/weapons/testssl.sh.yaml @@ -0,0 +1,15 @@ +--- +name: testssl.sh +description: 'Testing TLS/SSL encryption anywhere on any port ' +urls: +- https://github.com/drwetter/testssl.sh) +- https://img.shields.io/github/stars/drwetter/testssl.sh) +- https://img.shields.io/github/languages/top/drwetter/testssl.sh) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/thc-hydra.yaml b/weapons/thc-hydra.yaml new file mode 100644 index 0000000..a8287b4 --- /dev/null +++ b/weapons/thc-hydra.yaml @@ -0,0 +1,15 @@ +--- +name: thc-hydra +description: 'hydra ' +urls: +- https://github.com/vanhauser-thc/thc-hydra) +- https://img.shields.io/github/stars/vanhauser-thc/thc-hydra) +- https://img.shields.io/github/languages/top/vanhauser-thc/thc-hydra) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/tiscripts.yaml b/weapons/tiscripts.yaml new file mode 100644 index 0000000..57030d8 --- /dev/null +++ b/weapons/tiscripts.yaml @@ -0,0 +1,12 @@ +--- +name: tiscripts +description: Turbo Intruder Scripts +urls: +- https://github.com/defparam/tiscripts) +- https://img.shields.io/github/stars/defparam/tiscripts) +- https://img.shields.io/github/languages/top/defparam/tiscripts) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/tplmap.yaml b/weapons/tplmap.yaml new file mode 100644 index 0000000..7435141 --- /dev/null +++ b/weapons/tplmap.yaml @@ -0,0 +1,13 @@ +--- +name: tplmap +description: Server-Side Template Injection and Code Injection Detection and Exploitation + Tool +urls: +- https://github.com/epinna/tplmap) +- https://img.shields.io/github/stars/epinna/tplmap) +- https://img.shields.io/github/languages/top/epinna/tplmap) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/turbo-intruder.yaml b/weapons/turbo-intruder.yaml new file mode 100644 index 0000000..b3f3795 --- /dev/null +++ b/weapons/turbo-intruder.yaml @@ -0,0 +1,13 @@ +--- +name: turbo-intruder +description: +urls: +- https://github.com/PortSwigger/turbo-intruder) +- https://img.shields.io/github/stars/PortSwigger/turbo-intruder) +- https://img.shields.io/github/languages/top/PortSwigger/turbo-intruder) +category: tool-addon +types: [] +platform: +- burpsuite +lang: [] +tags: [] diff --git a/weapons/uncover.yaml b/weapons/uncover.yaml new file mode 100644 index 0000000..d70ced6 --- /dev/null +++ b/weapons/uncover.yaml @@ -0,0 +1,13 @@ +--- +name: uncover +description: Quickly discover exposed hosts on the internet using multiple search + engine. +urls: +- https://github.com/projectdiscovery/uncover) +- https://img.shields.io/github/stars/projectdiscovery/uncover) +- https://img.shields.io/github/languages/top/projectdiscovery/uncover) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/unfurl.yaml b/weapons/unfurl.yaml new file mode 100644 index 0000000..6545aaf --- /dev/null +++ b/weapons/unfurl.yaml @@ -0,0 +1,15 @@ +--- +name: unfurl +description: 'Pull out bits of URLs provided on stdin ' +urls: +- https://github.com/tomnomnom/unfurl) +- https://img.shields.io/github/stars/tomnomnom/unfurl) +- https://img.shields.io/github/languages/top/tomnomnom/unfurl) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/urlgrab.yaml b/weapons/urlgrab.yaml new file mode 100644 index 0000000..16b968d --- /dev/null +++ b/weapons/urlgrab.yaml @@ -0,0 +1,16 @@ +--- +name: urlgrab +description: 'A golang utility to spider through a website searching for additional + links. ' +urls: +- https://github.com/IAmStoxe/urlgrab) +- https://img.shields.io/github/stars/IAmStoxe/urlgrab) +- https://img.shields.io/github/languages/top/IAmStoxe/urlgrab) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/urlhunter.yaml b/weapons/urlhunter.yaml new file mode 100644 index 0000000..c22ff58 --- /dev/null +++ b/weapons/urlhunter.yaml @@ -0,0 +1,13 @@ +--- +name: urlhunter +description: a recon tool that allows searching on URLs that are exposed via shortener + services +urls: +- https://github.com/utkusen/urlhunter) +- https://img.shields.io/github/stars/utkusen/urlhunter) +- https://img.shields.io/github/languages/top/utkusen/urlhunter) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/urlprobe.yaml b/weapons/urlprobe.yaml new file mode 100644 index 0000000..07a8538 --- /dev/null +++ b/weapons/urlprobe.yaml @@ -0,0 +1,15 @@ +--- +name: urlprobe +description: 'Urls status code & content length checker ' +urls: +- https://github.com/1ndianl33t/urlprobe) +- https://img.shields.io/github/stars/1ndianl33t/urlprobe) +- https://img.shields.io/github/languages/top/1ndianl33t/urlprobe) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/uro.yaml b/weapons/uro.yaml new file mode 100644 index 0000000..2c43e90 --- /dev/null +++ b/weapons/uro.yaml @@ -0,0 +1,12 @@ +--- +name: uro +description: declutters url lists for crawling/pentesting +urls: +- https://github.com/s0md3v/uro) +- https://img.shields.io/github/stars/s0md3v/uro) +- https://img.shields.io/github/languages/top/s0md3v/uro) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/waybackurls.yaml b/weapons/waybackurls.yaml new file mode 100644 index 0000000..4cad08d --- /dev/null +++ b/weapons/waybackurls.yaml @@ -0,0 +1,15 @@ +--- +name: waybackurls +description: 'Fetch all the URLs that the Wayback Machine knows about for a domain ' +urls: +- https://github.com/tomnomnom/waybackurls) +- https://img.shields.io/github/stars/tomnomnom/waybackurls) +- https://img.shields.io/github/languages/top/tomnomnom/waybackurls) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/weaponised-XSS-payloads.yaml b/weapons/weaponised-XSS-payloads.yaml new file mode 100644 index 0000000..174c3f3 --- /dev/null +++ b/weapons/weaponised-XSS-payloads.yaml @@ -0,0 +1,12 @@ +--- +name: weaponised-XSS-payloads +description: XSS payloads designed to turn alert(1) into P1 +urls: +- https://github.com/hakluke/weaponised-XSS-payloads) +- https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) +- https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/web_cache_poison.yaml b/weapons/web_cache_poison.yaml new file mode 100644 index 0000000..fce29a1 --- /dev/null +++ b/weapons/web_cache_poison.yaml @@ -0,0 +1,12 @@ +--- +name: web_cache_poison +description: web cache poison - Top 1 web hacking technique of 2019 +urls: +- https://github.com/fngoo/web_cache_poison) +- https://img.shields.io/github/stars/fngoo/web_cache_poison) +- https://img.shields.io/github/languages/top/fngoo/web_cache_poison) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/websocket-connection-smuggler.yaml b/weapons/websocket-connection-smuggler.yaml new file mode 100644 index 0000000..e7b47cd --- /dev/null +++ b/weapons/websocket-connection-smuggler.yaml @@ -0,0 +1,12 @@ +--- +name: websocket-connection-smuggler +description: websocket-connection-smuggler +urls: +- https://github.com/hahwul/websocket-connection-smuggler) +- https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) +- https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/wfuzz.yaml b/weapons/wfuzz.yaml new file mode 100644 index 0000000..53468e9 --- /dev/null +++ b/weapons/wfuzz.yaml @@ -0,0 +1,15 @@ +--- +name: wfuzz +description: 'Web application fuzzer ' +urls: +- https://github.com/xmendez/wfuzz) +- https://img.shields.io/github/stars/xmendez/wfuzz) +- https://img.shields.io/github/languages/top/xmendez/wfuzz) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/wprecon.yaml b/weapons/wprecon.yaml new file mode 100644 index 0000000..69c367a --- /dev/null +++ b/weapons/wprecon.yaml @@ -0,0 +1,13 @@ +--- +name: wprecon +description: Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition + tool in CMS Wordpress, 100% developed in Go. +urls: +- https://github.com/blackcrw/wprecon) +- https://img.shields.io/github/stars/blackcrw/wprecon) +- https://img.shields.io/github/languages/top/blackcrw/wprecon) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/wpscan.yaml b/weapons/wpscan.yaml new file mode 100644 index 0000000..11d6eea --- /dev/null +++ b/weapons/wpscan.yaml @@ -0,0 +1,17 @@ +--- +name: wpscan +description: 'WPScan is a free, for non-commercial use, black box WordPress Vulnerability + Scanner written for security professionals and blog maintainers to test the security + of their WordPress websites. ' +urls: +- https://github.com/wpscanteam/wpscan) +- https://img.shields.io/github/stars/wpscanteam/wpscan) +- https://img.shields.io/github/languages/top/wpscanteam/wpscan) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/ws-smuggler.yaml b/weapons/ws-smuggler.yaml new file mode 100644 index 0000000..5a0f9ac --- /dev/null +++ b/weapons/ws-smuggler.yaml @@ -0,0 +1,12 @@ +--- +name: ws-smuggler +description: WebSocket Connection Smuggler +urls: +- https://github.com/hahwul/ws-smuggler) +- https://img.shields.io/github/stars/hahwul/ws-smuggler) +- https://img.shields.io/github/languages/top/hahwul/ws-smuggler) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/wssip.yaml b/weapons/wssip.yaml new file mode 100644 index 0000000..21a2df9 --- /dev/null +++ b/weapons/wssip.yaml @@ -0,0 +1,13 @@ +--- +name: wssip +description: Application for capturing, modifying and sending custom WebSocket data + from client to server and vice versa. +urls: +- https://github.com/nccgroup/wssip) +- https://img.shields.io/github/stars/nccgroup/wssip) +- https://img.shields.io/github/languages/top/nccgroup/wssip) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/wuzz.yaml b/weapons/wuzz.yaml new file mode 100644 index 0000000..a82e6ce --- /dev/null +++ b/weapons/wuzz.yaml @@ -0,0 +1,15 @@ +--- +name: wuzz +description: 'Interactive cli tool for HTTP inspection ' +urls: +- https://github.com/asciimoo/wuzz) +- https://img.shields.io/github/stars/asciimoo/wuzz) +- https://img.shields.io/github/languages/top/asciimoo/wuzz) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/x8.yaml b/weapons/x8.yaml new file mode 100644 index 0000000..9cf8dd7 --- /dev/null +++ b/weapons/x8.yaml @@ -0,0 +1,12 @@ +--- +name: x8 +description: Hidden parameters discovery suite +urls: +- https://github.com/Sh1Yo/x8) +- https://img.shields.io/github/stars/Sh1Yo/x8) +- https://img.shields.io/github/languages/top/Sh1Yo/x8) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/xsinator.com.yaml b/weapons/xsinator.com.yaml new file mode 100644 index 0000000..2d130d8 --- /dev/null +++ b/weapons/xsinator.com.yaml @@ -0,0 +1,12 @@ +--- +name: xsinator.com +description: XS-Leak Browser Test Suite +urls: +- https://github.com/RUB-NDS/xsinator.com) +- https://img.shields.io/github/stars/RUB-NDS/xsinator.com) +- https://img.shields.io/github/languages/top/RUB-NDS/xsinator.com) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/xss-cheatsheet-data.yaml b/weapons/xss-cheatsheet-data.yaml new file mode 100644 index 0000000..93d3d00 --- /dev/null +++ b/weapons/xss-cheatsheet-data.yaml @@ -0,0 +1,16 @@ +--- +name: xss-cheatsheet-data +description: 'This repository contains all the XSS cheatsheet data to allow contributions + from the community. ' +urls: +- https://github.com/PortSwigger/xss-cheatsheet-data) +- https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) +- https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/xsscrapy.yaml b/weapons/xsscrapy.yaml new file mode 100644 index 0000000..d335368 --- /dev/null +++ b/weapons/xsscrapy.yaml @@ -0,0 +1,16 @@ +--- +name: xsscrapy +description: 'XSS/SQLi spider. Give it a URL and it''ll test every link it finds for + XSS and some SQLi. ' +urls: +- https://github.com/DanMcInerney/xsscrapy) +- https://img.shields.io/github/stars/DanMcInerney/xsscrapy) +- https://img.shields.io/github/languages/top/DanMcInerney/xsscrapy) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/xsser.yaml b/weapons/xsser.yaml new file mode 100644 index 0000000..cec34fa --- /dev/null +++ b/weapons/xsser.yaml @@ -0,0 +1,16 @@ +--- +name: xsser +description: 'Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, + exploit and report XSS vulnerabilities in web-based applications. ' +urls: +- https://github.com/epsylon/xsser) +- https://img.shields.io/github/stars/epsylon/xsser) +- https://img.shields.io/github/languages/top/epsylon/xsser) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/xssor2.yaml b/weapons/xssor2.yaml new file mode 100644 index 0000000..07d4587 --- /dev/null +++ b/weapons/xssor2.yaml @@ -0,0 +1,12 @@ +--- +name: xssor2 +description: XSS'OR - Hack with JavaScript. +urls: +- https://github.com/evilcos/xssor2) +- https://img.shields.io/github/stars/evilcos/xssor2) +- https://img.shields.io/github/languages/top/evilcos/xssor2) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/xxeserv.yaml b/weapons/xxeserv.yaml new file mode 100644 index 0000000..cb894e8 --- /dev/null +++ b/weapons/xxeserv.yaml @@ -0,0 +1,12 @@ +--- +name: xxeserv +description: A mini webserver with FTP support for XXE payloads +urls: +- https://github.com/staaldraad/xxeserv) +- https://img.shields.io/github/stars/staaldraad/xxeserv) +- https://img.shields.io/github/languages/top/staaldraad/xxeserv) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/ysoserial.net.yaml b/weapons/ysoserial.net.yaml new file mode 100644 index 0000000..774ca19 --- /dev/null +++ b/weapons/ysoserial.net.yaml @@ -0,0 +1,15 @@ +--- +name: ysoserial.net +description: 'Deserialization payload generator for a variety of .NET formatters ' +urls: +- https://github.com/pwntester/ysoserial.net) +- https://img.shields.io/github/stars/pwntester/ysoserial.net) +- https://img.shields.io/github/languages/top/pwntester/ysoserial.net) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/ysoserial.yaml b/weapons/ysoserial.yaml new file mode 100644 index 0000000..7c3250e --- /dev/null +++ b/weapons/ysoserial.yaml @@ -0,0 +1,16 @@ +--- +name: ysoserial +description: 'A proof-of-concept tool for generating payloads that exploit unsafe + Java object deserialization. ' +urls: +- https://github.com/frohoff/ysoserial) +- https://img.shields.io/github/stars/frohoff/ysoserial) +- https://img.shields.io/github/languages/top/frohoff/ysoserial) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/zap-cli.yaml b/weapons/zap-cli.yaml new file mode 100644 index 0000000..657cc6e --- /dev/null +++ b/weapons/zap-cli.yaml @@ -0,0 +1,15 @@ +--- +name: zap-cli +description: 'A simple tool for interacting with OWASP ZAP from the commandline. ' +urls: +- https://github.com/Grunny/zap-cli) +- https://img.shields.io/github/stars/Grunny/zap-cli) +- https://img.shields.io/github/languages/top/Grunny/zap-cli) +category: tool +types: [] +platform: +- linux +- macos +- windows +lang: [] +tags: [] diff --git a/weapons/zap-hud.yaml b/weapons/zap-hud.yaml new file mode 100644 index 0000000..39576e6 --- /dev/null +++ b/weapons/zap-hud.yaml @@ -0,0 +1,13 @@ +--- +name: zap-hud +description: +urls: +- https://github.com/zaproxy/zap-hud) +- https://img.shields.io/github/stars/zaproxy/zap-hud) +- https://img.shields.io/github/languages/top/zaproxy/zap-hud) +category: tool-addon +types: [] +platform: +- zap +lang: [] +tags: [] diff --git a/weapons/zaproxy.yaml b/weapons/zaproxy.yaml new file mode 100644 index 0000000..885ebc9 --- /dev/null +++ b/weapons/zaproxy.yaml @@ -0,0 +1,12 @@ +--- +name: zaproxy +description: The OWASP ZAP core project +urls: +- https://github.com/zaproxy/zaproxy) +- https://img.shields.io/github/stars/zaproxy/zaproxy) +- https://img.shields.io/github/languages/top/zaproxy/zaproxy) +category: tool +types: [] +platform: [] +lang: [] +tags: [] diff --git a/weapons/zdns.yaml b/weapons/zdns.yaml new file mode 100644 index 0000000..f440e5c --- /dev/null +++ b/weapons/zdns.yaml @@ -0,0 +1,12 @@ +--- +name: zdns +description: Fast CLI DNS Lookup Tool +urls: +- https://github.com/zmap/zdns) +- https://img.shields.io/github/stars/zmap/zdns) +- https://img.shields.io/github/languages/top/zmap/zdns) +category: tool +types: [] +platform: [] +lang: [] +tags: [] From ace7389b70e0d8ecb38643a4d766cc771bdb6344 Mon Sep 17 00:00:00 2001 From: hahwul Date: Tue, 16 Aug 2022 20:48:09 +0900 Subject: [PATCH 13/42] y --- scripts/erb.rb | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/scripts/erb.rb b/scripts/erb.rb index 081d65d..a4b9c32 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -5,42 +5,48 @@ template = %q{

- - -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting +A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting ## Family project [![WebHackersWeapons](https://img.shields.io/github/stars/hahwul/WebHackersWeapons?label=WebHackersWeapons)](https://github.com/hahwul/WebHackersWeapons) [![MobileHackersWeapons](https://img.shields.io/github/stars/hahwul/MobileHackersWeapons?label=MobileHackersWeapons)](https://github.com/hahwul/MobileHackersWeapons) ## Table of Contents -- [WHW-Tools](https://whw-tools.hahwul.com) - [Weapons](#weapons) -- [Awesome Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) -- [Awesome Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) -- [Awesome Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) + - Tools + - [Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) + - [Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) + - [Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) - [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md) - [Thanks to contributor](#thanks-to-contributor) -## WHW-Tools -> Always use the latest tools 😎 - -`WHW-Tools` is tools web of `#WebHackersWeapons`. Easy install and Easy manage upgrade. Go to [WHW-Tools](https://whw-tools.hahwul.com/) - ## Weapons -<%= aa %> - +### Tools +<%= tools %> + +### Bookmarklets +<%= bookmarklets %> + +### Browser Addons +<%= browser_addons %> + +### Burpsuite and ZAP Addons +<%= burpzap_addons %> + ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 ![](/CONTRIBUTORS.svg) }.gsub(/^ /, '') -aa = 4414 +tools = 4414 +bookmarklets = 111 +browser_addons = 111 +burpzap_addons = 111 markdown = ERB.new(template, trim_mode: "%<>") puts markdown.result \ No newline at end of file From aea24edd4cb3b9327a19d3e6fee9166c2f067eee Mon Sep 17 00:00:00 2001 From: hahwul Date: Tue, 16 Aug 2022 20:49:10 +0900 Subject: [PATCH 14/42] y --- scripts/erb.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/erb.rb b/scripts/erb.rb index a4b9c32..ac324dc 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -40,7 +40,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 -![](/CONTRIBUTORS.svg) +![](/images/CONTRIBUTORS.svg) }.gsub(/^ /, '') tools = 4414 From 8693b155c7b5265333cba74e844873eedafceeac Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 01:11:14 +0900 Subject: [PATCH 15/42] update --- scripts/erb.rb | 51 +++++++++++++++++-- scripts/migration.rb | 12 +++-- weapons/230-OOB.yaml | 5 +- weapons/3klCon.yaml | 5 +- weapons/AWSBucketDump.yaml | 5 +- weapons/Amass.yaml | 5 +- weapons/Arjun.yaml | 5 +- weapons/Assetnote_Wordlists.yaml | 5 +- weapons/Atlas.yaml | 5 +- weapons/AuthMatrix.yaml | 5 +- weapons/Autorize.yaml | 5 +- weapons/Blacklist3r.yaml | 5 +- weapons/BruteX.yaml | 5 +- weapons/Bug-Bounty-Toolz.yaml | 5 +- weapons/BurpBounty.yaml | 5 +- weapons/BurpCustomizer.yaml | 5 +- weapons/BurpJSLinkFinder.yaml | 5 +- weapons/BurpSuite-Secret_Finder.yaml | 5 +- weapons/BurpSuite.yaml | 4 +- weapons/BurpSuiteHTTPSmuggler.yaml | 5 +- weapons/BurpSuiteLoggerPlusPlus.yaml | 5 +- weapons/CSP_Evaluator.yaml | 4 +- weapons/CT_subdomains.yaml | 5 +- weapons/Chaos_Web.yaml | 4 +- .../Chromium-based-XSS-Taint-Tracking.yaml | 5 +- weapons/CorsMe.yaml | 5 +- weapons/Corsy.yaml | 5 +- weapons/CyberChef.yaml | 5 +- weapons/DNSDumpster.yaml | 4 +- weapons/DOMPurify.yaml | 6 +-- weapons/DSSS.yaml | 5 +- weapons/Dark_Reader.yaml | 4 +- weapons/Dark_Reader_for_Safari.yaml | 4 +- weapons/DeepViolet.yaml | 5 +- weapons/DirDar.yaml | 5 +- weapons/DotGit.yaml | 5 +- weapons/Edit-This-Cookie.yaml | 5 +- weapons/Emissary.yaml | 5 +- weapons/FavFreak.yaml | 5 +- weapons/Findsploit.yaml | 5 +- weapons/Gf-Patterns.yaml | 5 +- weapons/GitMiner.yaml | 5 +- weapons/Gopherus.yaml | 5 +- weapons/GraphQLmap.yaml | 5 +- weapons/HRS.yaml | 5 +- weapons/HUNT.yaml | 5 +- weapons/Hack-Tools.yaml | 5 +- weapons/HydraRecon.yaml | 5 +- weapons/IntruderPayloads.yaml | 5 +- weapons/JSFScan.sh.yaml | 5 +- weapons/LFISuite.yaml | 5 +- weapons/LinkFinder.yaml | 5 +- weapons/MM3_ProxySwitch.yaml | 4 +- weapons/NoSQLMap.yaml | 5 +- weapons/OneForAll.yaml | 5 +- weapons/OpenRedireX.yaml | 5 +- weapons/Osmedeus.yaml | 5 +- weapons/PPScan.yaml | 5 +- weapons/ParamSpider.yaml | 5 +- weapons/Parth.yaml | 5 +- weapons/PayloadsAllTheThings.yaml | 5 +- weapons/Phoenix.yaml | 4 +- weapons/Photon.yaml | 5 +- weapons/PoC-in-GitHub.yaml | 5 +- weapons/RustScan.yaml | 5 +- weapons/S3Scanner.yaml | 5 +- weapons/SQLNinja.yaml | 4 +- weapons/SQL_Ninja.yaml | 4 +- weapons/SSRFmap.yaml | 5 +- weapons/STEWS.yaml | 5 +- weapons/SecLists.yaml | 5 +- weapons/SecretFinder.yaml | 5 +- weapons/SecurityTrails.yaml | 4 +- weapons/SequenceDiagram.yaml | 4 +- weapons/Shodan.yaml | 4 +- weapons/Silver.yaml | 5 +- weapons/Sn1per.yaml | 5 +- weapons/Stepper.yaml | 5 +- weapons/Striker.yaml | 5 +- weapons/SubOver.yaml | 5 +- weapons/Sublist3r.yaml | 5 +- weapons/Taipan.yaml | 5 +- weapons/TukTuk.yaml | 5 +- weapons/User-Agent_Switcher.yaml | 4 +- weapons/VHostScan.yaml | 5 +- weapons/Wayback_Machine.yaml | 4 +- weapons/Web-Cache-Vulnerability-Scanner.yaml | 6 +-- weapons/XSRFProbe.yaml | 5 +- weapons/XSStrike.yaml | 5 +- weapons/XSpear.yaml | 5 +- weapons/XXEinjector.yaml | 5 +- weapons/a2sv.yaml | 5 +- weapons/altdns.yaml | 5 +- weapons/anew.yaml | 5 +- weapons/apkleaks.yaml | 5 +- weapons/aquatone.yaml | 5 +- weapons/arachni.yaml | 5 +- weapons/assetfinder.yaml | 5 +- weapons/attack-surface-detector-zap.yaml | 5 +- weapons/auto-repeater.yaml | 5 +- weapons/autochrome.yaml | 5 +- weapons/axiom.yaml | 5 +- weapons/bat.yaml | 5 +- weapons/boast.yaml | 5 +- weapons/bountyplz.yaml | 5 +- weapons/burl.yaml | 5 +- weapons/burp-exporter.yaml | 5 +- weapons/burp-piper.yaml | 5 +- weapons/burp-retire-js.yaml | 5 +- weapons/burp-send-to.yaml | 5 +- weapons/c-jwt-cracker.yaml | 5 +- weapons/can-i-take-over-xyz.yaml | 5 +- weapons/cariddi.yaml | 5 +- weapons/cc.py.yaml | 5 +- weapons/cf-check.yaml | 5 +- weapons/chaos-client.yaml | 5 +- weapons/clear-cache.yaml | 5 +- weapons/collaborator-everywhere.yaml | 5 +- weapons/commix.yaml | 5 +- weapons/community-scripts.yaml | 5 +- weapons/confused.yaml | 5 +- weapons/cookie-quick-manager.yaml | 5 +- weapons/corsair_scan.yaml | 5 +- weapons/crawlergo.yaml | 5 +- weapons/crlfuzz.yaml | 5 +- weapons/csp-auditor.yaml | 5 +- weapons/curl.yaml | 5 +- weapons/dalfox.yaml | 5 +- weapons/dirsearch.yaml | 5 +- weapons/ditto.yaml | 5 +- weapons/dmut.yaml | 5 +- weapons/dnsobserver.yaml | 5 +- weapons/dnsprobe.yaml | 5 +- weapons/dnsvalidator.yaml | 5 +- weapons/dnsx.yaml | 5 +- weapons/docem.yaml | 5 +- weapons/domdig.yaml | 5 +- weapons/dontgo403.yaml | 5 +- weapons/dotdotpwn.yaml | 5 +- weapons/eval_villain.yaml | 5 +- weapons/ezXSS.yaml | 5 +- weapons/femida.yaml | 5 +- weapons/feroxbuster.yaml | 5 +- weapons/ffuf.yaml | 5 +- weapons/fhc.yaml | 5 +- weapons/findom-xss.yaml | 5 +- weapons/findomain.yaml | 5 +- weapons/fockcache.yaml | 5 +- weapons/fuzzparam.yaml | 5 +- weapons/fzf.yaml | 5 +- weapons/gau.yaml | 5 +- weapons/gauplus.yaml | 5 +- weapons/gee.yaml | 5 +- weapons/getJS.yaml | 5 +- weapons/gf.yaml | 5 +- weapons/gitGraber.yaml | 5 +- weapons/github-endpoints.yaml | 5 +- weapons/github-regexp.yaml | 5 +- weapons/github-search.yaml | 5 +- weapons/github-subdomains.yaml | 5 +- weapons/gitleaks.yaml | 5 +- weapons/gitls.yaml | 5 +- weapons/gitrob.yaml | 5 +- weapons/go-dork.yaml | 5 +- weapons/gobuster.yaml | 5 +- weapons/gospider.yaml | 5 +- weapons/gotator.yaml | 5 +- weapons/gotestwaf.yaml | 5 +- weapons/gowitness.yaml | 5 +- weapons/graphql-voyager.yaml | 5 +- weapons/grc.yaml | 5 +- weapons/grex.yaml | 5 +- weapons/gron.yaml | 5 +- weapons/h2csmuggler.yaml | 5 +- weapons/hacks.yaml | 5 +- weapons/hakcheckurl.yaml | 5 +- weapons/hakrawler.yaml | 5 +- weapons/hakrevdns.yaml | 5 +- weapons/haktrails.yaml | 5 +- weapons/hashcat.yaml | 5 +- weapons/headi.yaml | 5 +- weapons/hetty.yaml | 5 +- weapons/hinject.yaml | 5 +- weapons/htcat.yaml | 5 +- weapons/http-request-smuggler.yaml | 5 +- weapons/http-request-smuggling.yaml | 5 +- weapons/http-script-generator.yaml | 5 +- weapons/http2smugl.yaml | 5 +- weapons/httpie.yaml | 6 +-- weapons/httprobe.yaml | 5 +- weapons/httptoolkit.yaml | 5 +- weapons/httpx.yaml | 5 +- weapons/hurl.yaml | 5 +- weapons/inql.yaml | 5 +- weapons/interactsh.yaml | 5 +- weapons/intrigue-core.yaml | 5 +- weapons/jaeles.yaml | 5 +- weapons/jsfuck.yaml | 5 +- weapons/jsonwebtoken.github.io.yaml | 5 +- weapons/jsprime.yaml | 5 +- weapons/jwt-cracker.yaml | 5 +- weapons/jwt-hack.yaml | 5 +- weapons/kiterunner.yaml | 5 +- weapons/knife.yaml | 5 +- weapons/knock.yaml | 5 +- weapons/lazyrecon.yaml | 5 +- weapons/longtongue.yaml | 5 +- weapons/masscan.yaml | 5 +- weapons/medusa.yaml | 5 +- weapons/meg.yaml | 5 +- weapons/megplus.yaml | 5 +- weapons/naabu.yaml | 5 +- weapons/nikto.yaml | 5 +- weapons/nmap.yaml | 5 +- weapons/nosqli.yaml | 5 +- weapons/nuclei.yaml | 5 +- weapons/ob_hacky_slack.yaml | 5 +- weapons/owasp-zap-jwt-addon.yaml | 5 +- weapons/oxml_xxe.yaml | 5 +- weapons/pagodo.yaml | 5 +- weapons/param-miner.yaml | 5 +- weapons/parameth.yaml | 5 +- weapons/pentest-tools.yaml | 5 +- weapons/pet.yaml | 5 +- weapons/plution.yaml | 5 +- weapons/postMessage-tracker.yaml | 5 +- weapons/ppfuzz.yaml | 5 +- weapons/ppmap.yaml | 5 +- weapons/proxify.yaml | 5 +- weapons/puredns.yaml | 5 +- weapons/pwncat.yaml | 5 +- weapons/qsreplace.yaml | 5 +- weapons/quickjack.yaml | 5 +- weapons/rapidscan.yaml | 5 +- weapons/recon_profile.yaml | 5 +- weapons/reconftw.yaml | 5 +- weapons/reflect.yaml | 5 +- weapons/reflected-parameters.yaml | 5 +- weapons/rengine.yaml | 5 +- weapons/rusolver.yaml | 5 +- weapons/s3reverse.yaml | 5 +- weapons/safecopy.yaml | 5 +- weapons/scilla.yaml | 5 +- weapons/security-crawl-maze.yaml | 5 +- weapons/security-research-pocs.yaml | 5 +- weapons/shuffledns.yaml | 5 +- weapons/singularity.yaml | 5 +- weapons/slackcat.yaml | 5 +- weapons/smuggler.yaml | 5 +- weapons/sn0int.yaml | 5 +- weapons/spiderfoot.yaml | 5 +- weapons/sqliv.yaml | 5 +- weapons/sqlmap.yaml | 5 +- weapons/ssrf-sheriff.yaml | 5 +- weapons/subfinder.yaml | 5 +- weapons/subgen.yaml | 5 +- weapons/subjack.yaml | 5 +- weapons/subjs.yaml | 5 +- weapons/subs_all.yaml | 5 +- weapons/subzy.yaml | 5 +- weapons/taborator.yaml | 5 +- weapons/template-generator.yaml | 5 +- weapons/testssl.sh.yaml | 5 +- weapons/thc-hydra.yaml | 5 +- weapons/tiscripts.yaml | 5 +- weapons/tplmap.yaml | 5 +- weapons/turbo-intruder.yaml | 5 +- weapons/uncover.yaml | 5 +- weapons/unfurl.yaml | 5 +- weapons/urlgrab.yaml | 5 +- weapons/urlhunter.yaml | 5 +- weapons/urlprobe.yaml | 5 +- weapons/uro.yaml | 5 +- weapons/waybackurls.yaml | 5 +- weapons/weaponised-XSS-payloads.yaml | 5 +- weapons/web_cache_poison.yaml | 5 +- weapons/websocket-connection-smuggler.yaml | 5 +- weapons/wfuzz.yaml | 5 +- weapons/wprecon.yaml | 5 +- weapons/wpscan.yaml | 5 +- weapons/ws-smuggler.yaml | 5 +- weapons/wssip.yaml | 5 +- weapons/wuzz.yaml | 5 +- weapons/x8.yaml | 5 +- weapons/xsinator.com.yaml | 5 +- weapons/xss-cheatsheet-data.yaml | 5 +- weapons/xsscrapy.yaml | 5 +- weapons/xsser.yaml | 5 +- weapons/xssor2.yaml | 5 +- weapons/xxeserv.yaml | 5 +- weapons/ysoserial.net.yaml | 5 +- weapons/ysoserial.yaml | 5 +- weapons/zap-cli.yaml | 5 +- weapons/zap-hud.yaml | 5 +- weapons/zaproxy.yaml | 5 +- weapons/zdns.yaml | 5 +- 296 files changed, 349 insertions(+), 1172 deletions(-) diff --git a/scripts/erb.rb b/scripts/erb.rb index ac324dc..592ca88 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -1,4 +1,9 @@ require 'erb' +require 'yaml' + +def generate_badge + +end template = %q{

@@ -36,17 +41,53 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun <%= browser_addons %> ### Burpsuite and ZAP Addons -<%= burpzap_addons %> +<%= tool_addons %> ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 ![](/images/CONTRIBUTORS.svg) }.gsub(/^ /, '') -tools = 4414 -bookmarklets = 111 -browser_addons = 111 -burpzap_addons = 111 + +head = "| Type | Name | Description | Badges | Popularity |\n" +head = head + "| --- | --- | --- | --- | --- |" +tools = head + "\n" +bookmarklets = head + "\n" +browser_addons = head + "\n" +tool_addons = head + "\n" + +Dir.entries("./weapons/").each do | name | + begin + data = YAML.load(File.open("./weapons/#{name}")) + name = data['name'] + popularity = "x" + + if data['url'].length > 0 + name = "[#{name}](#{data['url']})" + end + + if data['url'].include? "github.com" + split_result = data['url'].split "//github.com/" + popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" + end + badge = generate_badge + line = "|#{data['types']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" + case data['category'] + when 'tool' + tools = tools + line + "\n" + when 'tool-addon' + tool_addons = tool_addons + line + "\n" + when 'browser-addon' + browser_addons = browser_addons + line + "\n" + when 'bookmarklet' + bookmarklets = bookmarklets + line + "\n" + else + puts name + end + rescue => e + puts e + end +end markdown = ERB.new(template, trim_mode: "%<>") puts markdown.result \ No newline at end of file diff --git a/scripts/migration.rb b/scripts/migration.rb index fd8ed30..c9910b9 100644 --- a/scripts/migration.rb +++ b/scripts/migration.rb @@ -40,8 +40,14 @@ def get_browser str return lst end -def get_urls str - return URI.extract(str).uniq +def get_url str + urls = URI.extract(str).uniq + urls.each do |url| + if !url.include? "img.shields.io" + return url.gsub(")","") + end + end + return "" end def get_lang url @@ -60,7 +66,7 @@ def migrate jsonfile, category new_obj = {} new_obj['name'] = name new_obj['description'] = obj['Description'] - new_obj['urls'] = get_urls obj['Data'] + new_obj['url'] = get_url obj['Data'] new_obj['category'] = category new_obj['types'] = [] if obj['Install'] != nil diff --git a/weapons/230-OOB.yaml b/weapons/230-OOB.yaml index d8668ee..99c03a1 100644 --- a/weapons/230-OOB.yaml +++ b/weapons/230-OOB.yaml @@ -1,10 +1,7 @@ --- name: 230-OOB description: An Out-of-Band XXE server for retrieving file contents over FTP. -urls: -- https://github.com/lc/230-OOB) -- https://img.shields.io/github/stars/lc/230-OOB) -- https://img.shields.io/github/languages/top/lc/230-OOB) +url: https://github.com/lc/230-OOB category: tool types: [] platform: [] diff --git a/weapons/3klCon.yaml b/weapons/3klCon.yaml index e0a7ee1..6a9bc17 100644 --- a/weapons/3klCon.yaml +++ b/weapons/3klCon.yaml @@ -2,10 +2,7 @@ name: 3klCon description: Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. -urls: -- https://github.com/eslam3kl/3klCon) -- https://img.shields.io/github/stars/eslam3kl/3klCon) -- https://img.shields.io/github/languages/top/eslam3kl/3klCon) +url: https://github.com/eslam3kl/3klCon category: tool types: [] platform: [] diff --git a/weapons/AWSBucketDump.yaml b/weapons/AWSBucketDump.yaml index a9cfe58..6f83ce8 100644 --- a/weapons/AWSBucketDump.yaml +++ b/weapons/AWSBucketDump.yaml @@ -1,10 +1,7 @@ --- name: AWSBucketDump description: Security Tool to Look For Interesting Files in S3 Buckets -urls: -- https://github.com/jordanpotti/AWSBucketDump) -- https://img.shields.io/github/stars/jordanpotti/AWSBucketDump) -- https://img.shields.io/github/languages/top/jordanpotti/AWSBucketDump) +url: https://github.com/jordanpotti/AWSBucketDump category: tool types: [] platform: [] diff --git a/weapons/Amass.yaml b/weapons/Amass.yaml index 9f05cfa..fdc4944 100644 --- a/weapons/Amass.yaml +++ b/weapons/Amass.yaml @@ -1,10 +1,7 @@ --- name: Amass description: 'In-depth Attack Surface Mapping and Asset Discovery ' -urls: -- https://github.com/OWASP/Amass) -- https://img.shields.io/github/stars/OWASP/Amass) -- https://img.shields.io/github/languages/top/OWASP/Amass) +url: https://github.com/OWASP/Amass category: tool types: [] platform: diff --git a/weapons/Arjun.yaml b/weapons/Arjun.yaml index 777782a..046aee2 100644 --- a/weapons/Arjun.yaml +++ b/weapons/Arjun.yaml @@ -1,10 +1,7 @@ --- name: Arjun description: 'HTTP parameter discovery suite. ' -urls: -- https://github.com/s0md3v/Arjun) -- https://img.shields.io/github/stars/s0md3v/Arjun) -- https://img.shields.io/github/languages/top/s0md3v/Arjun) +url: https://github.com/s0md3v/Arjun category: tool types: [] platform: diff --git a/weapons/Assetnote_Wordlists.yaml b/weapons/Assetnote_Wordlists.yaml index ebafb17..0491f17 100644 --- a/weapons/Assetnote_Wordlists.yaml +++ b/weapons/Assetnote_Wordlists.yaml @@ -1,10 +1,7 @@ --- name: Assetnote Wordlists description: Automated & Manual Wordlists provided by Assetnote -urls: -- https://github.com/assetnote/wordlists) -- https://img.shields.io/github/stars/assetnote/wordlists) -- https://img.shields.io/github/languages/top/assetnote/wordlists) +url: https://github.com/assetnote/wordlists category: tool types: [] platform: diff --git a/weapons/Atlas.yaml b/weapons/Atlas.yaml index 7b12922..1f15b5e 100644 --- a/weapons/Atlas.yaml +++ b/weapons/Atlas.yaml @@ -1,10 +1,7 @@ --- name: Atlas description: 'Quick SQLMap Tamper Suggester ' -urls: -- https://github.com/m4ll0k/Atlas) -- https://img.shields.io/github/stars/m4ll0k/Atlas) -- https://img.shields.io/github/languages/top/m4ll0k/Atlas) +url: https://github.com/m4ll0k/Atlas category: tool types: [] platform: diff --git a/weapons/AuthMatrix.yaml b/weapons/AuthMatrix.yaml index c47de09..b05be3c 100644 --- a/weapons/AuthMatrix.yaml +++ b/weapons/AuthMatrix.yaml @@ -1,10 +1,7 @@ --- name: AuthMatrix description: -urls: -- https://github.com/SecurityInnovation/AuthMatrix) -- https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix) -- https://img.shields.io/github/languages/top/SecurityInnovation/AuthMatrix) +url: https://github.com/SecurityInnovation/AuthMatrix category: tool-addon types: [] platform: diff --git a/weapons/Autorize.yaml b/weapons/Autorize.yaml index 1771858..1d700d5 100644 --- a/weapons/Autorize.yaml +++ b/weapons/Autorize.yaml @@ -1,10 +1,7 @@ --- name: Autorize description: -urls: -- https://github.com/Quitten/Autorize) -- https://img.shields.io/github/stars/Quitten/Autorize) -- https://img.shields.io/github/languages/top/Quitten/Autorize) +url: https://github.com/Quitten/Autorize category: tool-addon types: [] platform: diff --git a/weapons/Blacklist3r.yaml b/weapons/Blacklist3r.yaml index 3a355d0..caa5569 100644 --- a/weapons/Blacklist3r.yaml +++ b/weapons/Blacklist3r.yaml @@ -1,10 +1,7 @@ --- name: Blacklist3r description: 'project-blacklist3r ' -urls: -- https://github.com/NotSoSecure/Blacklist3r) -- https://img.shields.io/github/stars/NotSoSecure/Blacklist3r) -- https://img.shields.io/github/languages/top/NotSoSecure/Blacklist3r) +url: https://github.com/NotSoSecure/Blacklist3r category: tool types: [] platform: [] diff --git a/weapons/BruteX.yaml b/weapons/BruteX.yaml index 0201932..709b57f 100644 --- a/weapons/BruteX.yaml +++ b/weapons/BruteX.yaml @@ -1,10 +1,7 @@ --- name: BruteX description: Automatically brute force all services running on a target. -urls: -- https://github.com/1N3/BruteX) -- https://img.shields.io/github/stars/1N3/BruteX) -- https://img.shields.io/github/languages/top/1N3/BruteX) +url: https://github.com/1N3/BruteX category: tool types: [] platform: [] diff --git a/weapons/Bug-Bounty-Toolz.yaml b/weapons/Bug-Bounty-Toolz.yaml index 8aaaefb..d61fbc1 100644 --- a/weapons/Bug-Bounty-Toolz.yaml +++ b/weapons/Bug-Bounty-Toolz.yaml @@ -1,10 +1,7 @@ --- name: Bug-Bounty-Toolz description: 'BBT - Bug Bounty Tools ' -urls: -- https://github.com/m4ll0k/Bug-Bounty-Toolz) -- https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz) -- https://img.shields.io/github/languages/top/m4ll0k/Bug-Bounty-Toolz) +url: https://github.com/m4ll0k/Bug-Bounty-Toolz category: tool types: [] platform: [] diff --git a/weapons/BurpBounty.yaml b/weapons/BurpBounty.yaml index a60a4f3..aa9710e 100644 --- a/weapons/BurpBounty.yaml +++ b/weapons/BurpBounty.yaml @@ -1,10 +1,7 @@ --- name: BurpBounty description: -urls: -- https://github.com/wagiro/BurpBounty) -- https://img.shields.io/github/stars/wagiro/BurpBounty) -- https://img.shields.io/github/languages/top/wagiro/BurpBounty) +url: https://github.com/wagiro/BurpBounty category: tool-addon types: [] platform: diff --git a/weapons/BurpCustomizer.yaml b/weapons/BurpCustomizer.yaml index e00ae5d..1f01ba9 100644 --- a/weapons/BurpCustomizer.yaml +++ b/weapons/BurpCustomizer.yaml @@ -1,10 +1,7 @@ --- name: BurpCustomizer description: Because just a dark theme wasn't enough! -urls: -- https://github.com/CoreyD97/BurpCustomizer) -- https://img.shields.io/github/stars/CoreyD97/BurpCustomizer) -- https://img.shields.io/github/languages/top/CoreyD97/BurpCustomizer) +url: https://github.com/CoreyD97/BurpCustomizer category: tool-addon types: [] platform: diff --git a/weapons/BurpJSLinkFinder.yaml b/weapons/BurpJSLinkFinder.yaml index 1c26643..e7a37e1 100644 --- a/weapons/BurpJSLinkFinder.yaml +++ b/weapons/BurpJSLinkFinder.yaml @@ -1,10 +1,7 @@ --- name: BurpJSLinkFinder description: -urls: -- https://github.com/InitRoot/BurpJSLinkFinder) -- https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder) -- https://img.shields.io/github/languages/top/InitRoot/BurpJSLinkFinder) +url: https://github.com/InitRoot/BurpJSLinkFinder category: tool-addon types: [] platform: diff --git a/weapons/BurpSuite-Secret_Finder.yaml b/weapons/BurpSuite-Secret_Finder.yaml index fc549d4..b6f3858 100644 --- a/weapons/BurpSuite-Secret_Finder.yaml +++ b/weapons/BurpSuite-Secret_Finder.yaml @@ -1,10 +1,7 @@ --- name: BurpSuite-Secret_Finder description: -urls: -- https://github.com/m4ll0k/BurpSuite-Secret_Finder) -- https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder) -- https://img.shields.io/github/languages/top/m4ll0k/BurpSuite-Secret_Finder) +url: https://github.com/m4ll0k/BurpSuite-Secret_Finder category: tool-addon types: [] platform: diff --git a/weapons/BurpSuite.yaml b/weapons/BurpSuite.yaml index b9da140..13e38f4 100644 --- a/weapons/BurpSuite.yaml +++ b/weapons/BurpSuite.yaml @@ -1,9 +1,7 @@ --- name: BurpSuite description: the BurpSuite Project -urls: -- https://portswigger.net/burp) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://portswigger.net/burp category: tool types: [] platform: [] diff --git a/weapons/BurpSuiteHTTPSmuggler.yaml b/weapons/BurpSuiteHTTPSmuggler.yaml index 7ff8c86..fcc4b12 100644 --- a/weapons/BurpSuiteHTTPSmuggler.yaml +++ b/weapons/BurpSuiteHTTPSmuggler.yaml @@ -1,10 +1,7 @@ --- name: BurpSuiteHTTPSmuggler description: -urls: -- https://github.com/nccgroup/BurpSuiteHTTPSmuggler) -- https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler) -- https://img.shields.io/github/languages/top/nccgroup/BurpSuiteHTTPSmuggler) +url: https://github.com/nccgroup/BurpSuiteHTTPSmuggler category: tool-addon types: [] platform: diff --git a/weapons/BurpSuiteLoggerPlusPlus.yaml b/weapons/BurpSuiteLoggerPlusPlus.yaml index 5774b3b..1bffb96 100644 --- a/weapons/BurpSuiteLoggerPlusPlus.yaml +++ b/weapons/BurpSuiteLoggerPlusPlus.yaml @@ -1,10 +1,7 @@ --- name: BurpSuiteLoggerPlusPlus description: -urls: -- https://github.com/nccgroup/BurpSuiteLoggerPlusPlus) -- https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus) -- https://img.shields.io/github/languages/top/nccgroup/BurpSuiteLoggerPlusPlus) +url: https://github.com/nccgroup/BurpSuiteLoggerPlusPlus category: tool-addon types: [] platform: diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml index 536eed0..38b9a70 100644 --- a/weapons/CSP_Evaluator.yaml +++ b/weapons/CSP_Evaluator.yaml @@ -1,9 +1,7 @@ --- name: CSP Evaluator description: " Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://csp-evaluator.withgoogle.com -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://csp-evaluator.withgoogle.com category: tool types: [] platform: [] diff --git a/weapons/CT_subdomains.yaml b/weapons/CT_subdomains.yaml index 42e930d..b9aacc5 100644 --- a/weapons/CT_subdomains.yaml +++ b/weapons/CT_subdomains.yaml @@ -2,10 +2,7 @@ name: CT_subdomains description: 'An hourly updated list of subdomains gathered from certificate transparency logs ' -urls: -- https://github.com/internetwache/CT_subdomains) -- https://img.shields.io/github/stars/internetwache/CT_subdomains) -- https://img.shields.io/github/languages/top/internetwache/CT_subdomains) +url: https://github.com/internetwache/CT_subdomains category: tool types: [] platform: [] diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml index 15c3a2d..3114520 100644 --- a/weapons/Chaos_Web.yaml +++ b/weapons/Chaos_Web.yaml @@ -2,9 +2,7 @@ name: Chaos Web description: " actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)" -urls: -- https://chaos.projectdiscovery.io -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://chaos.projectdiscovery.io category: tool types: [] platform: [] diff --git a/weapons/Chromium-based-XSS-Taint-Tracking.yaml b/weapons/Chromium-based-XSS-Taint-Tracking.yaml index e04863f..c3490a8 100644 --- a/weapons/Chromium-based-XSS-Taint-Tracking.yaml +++ b/weapons/Chromium-based-XSS-Taint-Tracking.yaml @@ -2,10 +2,7 @@ name: Chromium-based-XSS-Taint-Tracking description: Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. -urls: -- https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) -- https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking) -- https://img.shields.io/github/languages/top/v8blink/Chromium-based-XSS-Taint-Tracking) +url: https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking category: tool types: [] platform: [] diff --git a/weapons/CorsMe.yaml b/weapons/CorsMe.yaml index 1ba5dc7..3ed8e4e 100644 --- a/weapons/CorsMe.yaml +++ b/weapons/CorsMe.yaml @@ -1,10 +1,7 @@ --- name: CorsMe description: 'Cross Origin Resource Sharing MisConfiguration Scanner ' -urls: -- https://github.com/Shivangx01b/CorsMe) -- https://img.shields.io/github/stars/Shivangx01b/CorsMe) -- https://img.shields.io/github/languages/top/Shivangx01b/CorsMe) +url: https://github.com/Shivangx01b/CorsMe category: tool types: [] platform: diff --git a/weapons/Corsy.yaml b/weapons/Corsy.yaml index 095062f..e44a078 100644 --- a/weapons/Corsy.yaml +++ b/weapons/Corsy.yaml @@ -1,10 +1,7 @@ --- name: Corsy description: 'CORS Misconfiguration Scanner ' -urls: -- https://github.com/s0md3v/Corsy) -- https://img.shields.io/github/stars/s0md3v/Corsy) -- https://img.shields.io/github/languages/top/s0md3v/Corsy) +url: https://github.com/s0md3v/Corsy category: tool types: [] platform: diff --git a/weapons/CyberChef.yaml b/weapons/CyberChef.yaml index 332d560..cc72198 100644 --- a/weapons/CyberChef.yaml +++ b/weapons/CyberChef.yaml @@ -2,10 +2,7 @@ name: CyberChef description: 'The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ' -urls: -- https://github.com/gchq/CyberChef) -- https://img.shields.io/github/stars/gchq/CyberChef) -- https://img.shields.io/github/languages/top/gchq/CyberChef) +url: https://github.com/gchq/CyberChef category: tool types: [] platform: [] diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml index 528c0ba..ac48711 100644 --- a/weapons/DNSDumpster.yaml +++ b/weapons/DNSDumpster.yaml @@ -1,9 +1,7 @@ --- name: DNSDumpster description: " Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://dnsdumpster.com -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://dnsdumpster.com category: tool types: [] platform: [] diff --git a/weapons/DOMPurify.yaml b/weapons/DOMPurify.yaml index b4bb921..4e6518a 100644 --- a/weapons/DOMPurify.yaml +++ b/weapons/DOMPurify.yaml @@ -3,11 +3,7 @@ name: DOMPurify description: 'DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:' -urls: -- https://github.com/cure53/DOMPurify) -- 'Demo:' -- https://img.shields.io/github/stars/cure53/DOMPurify) -- https://img.shields.io/github/languages/top/cure53/DOMPurify) +url: https://github.com/cure53/DOMPurify category: tool types: [] platform: [] diff --git a/weapons/DSSS.yaml b/weapons/DSSS.yaml index d630c9c..60b90c8 100644 --- a/weapons/DSSS.yaml +++ b/weapons/DSSS.yaml @@ -1,10 +1,7 @@ --- name: DSSS description: Damn Small SQLi Scanner -urls: -- https://github.com/stamparm/DSSS) -- https://img.shields.io/github/stars/stamparm/DSSS) -- https://img.shields.io/github/languages/top/stamparm/DSSS) +url: https://github.com/stamparm/DSSS category: tool types: [] platform: [] diff --git a/weapons/Dark_Reader.yaml b/weapons/Dark_Reader.yaml index 8800447..23648ae 100644 --- a/weapons/Dark_Reader.yaml +++ b/weapons/Dark_Reader.yaml @@ -1,9 +1,7 @@ --- name: Dark Reader description: Dark mode to any site -urls: -- https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh category: browser-addon types: [] platform: diff --git a/weapons/Dark_Reader_for_Safari.yaml b/weapons/Dark_Reader_for_Safari.yaml index ad3de67..ddf4486 100644 --- a/weapons/Dark_Reader_for_Safari.yaml +++ b/weapons/Dark_Reader_for_Safari.yaml @@ -1,9 +1,7 @@ --- name: Dark Reader for Safari description: Dark mode to any site -urls: -- https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180 category: browser-addon types: [] platform: diff --git a/weapons/DeepViolet.yaml b/weapons/DeepViolet.yaml index b995dbd..885e277 100644 --- a/weapons/DeepViolet.yaml +++ b/weapons/DeepViolet.yaml @@ -1,10 +1,7 @@ --- name: DeepViolet description: Tool for introspection of SSL\TLS sessions -urls: -- https://github.com/spoofzu/DeepViolet) -- https://img.shields.io/github/stars/spoofzu/DeepViolet) -- https://img.shields.io/github/languages/top/spoofzu/DeepViolet) +url: https://github.com/spoofzu/DeepViolet category: tool types: [] platform: [] diff --git a/weapons/DirDar.yaml b/weapons/DirDar.yaml index a443fba..a5881da 100644 --- a/weapons/DirDar.yaml +++ b/weapons/DirDar.yaml @@ -2,10 +2,7 @@ name: DirDar description: DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it -urls: -- https://github.com/M4DM0e/DirDar) -- https://img.shields.io/github/stars/M4DM0e/DirDar) -- https://img.shields.io/github/languages/top/M4DM0e/DirDar) +url: https://github.com/M4DM0e/DirDar category: tool types: [] platform: [] diff --git a/weapons/DotGit.yaml b/weapons/DotGit.yaml index f177dd3..e95e03e 100644 --- a/weapons/DotGit.yaml +++ b/weapons/DotGit.yaml @@ -1,10 +1,7 @@ --- name: DotGit description: An extension for checking if .git is exposed in visited websites -urls: -- https://github.com/davtur19/DotGit) -- https://img.shields.io/github/stars/davtur19/DotGit) -- https://img.shields.io/github/languages/top/davtur19/DotGit) +url: https://github.com/davtur19/DotGit category: browser-addon types: [] platform: diff --git a/weapons/Edit-This-Cookie.yaml b/weapons/Edit-This-Cookie.yaml index cc3c897..5c5c73d 100644 --- a/weapons/Edit-This-Cookie.yaml +++ b/weapons/Edit-This-Cookie.yaml @@ -2,10 +2,7 @@ name: Edit-This-Cookie description: EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies -urls: -- https://github.com/ETCExtensions/Edit-This-Cookie) -- https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie) -- https://img.shields.io/github/languages/top/ETCExtensions/Edit-This-Cookie) +url: https://github.com/ETCExtensions/Edit-This-Cookie category: browser-addon types: [] platform: diff --git a/weapons/Emissary.yaml b/weapons/Emissary.yaml index 30b9167..a7c0c63 100644 --- a/weapons/Emissary.yaml +++ b/weapons/Emissary.yaml @@ -2,10 +2,7 @@ name: Emissary description: Send notifications on different channels such as Slack, Telegram, Discord etc. -urls: -- https://github.com/BountyStrike/Emissary) -- https://img.shields.io/github/stars/BountyStrike/Emissary) -- https://img.shields.io/github/languages/top/BountyStrike/Emissary) +url: https://github.com/BountyStrike/Emissary category: tool types: [] platform: [] diff --git a/weapons/FavFreak.yaml b/weapons/FavFreak.yaml index ea8c50c..ebd0856 100644 --- a/weapons/FavFreak.yaml +++ b/weapons/FavFreak.yaml @@ -1,10 +1,7 @@ --- name: FavFreak description: 'Making Favicon.ico based Recon Great again ! ' -urls: -- https://github.com/devanshbatham/FavFreak) -- https://img.shields.io/github/stars/devanshbatham/FavFreak) -- https://img.shields.io/github/languages/top/devanshbatham/FavFreak) +url: https://github.com/devanshbatham/FavFreak category: tool types: [] platform: diff --git a/weapons/Findsploit.yaml b/weapons/Findsploit.yaml index 9a22722..c7db9b6 100644 --- a/weapons/Findsploit.yaml +++ b/weapons/Findsploit.yaml @@ -1,10 +1,7 @@ --- name: Findsploit description: Find exploits in local and online databases instantly -urls: -- https://github.com/1N3/Findsploit) -- https://img.shields.io/github/stars/1N3/Findsploit) -- https://img.shields.io/github/languages/top/1N3/Findsploit) +url: https://github.com/1N3/Findsploit category: tool types: [] platform: [] diff --git a/weapons/Gf-Patterns.yaml b/weapons/Gf-Patterns.yaml index 547f75c..dd9f6ee 100644 --- a/weapons/Gf-Patterns.yaml +++ b/weapons/Gf-Patterns.yaml @@ -2,10 +2,7 @@ name: Gf-Patterns description: 'GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep ' -urls: -- https://github.com/1ndianl33t/Gf-Patterns) -- https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns) -- https://img.shields.io/github/languages/top/1ndianl33t/Gf-Patterns) +url: https://github.com/1ndianl33t/Gf-Patterns category: tool types: [] platform: diff --git a/weapons/GitMiner.yaml b/weapons/GitMiner.yaml index 6ffda62..ce0945c 100644 --- a/weapons/GitMiner.yaml +++ b/weapons/GitMiner.yaml @@ -1,10 +1,7 @@ --- name: GitMiner description: 'Tool for advanced mining for content on Github ' -urls: -- https://github.com/UnkL4b/GitMiner) -- https://img.shields.io/github/stars/UnkL4b/GitMiner) -- https://img.shields.io/github/languages/top/UnkL4b/GitMiner) +url: https://github.com/UnkL4b/GitMiner category: tool types: [] platform: diff --git a/weapons/Gopherus.yaml b/weapons/Gopherus.yaml index b01435f..f5f3917 100644 --- a/weapons/Gopherus.yaml +++ b/weapons/Gopherus.yaml @@ -2,10 +2,7 @@ name: Gopherus description: 'This tool generates gopher link for exploiting SSRF and gaining RCE in various servers ' -urls: -- https://github.com/tarunkant/Gopherus) -- https://img.shields.io/github/stars/tarunkant/Gopherus) -- https://img.shields.io/github/languages/top/tarunkant/Gopherus) +url: https://github.com/tarunkant/Gopherus category: tool types: [] platform: diff --git a/weapons/GraphQLmap.yaml b/weapons/GraphQLmap.yaml index e820337..781878f 100644 --- a/weapons/GraphQLmap.yaml +++ b/weapons/GraphQLmap.yaml @@ -2,10 +2,7 @@ name: GraphQLmap description: 'GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. ' -urls: -- https://github.com/swisskyrepo/GraphQLmap) -- https://img.shields.io/github/stars/swisskyrepo/GraphQLmap) -- https://img.shields.io/github/languages/top/swisskyrepo/GraphQLmap) +url: https://github.com/swisskyrepo/GraphQLmap category: tool types: [] platform: diff --git a/weapons/HRS.yaml b/weapons/HRS.yaml index 4da51a5..d8e3fde 100644 --- a/weapons/HRS.yaml +++ b/weapons/HRS.yaml @@ -2,10 +2,7 @@ name: HRS description: HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. -urls: -- https://github.com/SafeBreach-Labs/HRS) -- https://img.shields.io/github/stars/SafeBreach-Labs/HRS) -- https://img.shields.io/github/languages/top/SafeBreach-Labs/HRS) +url: https://github.com/SafeBreach-Labs/HRS category: tool types: [] platform: [] diff --git a/weapons/HUNT.yaml b/weapons/HUNT.yaml index 16bc893..2356c56 100644 --- a/weapons/HUNT.yaml +++ b/weapons/HUNT.yaml @@ -1,10 +1,7 @@ --- name: HUNT description: -urls: -- https://github.com/bugcrowd/HUNT) -- https://img.shields.io/github/stars/bugcrowd/HUNT) -- https://img.shields.io/github/languages/top/bugcrowd/HUNT) +url: https://github.com/bugcrowd/HUNT category: tool-addon types: [] platform: diff --git a/weapons/Hack-Tools.yaml b/weapons/Hack-Tools.yaml index fc5bd04..1ff710d 100644 --- a/weapons/Hack-Tools.yaml +++ b/weapons/Hack-Tools.yaml @@ -1,10 +1,7 @@ --- name: Hack-Tools description: "The all-in-one Red Team extension for Web Pentester \U0001F6E0" -urls: -- https://github.com/LasCC/Hack-Tools) -- https://img.shields.io/github/stars/LasCC/Hack-Tools) -- https://img.shields.io/github/languages/top/LasCC/Hack-Tools) +url: https://github.com/LasCC/Hack-Tools category: browser-addon types: [] platform: diff --git a/weapons/HydraRecon.yaml b/weapons/HydraRecon.yaml index 02ced66..41fd775 100644 --- a/weapons/HydraRecon.yaml +++ b/weapons/HydraRecon.yaml @@ -1,10 +1,7 @@ --- name: HydraRecon description: All In One, Fast, Easy Recon Tool -urls: -- https://github.com/aufzayed/HydraRecon) -- https://img.shields.io/github/stars/aufzayed/HydraRecon) -- https://img.shields.io/github/languages/top/aufzayed/HydraRecon) +url: https://github.com/aufzayed/HydraRecon category: tool types: [] platform: [] diff --git a/weapons/IntruderPayloads.yaml b/weapons/IntruderPayloads.yaml index 4a4238a..4ba9172 100644 --- a/weapons/IntruderPayloads.yaml +++ b/weapons/IntruderPayloads.yaml @@ -1,10 +1,7 @@ --- name: IntruderPayloads description: -urls: -- https://github.com/1N3/IntruderPayloads) -- https://img.shields.io/github/stars/1N3/IntruderPayloads) -- https://img.shields.io/github/languages/top/1N3/IntruderPayloads) +url: https://github.com/1N3/IntruderPayloads category: tool-addon types: [] platform: diff --git a/weapons/JSFScan.sh.yaml b/weapons/JSFScan.sh.yaml index 435809e..c11febf 100644 --- a/weapons/JSFScan.sh.yaml +++ b/weapons/JSFScan.sh.yaml @@ -1,10 +1,7 @@ --- name: JSFScan.sh description: 'Automation for javascript recon in bug bounty. ' -urls: -- https://github.com/KathanP19/JSFScan.sh) -- https://img.shields.io/github/stars/KathanP19/JSFScan.sh) -- https://img.shields.io/github/languages/top/KathanP19/JSFScan.sh) +url: https://github.com/KathanP19/JSFScan.sh category: tool types: [] platform: diff --git a/weapons/LFISuite.yaml b/weapons/LFISuite.yaml index f605e7d..3433f5f 100644 --- a/weapons/LFISuite.yaml +++ b/weapons/LFISuite.yaml @@ -1,10 +1,7 @@ --- name: LFISuite description: 'Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ' -urls: -- https://github.com/D35m0nd142/LFISuite) -- https://img.shields.io/github/stars/D35m0nd142/LFISuite) -- https://img.shields.io/github/languages/top/D35m0nd142/LFISuite) +url: https://github.com/D35m0nd142/LFISuite category: tool types: [] platform: diff --git a/weapons/LinkFinder.yaml b/weapons/LinkFinder.yaml index 43b0654..9072cbc 100644 --- a/weapons/LinkFinder.yaml +++ b/weapons/LinkFinder.yaml @@ -1,10 +1,7 @@ --- name: LinkFinder description: 'A python script that finds endpoints in JavaScript files ' -urls: -- https://github.com/GerbenJavado/LinkFinder) -- https://img.shields.io/github/stars/GerbenJavado/LinkFinder) -- https://img.shields.io/github/languages/top/GerbenJavado/LinkFinder) +url: https://github.com/GerbenJavado/LinkFinder category: tool types: [] platform: diff --git a/weapons/MM3_ProxySwitch.yaml b/weapons/MM3_ProxySwitch.yaml index 76a3096..20e1533 100644 --- a/weapons/MM3_ProxySwitch.yaml +++ b/weapons/MM3_ProxySwitch.yaml @@ -1,9 +1,7 @@ --- name: MM3 ProxySwitch description: Proxy Switch in Firefox and Chrome -urls: -- https://proxy-offline-browser.com/ProxySwitch/) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://proxy-offline-browser.com/ProxySwitch/ category: browser-addon types: [] platform: diff --git a/weapons/NoSQLMap.yaml b/weapons/NoSQLMap.yaml index 3f28e2f..6f36a2f 100644 --- a/weapons/NoSQLMap.yaml +++ b/weapons/NoSQLMap.yaml @@ -2,10 +2,7 @@ name: NoSQLMap description: 'Automated NoSQL database enumeration and web application exploitation tool. ' -urls: -- https://github.com/codingo/NoSQLMap) -- https://img.shields.io/github/stars/codingo/NoSQLMap) -- https://img.shields.io/github/languages/top/codingo/NoSQLMap) +url: https://github.com/codingo/NoSQLMap category: tool types: [] platform: diff --git a/weapons/OneForAll.yaml b/weapons/OneForAll.yaml index d4008b2..6087e4b 100644 --- a/weapons/OneForAll.yaml +++ b/weapons/OneForAll.yaml @@ -1,10 +1,7 @@ --- name: OneForAll description: 'OneForAll是一款功能强大的子域收集工具 ' -urls: -- https://github.com/shmilylty/OneForAll) -- https://img.shields.io/github/stars/shmilylty/OneForAll) -- https://img.shields.io/github/languages/top/shmilylty/OneForAll) +url: https://github.com/shmilylty/OneForAll category: tool types: [] platform: diff --git a/weapons/OpenRedireX.yaml b/weapons/OpenRedireX.yaml index e687642..718aa7a 100644 --- a/weapons/OpenRedireX.yaml +++ b/weapons/OpenRedireX.yaml @@ -1,10 +1,7 @@ --- name: OpenRedireX description: A Fuzzer for OpenRedirect issues -urls: -- https://github.com/devanshbatham/OpenRedireX) -- https://img.shields.io/github/stars/devanshbatham/OpenRedireX) -- https://img.shields.io/github/languages/top/devanshbatham/OpenRedireX) +url: https://github.com/devanshbatham/OpenRedireX category: tool types: [] platform: [] diff --git a/weapons/Osmedeus.yaml b/weapons/Osmedeus.yaml index 63df72a..3963021 100644 --- a/weapons/Osmedeus.yaml +++ b/weapons/Osmedeus.yaml @@ -2,10 +2,7 @@ name: Osmedeus description: 'Fully automated offensive security framework for reconnaissance and vulnerability scanning ' -urls: -- https://github.com/j3ssie/Osmedeus) -- https://img.shields.io/github/stars/j3ssie/Osmedeus) -- https://img.shields.io/github/languages/top/j3ssie/Osmedeus) +url: https://github.com/j3ssie/Osmedeus category: tool types: [] platform: diff --git a/weapons/PPScan.yaml b/weapons/PPScan.yaml index 3449788..cf87d6f 100644 --- a/weapons/PPScan.yaml +++ b/weapons/PPScan.yaml @@ -1,10 +1,7 @@ --- name: PPScan description: Client Side Prototype Pollution Scanner -urls: -- https://github.com/msrkp/PPScan) -- https://img.shields.io/github/stars/msrkp/PPScan) -- https://img.shields.io/github/languages/top/msrkp/PPScan) +url: https://github.com/msrkp/PPScan category: tool types: [] platform: [] diff --git a/weapons/ParamSpider.yaml b/weapons/ParamSpider.yaml index 7706b1e..2074160 100644 --- a/weapons/ParamSpider.yaml +++ b/weapons/ParamSpider.yaml @@ -1,10 +1,7 @@ --- name: ParamSpider description: 'Mining parameters from dark corners of Web Archives ' -urls: -- https://github.com/devanshbatham/ParamSpider) -- https://img.shields.io/github/stars/devanshbatham/ParamSpider) -- https://img.shields.io/github/languages/top/devanshbatham/ParamSpider) +url: https://github.com/devanshbatham/ParamSpider category: tool types: [] platform: diff --git a/weapons/Parth.yaml b/weapons/Parth.yaml index aadc050..53958af 100644 --- a/weapons/Parth.yaml +++ b/weapons/Parth.yaml @@ -1,10 +1,7 @@ --- name: Parth description: 'Heuristic Vulnerable Parameter Scanner ' -urls: -- https://github.com/s0md3v/Parth) -- https://img.shields.io/github/stars/s0md3v/Parth) -- https://img.shields.io/github/languages/top/s0md3v/Parth) +url: https://github.com/s0md3v/Parth category: tool types: [] platform: diff --git a/weapons/PayloadsAllTheThings.yaml b/weapons/PayloadsAllTheThings.yaml index 9f9327a..972bfb8 100644 --- a/weapons/PayloadsAllTheThings.yaml +++ b/weapons/PayloadsAllTheThings.yaml @@ -2,10 +2,7 @@ name: PayloadsAllTheThings description: 'A list of useful payloads and bypass for Web Application Security and Pentest/CTF ' -urls: -- https://github.com/swisskyrepo/PayloadsAllTheThings) -- https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) -- https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) +url: https://github.com/swisskyrepo/PayloadsAllTheThings category: tool types: [] platform: [] diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml index ceabd29..057953c 100644 --- a/weapons/Phoenix.yaml +++ b/weapons/Phoenix.yaml @@ -1,9 +1,7 @@ --- name: Phoenix description: " hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://www.hahwul.com/p/phoenix.html) -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://www.hahwul.com/p/phoenix.html category: tool types: [] platform: [] diff --git a/weapons/Photon.yaml b/weapons/Photon.yaml index 346d75b..c5549af 100644 --- a/weapons/Photon.yaml +++ b/weapons/Photon.yaml @@ -1,10 +1,7 @@ --- name: Photon description: 'Incredibly fast crawler designed for OSINT. ' -urls: -- https://github.com/s0md3v/Photon) -- https://img.shields.io/github/stars/s0md3v/Photon) -- https://img.shields.io/github/languages/top/s0md3v/Photon) +url: https://github.com/s0md3v/Photon category: tool types: [] platform: diff --git a/weapons/PoC-in-GitHub.yaml b/weapons/PoC-in-GitHub.yaml index 8f48564..7186460 100644 --- a/weapons/PoC-in-GitHub.yaml +++ b/weapons/PoC-in-GitHub.yaml @@ -1,10 +1,7 @@ --- name: PoC-in-GitHub description: "\U0001F4E1 PoC auto collect from GitHub. Be careful malware." -urls: -- https://github.com/nomi-sec/PoC-in-GitHub) -- https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub) -- https://img.shields.io/github/languages/top/nomi-sec/PoC-in-GitHub) +url: https://github.com/nomi-sec/PoC-in-GitHub category: tool types: [] platform: [] diff --git a/weapons/RustScan.yaml b/weapons/RustScan.yaml index 4c4d12d..b3b1b3a 100644 --- a/weapons/RustScan.yaml +++ b/weapons/RustScan.yaml @@ -1,10 +1,7 @@ --- name: RustScan description: 'Faster Nmap Scanning with Rust ' -urls: -- https://github.com/brandonskerritt/RustScan) -- https://img.shields.io/github/stars/brandonskerritt/RustScan) -- https://img.shields.io/github/languages/top/brandonskerritt/RustScan) +url: https://github.com/brandonskerritt/RustScan category: tool types: [] platform: diff --git a/weapons/S3Scanner.yaml b/weapons/S3Scanner.yaml index 45d27f3..2df652a 100644 --- a/weapons/S3Scanner.yaml +++ b/weapons/S3Scanner.yaml @@ -1,10 +1,7 @@ --- name: S3Scanner description: 'Scan for open AWS S3 buckets and dump the contents ' -urls: -- https://github.com/sa7mon/S3Scanner) -- https://img.shields.io/github/stars/sa7mon/S3Scanner) -- https://img.shields.io/github/languages/top/sa7mon/S3Scanner) +url: https://github.com/sa7mon/S3Scanner category: tool types: [] platform: diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml index c061549..2806dbd 100644 --- a/weapons/SQLNinja.yaml +++ b/weapons/SQLNinja.yaml @@ -1,9 +1,7 @@ --- name: SQLNinja description: " SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://gitlab.com/kalilinux/packages/sqlninja) -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://gitlab.com/kalilinux/packages/sqlninja category: tool types: [] platform: [] diff --git a/weapons/SQL_Ninja.yaml b/weapons/SQL_Ninja.yaml index 3f2a104..e94dab2 100644 --- a/weapons/SQL_Ninja.yaml +++ b/weapons/SQL_Ninja.yaml @@ -1,9 +1,7 @@ --- name: SQL Ninja description: SQL Injection scanner -urls: -- https://gitlab.com/kalilinux/packages/sqlninja) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://gitlab.com/kalilinux/packages/sqlninja category: tool types: [] platform: [] diff --git a/weapons/SSRFmap.yaml b/weapons/SSRFmap.yaml index eff6c0c..c1a40c3 100644 --- a/weapons/SSRFmap.yaml +++ b/weapons/SSRFmap.yaml @@ -1,10 +1,7 @@ --- name: SSRFmap description: 'Automatic SSRF fuzzer and exploitation tool ' -urls: -- https://github.com/swisskyrepo/SSRFmap) -- https://img.shields.io/github/stars/swisskyrepo/SSRFmap) -- https://img.shields.io/github/languages/top/swisskyrepo/SSRFmap) +url: https://github.com/swisskyrepo/SSRFmap category: tool types: [] platform: diff --git a/weapons/STEWS.yaml b/weapons/STEWS.yaml index a51faaf..cb37cb8 100644 --- a/weapons/STEWS.yaml +++ b/weapons/STEWS.yaml @@ -1,10 +1,7 @@ --- name: STEWS description: A Security Tool for Enumerating WebSockets -urls: -- https://github.com/PalindromeLabs/STEWS) -- https://img.shields.io/github/stars/PalindromeLabs/STEWS) -- https://img.shields.io/github/languages/top/PalindromeLabs/STEWS) +url: https://github.com/PalindromeLabs/STEWS category: tool types: [] platform: [] diff --git a/weapons/SecLists.yaml b/weapons/SecLists.yaml index 95ed929..9126247 100644 --- a/weapons/SecLists.yaml +++ b/weapons/SecLists.yaml @@ -4,10 +4,7 @@ description: 'SecLists is the security tester''s companion. It''s a collection o multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. ' -urls: -- https://github.com/danielmiessler/SecLists) -- https://img.shields.io/github/stars/danielmiessler/SecLists) -- https://img.shields.io/github/languages/top/danielmiessler/SecLists) +url: https://github.com/danielmiessler/SecLists category: tool types: [] platform: diff --git a/weapons/SecretFinder.yaml b/weapons/SecretFinder.yaml index 086397b..5473a97 100644 --- a/weapons/SecretFinder.yaml +++ b/weapons/SecretFinder.yaml @@ -2,10 +2,7 @@ name: SecretFinder description: 'SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files ' -urls: -- https://github.com/m4ll0k/SecretFinder) -- https://img.shields.io/github/stars/m4ll0k/SecretFinder) -- https://img.shields.io/github/languages/top/m4ll0k/SecretFinder) +url: https://github.com/m4ll0k/SecretFinder category: tool types: [] platform: diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml index 6a817ed..83f6d82 100644 --- a/weapons/SecurityTrails.yaml +++ b/weapons/SecurityTrails.yaml @@ -1,9 +1,7 @@ --- name: SecurityTrails description: " Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://securitytrails.com -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://securitytrails.com category: tool types: [] platform: [] diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml index e2aca06..8171e9d 100644 --- a/weapons/SequenceDiagram.yaml +++ b/weapons/SequenceDiagram.yaml @@ -1,9 +1,7 @@ --- name: SequenceDiagram description: " Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://sequencediagram.org -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://sequencediagram.org category: tool types: [] platform: [] diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml index bf3ba8c..a6230bc 100644 --- a/weapons/Shodan.yaml +++ b/weapons/Shodan.yaml @@ -1,9 +1,7 @@ --- name: Shodan description: " World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " -urls: -- https://www.shodan.io/) -- https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) +url: https://www.shodan.io/ category: tool types: [] platform: [] diff --git a/weapons/Silver.yaml b/weapons/Silver.yaml index 606978e..6bcdb09 100644 --- a/weapons/Silver.yaml +++ b/weapons/Silver.yaml @@ -1,10 +1,7 @@ --- name: Silver description: 'Mass scan IPs for vulnerable services ' -urls: -- https://github.com/s0md3v/Silver) -- https://img.shields.io/github/stars/s0md3v/Silver) -- https://img.shields.io/github/languages/top/s0md3v/Silver) +url: https://github.com/s0md3v/Silver category: tool types: [] platform: diff --git a/weapons/Sn1per.yaml b/weapons/Sn1per.yaml index 0c81288..226e2a7 100644 --- a/weapons/Sn1per.yaml +++ b/weapons/Sn1per.yaml @@ -1,10 +1,7 @@ --- name: Sn1per description: 'Automated pentest framework for offensive security experts ' -urls: -- https://github.com/1N3/Sn1per) -- https://img.shields.io/github/stars/1N3/Sn1per) -- https://img.shields.io/github/languages/top/1N3/Sn1per) +url: https://github.com/1N3/Sn1per category: tool types: [] platform: diff --git a/weapons/Stepper.yaml b/weapons/Stepper.yaml index f309a27..fa0e658 100644 --- a/weapons/Stepper.yaml +++ b/weapons/Stepper.yaml @@ -1,10 +1,7 @@ --- name: Stepper description: -urls: -- https://github.com/CoreyD97/Stepper) -- https://img.shields.io/github/stars/CoreyD97/Stepper) -- https://img.shields.io/github/languages/top/CoreyD97/Stepper) +url: https://github.com/CoreyD97/Stepper category: tool-addon types: [] platform: diff --git a/weapons/Striker.yaml b/weapons/Striker.yaml index b29b1ab..ca7f239 100644 --- a/weapons/Striker.yaml +++ b/weapons/Striker.yaml @@ -1,10 +1,7 @@ --- name: Striker description: 'Striker is an offensive information and vulnerability scanner. ' -urls: -- https://github.com/s0md3v/Striker) -- https://img.shields.io/github/stars/s0md3v/Striker) -- https://img.shields.io/github/languages/top/s0md3v/Striker) +url: https://github.com/s0md3v/Striker category: tool types: [] platform: diff --git a/weapons/SubOver.yaml b/weapons/SubOver.yaml index 314691c..bdd8cba 100644 --- a/weapons/SubOver.yaml +++ b/weapons/SubOver.yaml @@ -1,10 +1,7 @@ --- name: SubOver description: A Powerful Subdomain Takeover Tool -urls: -- https://github.com/Ice3man543/SubOver) -- https://img.shields.io/github/stars/Ice3man543/SubOver) -- https://img.shields.io/github/languages/top/Ice3man543/SubOver) +url: https://github.com/Ice3man543/SubOver category: tool types: [] platform: [] diff --git a/weapons/Sublist3r.yaml b/weapons/Sublist3r.yaml index 1014f7c..0479114 100644 --- a/weapons/Sublist3r.yaml +++ b/weapons/Sublist3r.yaml @@ -1,10 +1,7 @@ --- name: Sublist3r description: 'Fast subdomains enumeration tool for penetration testers ' -urls: -- https://github.com/aboul3la/Sublist3r) -- https://img.shields.io/github/stars/aboul3la/Sublist3r) -- https://img.shields.io/github/languages/top/aboul3la/Sublist3r) +url: https://github.com/aboul3la/Sublist3r category: tool types: [] platform: diff --git a/weapons/Taipan.yaml b/weapons/Taipan.yaml index 466f182..d02b531 100644 --- a/weapons/Taipan.yaml +++ b/weapons/Taipan.yaml @@ -1,10 +1,7 @@ --- name: Taipan description: Web application vulnerability scanner -urls: -- https://github.com/enkomio/Taipan) -- https://img.shields.io/github/stars/enkomio/Taipan) -- https://img.shields.io/github/languages/top/enkomio/Taipan) +url: https://github.com/enkomio/Taipan category: tool types: [] platform: [] diff --git a/weapons/TukTuk.yaml b/weapons/TukTuk.yaml index c60644b..e2b55ee 100644 --- a/weapons/TukTuk.yaml +++ b/weapons/TukTuk.yaml @@ -1,10 +1,7 @@ --- name: TukTuk description: 'Tool for catching and logging different types of requests. ' -urls: -- https://github.com/ArturSS7/TukTuk) -- https://img.shields.io/github/stars/ArturSS7/TukTuk) -- https://img.shields.io/github/languages/top/ArturSS7/TukTuk) +url: https://github.com/ArturSS7/TukTuk category: tool types: [] platform: diff --git a/weapons/User-Agent_Switcher.yaml b/weapons/User-Agent_Switcher.yaml index 530a391..0fb2ec3 100644 --- a/weapons/User-Agent_Switcher.yaml +++ b/weapons/User-Agent_Switcher.yaml @@ -1,9 +1,7 @@ --- name: User-Agent Switcher description: quick and easy way to switch between user-agents. -urls: -- https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae category: browser-addon types: [] platform: diff --git a/weapons/VHostScan.yaml b/weapons/VHostScan.yaml index 3485580..a26a6fc 100644 --- a/weapons/VHostScan.yaml +++ b/weapons/VHostScan.yaml @@ -3,10 +3,7 @@ name: VHostScan description: 'A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. ' -urls: -- https://github.com/codingo/VHostScan) -- https://img.shields.io/github/stars/codingo/VHostScan) -- https://img.shields.io/github/languages/top/codingo/VHostScan) +url: https://github.com/codingo/VHostScan category: tool types: [] platform: diff --git a/weapons/Wayback_Machine.yaml b/weapons/Wayback_Machine.yaml index f73e9e9..4267aeb 100644 --- a/weapons/Wayback_Machine.yaml +++ b/weapons/Wayback_Machine.yaml @@ -1,9 +1,7 @@ --- name: Wayback Machine description: History of website -urls: -- https://apps.apple.com/us/app/wayback-machine/id1472432422) -- https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) +url: https://apps.apple.com/us/app/wayback-machine/id1472432422 category: browser-addon types: [] platform: diff --git a/weapons/Web-Cache-Vulnerability-Scanner.yaml b/weapons/Web-Cache-Vulnerability-Scanner.yaml index af5431f..9fd2379 100644 --- a/weapons/Web-Cache-Vulnerability-Scanner.yaml +++ b/weapons/Web-Cache-Vulnerability-Scanner.yaml @@ -2,11 +2,7 @@ name: Web-Cache-Vulnerability-Scanner description: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). -urls: -- https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner) -- http://hackmanit.de/). -- https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner) -- https://img.shields.io/github/languages/top/Hackmanit/Web-Cache-Vulnerability-Scanner) +url: https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner category: tool types: [] platform: [] diff --git a/weapons/XSRFProbe.yaml b/weapons/XSRFProbe.yaml index 8b98934..c5e069e 100644 --- a/weapons/XSRFProbe.yaml +++ b/weapons/XSRFProbe.yaml @@ -1,10 +1,7 @@ --- name: XSRFProbe description: The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. -urls: -- https://github.com/0xInfection/XSRFProbe) -- https://img.shields.io/github/stars/0xInfection/XSRFProbe) -- https://img.shields.io/github/languages/top/0xInfection/XSRFProbe) +url: https://github.com/0xInfection/XSRFProbe category: tool types: [] platform: [] diff --git a/weapons/XSStrike.yaml b/weapons/XSStrike.yaml index 3dac24e..54b25a5 100644 --- a/weapons/XSStrike.yaml +++ b/weapons/XSStrike.yaml @@ -1,10 +1,7 @@ --- name: XSStrike description: 'Most advanced XSS scanner. ' -urls: -- https://github.com/s0md3v/XSStrike) -- https://img.shields.io/github/stars/s0md3v/XSStrike) -- https://img.shields.io/github/languages/top/s0md3v/XSStrike) +url: https://github.com/s0md3v/XSStrike category: tool types: [] platform: diff --git a/weapons/XSpear.yaml b/weapons/XSpear.yaml index 04bc5ba..5148926 100644 --- a/weapons/XSpear.yaml +++ b/weapons/XSpear.yaml @@ -1,10 +1,7 @@ --- name: XSpear description: 'Powerfull XSS Scanning and Parameter analysis tool&gem ' -urls: -- https://github.com/hahwul/XSpear) -- https://img.shields.io/github/stars/hahwul/XSpear) -- https://img.shields.io/github/languages/top/hahwul/XSpear) +url: https://github.com/hahwul/XSpear category: tool types: [] platform: diff --git a/weapons/XXEinjector.yaml b/weapons/XXEinjector.yaml index d5e1928..82b4129 100644 --- a/weapons/XXEinjector.yaml +++ b/weapons/XXEinjector.yaml @@ -2,10 +2,7 @@ name: XXEinjector description: Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. -urls: -- https://github.com/enjoiz/XXEinjector) -- https://img.shields.io/github/stars/enjoiz/XXEinjector) -- https://img.shields.io/github/languages/top/enjoiz/XXEinjector) +url: https://github.com/enjoiz/XXEinjector category: tool types: [] platform: [] diff --git a/weapons/a2sv.yaml b/weapons/a2sv.yaml index 9abb552..743fad1 100644 --- a/weapons/a2sv.yaml +++ b/weapons/a2sv.yaml @@ -1,10 +1,7 @@ --- name: a2sv description: 'Auto Scanning to SSL Vulnerability ' -urls: -- https://github.com/hahwul/a2sv) -- https://img.shields.io/github/stars/hahwul/a2sv) -- https://img.shields.io/github/languages/top/hahwul/a2sv) +url: https://github.com/hahwul/a2sv category: tool types: [] platform: diff --git a/weapons/altdns.yaml b/weapons/altdns.yaml index df1c1ad..fe8ba86 100644 --- a/weapons/altdns.yaml +++ b/weapons/altdns.yaml @@ -2,10 +2,7 @@ name: altdns description: 'Generates permutations, alterations and mutations of subdomains and then resolves them ' -urls: -- https://github.com/infosec-au/altdns) -- https://img.shields.io/github/stars/infosec-au/altdns) -- https://img.shields.io/github/languages/top/infosec-au/altdns) +url: https://github.com/infosec-au/altdns category: tool types: [] platform: diff --git a/weapons/anew.yaml b/weapons/anew.yaml index a198799..b5a3058 100644 --- a/weapons/anew.yaml +++ b/weapons/anew.yaml @@ -1,10 +1,7 @@ --- name: anew description: A tool for adding new lines to files, skipping duplicates -urls: -- https://github.com/tomnomnom/anew) -- https://img.shields.io/github/stars/tomnomnom/anew) -- https://img.shields.io/github/languages/top/tomnomnom/anew) +url: https://github.com/tomnomnom/anew category: tool types: [] platform: diff --git a/weapons/apkleaks.yaml b/weapons/apkleaks.yaml index 0320d59..790088e 100644 --- a/weapons/apkleaks.yaml +++ b/weapons/apkleaks.yaml @@ -1,10 +1,7 @@ --- name: apkleaks description: 'Scanning APK file for URIs, endpoints & secrets. ' -urls: -- https://github.com/dwisiswant0/apkleaks) -- https://img.shields.io/github/stars/dwisiswant0/apkleaks) -- https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) +url: https://github.com/dwisiswant0/apkleaks category: tool types: [] platform: diff --git a/weapons/aquatone.yaml b/weapons/aquatone.yaml index e6a5924..9d680f0 100644 --- a/weapons/aquatone.yaml +++ b/weapons/aquatone.yaml @@ -1,10 +1,7 @@ --- name: aquatone description: 'A Tool for Domain Flyovers ' -urls: -- https://github.com/michenriksen/aquatone) -- https://img.shields.io/github/stars/michenriksen/aquatone) -- https://img.shields.io/github/languages/top/michenriksen/aquatone) +url: https://github.com/michenriksen/aquatone category: tool types: [] platform: diff --git a/weapons/arachni.yaml b/weapons/arachni.yaml index 94f0597..2953c65 100644 --- a/weapons/arachni.yaml +++ b/weapons/arachni.yaml @@ -1,10 +1,7 @@ --- name: arachni description: 'Web Application Security Scanner Framework ' -urls: -- https://github.com/Arachni/arachni) -- https://img.shields.io/github/stars/Arachni/arachni) -- https://img.shields.io/github/languages/top/Arachni/arachni) +url: https://github.com/Arachni/arachni category: tool types: [] platform: diff --git a/weapons/assetfinder.yaml b/weapons/assetfinder.yaml index 11563dd..8465f3e 100644 --- a/weapons/assetfinder.yaml +++ b/weapons/assetfinder.yaml @@ -1,10 +1,7 @@ --- name: assetfinder description: 'Find domains and subdomains related to a given domain ' -urls: -- https://github.com/tomnomnom/assetfinder) -- https://img.shields.io/github/stars/tomnomnom/assetfinder) -- https://img.shields.io/github/languages/top/tomnomnom/assetfinder) +url: https://github.com/tomnomnom/assetfinder category: tool types: [] platform: diff --git a/weapons/attack-surface-detector-zap.yaml b/weapons/attack-surface-detector-zap.yaml index a4cd5fe..16e0e95 100644 --- a/weapons/attack-surface-detector-zap.yaml +++ b/weapons/attack-surface-detector-zap.yaml @@ -1,10 +1,7 @@ --- name: attack-surface-detector-zap description: -urls: -- https://github.com/secdec/attack-surface-detector-zap) -- https://img.shields.io/github/stars/secdec/attack-surface-detector-zap) -- https://img.shields.io/github/languages/top/secdec/attack-surface-detector-zap) +url: https://github.com/secdec/attack-surface-detector-zap category: tool-addon types: [] platform: diff --git a/weapons/auto-repeater.yaml b/weapons/auto-repeater.yaml index 0184349..cda212a 100644 --- a/weapons/auto-repeater.yaml +++ b/weapons/auto-repeater.yaml @@ -1,10 +1,7 @@ --- name: auto-repeater description: -urls: -- https://github.com/PortSwigger/auto-repeater) -- https://img.shields.io/github/stars/PortSwigger/auto-repeater) -- https://img.shields.io/github/languages/top/PortSwigger/auto-repeater) +url: https://github.com/PortSwigger/auto-repeater category: tool-addon types: [] platform: diff --git a/weapons/autochrome.yaml b/weapons/autochrome.yaml index 9dd3286..b993fb0 100644 --- a/weapons/autochrome.yaml +++ b/weapons/autochrome.yaml @@ -1,10 +1,7 @@ --- name: autochrome description: This tool downloads, installs, and configures a shiny new copy of Chromium. -urls: -- https://github.com/nccgroup/autochrome) -- https://img.shields.io/github/stars/nccgroup/autochrome) -- https://img.shields.io/github/languages/top/nccgroup/autochrome) +url: https://github.com/nccgroup/autochrome category: tool types: [] platform: [] diff --git a/weapons/axiom.yaml b/weapons/axiom.yaml index 4674c77..85b4d70 100644 --- a/weapons/axiom.yaml +++ b/weapons/axiom.yaml @@ -1,10 +1,7 @@ --- name: axiom description: 'A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ' -urls: -- https://github.com/pry0cc/axiom) -- https://img.shields.io/github/stars/pry0cc/axiom) -- https://img.shields.io/github/languages/top/pry0cc/axiom) +url: https://github.com/pry0cc/axiom category: tool types: [] platform: diff --git a/weapons/bat.yaml b/weapons/bat.yaml index 63a2aa9..cd6db31 100644 --- a/weapons/bat.yaml +++ b/weapons/bat.yaml @@ -1,10 +1,7 @@ --- name: bat description: A cat(1) clone with wings. -urls: -- https://github.com/sharkdp/bat) -- https://img.shields.io/github/stars/sharkdp/bat) -- https://img.shields.io/github/languages/top/sharkdp/bat) +url: https://github.com/sharkdp/bat category: tool types: [] platform: [] diff --git a/weapons/boast.yaml b/weapons/boast.yaml index 88050c6..983cfd4 100644 --- a/weapons/boast.yaml +++ b/weapons/boast.yaml @@ -1,10 +1,7 @@ --- name: boast description: The BOAST Outpost for AppSec Testing (v0.1.0) -urls: -- https://github.com/marcoagner/boast) -- https://img.shields.io/github/stars/marcoagner/boast) -- https://img.shields.io/github/languages/top/marcoagner/boast) +url: https://github.com/marcoagner/boast category: tool types: [] platform: [] diff --git a/weapons/bountyplz.yaml b/weapons/bountyplz.yaml index 33d10d2..cc32026 100644 --- a/weapons/bountyplz.yaml +++ b/weapons/bountyplz.yaml @@ -2,10 +2,7 @@ name: bountyplz description: 'Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) ' -urls: -- https://github.com/fransr/bountyplz) -- https://img.shields.io/github/stars/fransr/bountyplz) -- https://img.shields.io/github/languages/top/fransr/bountyplz) +url: https://github.com/fransr/bountyplz category: tool types: [] platform: diff --git a/weapons/burl.yaml b/weapons/burl.yaml index c22b133..bed931e 100644 --- a/weapons/burl.yaml +++ b/weapons/burl.yaml @@ -1,10 +1,7 @@ --- name: burl description: 'A Broken-URL Checker ' -urls: -- https://github.com/tomnomnom/burl) -- https://img.shields.io/github/stars/tomnomnom/burl) -- https://img.shields.io/github/languages/top/tomnomnom/burl) +url: https://github.com/tomnomnom/burl category: tool types: [] platform: diff --git a/weapons/burp-exporter.yaml b/weapons/burp-exporter.yaml index f68c5a2..f4714a4 100644 --- a/weapons/burp-exporter.yaml +++ b/weapons/burp-exporter.yaml @@ -1,10 +1,7 @@ --- name: burp-exporter description: -urls: -- https://github.com/artssec/burp-exporter) -- https://img.shields.io/github/stars/artssec/burp-exporter) -- https://img.shields.io/github/languages/top/artssec/burp-exporter) +url: https://github.com/artssec/burp-exporter category: tool-addon types: [] platform: diff --git a/weapons/burp-piper.yaml b/weapons/burp-piper.yaml index f708066..a203041 100644 --- a/weapons/burp-piper.yaml +++ b/weapons/burp-piper.yaml @@ -1,10 +1,7 @@ --- name: burp-piper description: -urls: -- https://github.com/silentsignal/burp-piper) -- https://img.shields.io/github/stars/silentsignal/burp-piper) -- https://img.shields.io/github/languages/top/silentsignal/burp-piper) +url: https://github.com/silentsignal/burp-piper category: tool-addon types: [] platform: diff --git a/weapons/burp-retire-js.yaml b/weapons/burp-retire-js.yaml index aca1928..fb5c4f3 100644 --- a/weapons/burp-retire-js.yaml +++ b/weapons/burp-retire-js.yaml @@ -1,10 +1,7 @@ --- name: burp-retire-js description: -urls: -- https://github.com/h3xstream/burp-retire-js) -- https://img.shields.io/github/stars/h3xstream/burp-retire-js) -- https://img.shields.io/github/languages/top/h3xstream/burp-retire-js) +url: https://github.com/h3xstream/burp-retire-js category: tool-addon types: [] platform: diff --git a/weapons/burp-send-to.yaml b/weapons/burp-send-to.yaml index 344396a..4f2e5b4 100644 --- a/weapons/burp-send-to.yaml +++ b/weapons/burp-send-to.yaml @@ -1,10 +1,7 @@ --- name: burp-send-to description: -urls: -- https://github.com/bytebutcher/burp-send-to) -- https://img.shields.io/github/stars/bytebutcher/burp-send-to) -- https://img.shields.io/github/languages/top/bytebutcher/burp-send-to) +url: https://github.com/bytebutcher/burp-send-to category: tool-addon types: [] platform: diff --git a/weapons/c-jwt-cracker.yaml b/weapons/c-jwt-cracker.yaml index e18676c..07107a1 100644 --- a/weapons/c-jwt-cracker.yaml +++ b/weapons/c-jwt-cracker.yaml @@ -1,10 +1,7 @@ --- name: c-jwt-cracker description: 'JWT brute force cracker written in C ' -urls: -- https://github.com/brendan-rius/c-jwt-cracker) -- https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker) -- https://img.shields.io/github/languages/top/brendan-rius/c-jwt-cracker) +url: https://github.com/brendan-rius/c-jwt-cracker category: tool types: [] platform: diff --git a/weapons/can-i-take-over-xyz.yaml b/weapons/can-i-take-over-xyz.yaml index 1b742f9..35104d6 100644 --- a/weapons/can-i-take-over-xyz.yaml +++ b/weapons/can-i-take-over-xyz.yaml @@ -2,10 +2,7 @@ name: can-i-take-over-xyz description: '"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.' -urls: -- https://github.com/EdOverflow/can-i-take-over-xyz) -- https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz) -- https://img.shields.io/github/languages/top/EdOverflow/can-i-take-over-xyz) +url: https://github.com/EdOverflow/can-i-take-over-xyz category: tool types: [] platform: [] diff --git a/weapons/cariddi.yaml b/weapons/cariddi.yaml index 402cae9..8dd81ee 100644 --- a/weapons/cariddi.yaml +++ b/weapons/cariddi.yaml @@ -2,10 +2,7 @@ name: cariddi description: Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... -urls: -- https://github.com/edoardottt/cariddi) -- https://img.shields.io/github/stars/edoardottt/cariddi) -- https://img.shields.io/github/languages/top/edoardottt/cariddi) +url: https://github.com/edoardottt/cariddi category: tool types: [] platform: [] diff --git a/weapons/cc.py.yaml b/weapons/cc.py.yaml index 4c25d86..8f179eb 100644 --- a/weapons/cc.py.yaml +++ b/weapons/cc.py.yaml @@ -1,10 +1,7 @@ --- name: cc.py description: 'Extracting URLs of a specific target based on the results of "commoncrawl.org" ' -urls: -- https://github.com/si9int/cc.py) -- https://img.shields.io/github/stars/si9int/cc.py) -- https://img.shields.io/github/languages/top/si9int/cc.py) +url: https://github.com/si9int/cc.py category: tool types: [] platform: diff --git a/weapons/cf-check.yaml b/weapons/cf-check.yaml index e423d6c..8dff280 100644 --- a/weapons/cf-check.yaml +++ b/weapons/cf-check.yaml @@ -1,10 +1,7 @@ --- name: cf-check description: 'Cloudflare Checker written in Go ' -urls: -- https://github.com/dwisiswant0/cf-check) -- https://img.shields.io/github/stars/dwisiswant0/cf-check) -- https://img.shields.io/github/languages/top/dwisiswant0/cf-check) +url: https://github.com/dwisiswant0/cf-check category: tool types: [] platform: diff --git a/weapons/chaos-client.yaml b/weapons/chaos-client.yaml index 9c4ac40..4afbe07 100644 --- a/weapons/chaos-client.yaml +++ b/weapons/chaos-client.yaml @@ -1,10 +1,7 @@ --- name: chaos-client description: 'Go client to communicate with Chaos DNS API. ' -urls: -- https://github.com/projectdiscovery/chaos-client) -- https://img.shields.io/github/stars/projectdiscovery/chaos-client) -- https://img.shields.io/github/languages/top/projectdiscovery/chaos-client) +url: https://github.com/projectdiscovery/chaos-client category: tool types: [] platform: diff --git a/weapons/clear-cache.yaml b/weapons/clear-cache.yaml index 7794f57..5c0b09e 100644 --- a/weapons/clear-cache.yaml +++ b/weapons/clear-cache.yaml @@ -1,10 +1,7 @@ --- name: clear-cache description: Add-on to clear browser cache with a single click or via the F9 key. -urls: -- https://github.com/TenSoja/clear-cache) -- https://img.shields.io/github/stars/TenSoja/clear-cache) -- https://img.shields.io/github/languages/top/TenSoja/clear-cache) +url: https://github.com/TenSoja/clear-cache category: browser-addon types: [] platform: diff --git a/weapons/collaborator-everywhere.yaml b/weapons/collaborator-everywhere.yaml index b786081..c0ce829 100644 --- a/weapons/collaborator-everywhere.yaml +++ b/weapons/collaborator-everywhere.yaml @@ -1,10 +1,7 @@ --- name: collaborator-everywhere description: -urls: -- https://github.com/PortSwigger/collaborator-everywhere) -- https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere) -- https://img.shields.io/github/languages/top/PortSwigger/collaborator-everywhere) +url: https://github.com/PortSwigger/collaborator-everywhere category: tool-addon types: [] platform: diff --git a/weapons/commix.yaml b/weapons/commix.yaml index 43f3031..994c4ed 100644 --- a/weapons/commix.yaml +++ b/weapons/commix.yaml @@ -1,10 +1,7 @@ --- name: commix description: Automated All-in-One OS Command Injection Exploitation Tool. -urls: -- https://github.com/commixproject/commix) -- https://img.shields.io/github/stars/commixproject/commix) -- https://img.shields.io/github/languages/top/commixproject/commix) +url: https://github.com/commixproject/commix category: tool types: [] platform: [] diff --git a/weapons/community-scripts.yaml b/weapons/community-scripts.yaml index 45efea1..2be8d95 100644 --- a/weapons/community-scripts.yaml +++ b/weapons/community-scripts.yaml @@ -1,10 +1,7 @@ --- name: community-scripts description: -urls: -- https://github.com/zaproxy/community-scripts) -- https://img.shields.io/github/stars/zaproxy/community-scripts) -- https://img.shields.io/github/languages/top/zaproxy/community-scripts) +url: https://github.com/zaproxy/community-scripts category: tool-addon types: [] platform: diff --git a/weapons/confused.yaml b/weapons/confused.yaml index dbb4855..11253a8 100644 --- a/weapons/confused.yaml +++ b/weapons/confused.yaml @@ -2,10 +2,7 @@ name: confused description: Tool to check for dependency confusion vulnerabilities in multiple package management systems -urls: -- https://github.com/visma-prodsec/confused) -- https://img.shields.io/github/stars/visma-prodsec/confused) -- https://img.shields.io/github/languages/top/visma-prodsec/confused) +url: https://github.com/visma-prodsec/confused category: tool types: [] platform: [] diff --git a/weapons/cookie-quick-manager.yaml b/weapons/cookie-quick-manager.yaml index 26bab7f..6a743e2 100644 --- a/weapons/cookie-quick-manager.yaml +++ b/weapons/cookie-quick-manager.yaml @@ -2,10 +2,7 @@ name: cookie-quick-manager description: An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox. -urls: -- https://github.com/ysard/cookie-quick-manager) -- https://img.shields.io/github/stars/ysard/cookie-quick-manager) -- https://img.shields.io/github/languages/top/ysard/cookie-quick-manager) +url: https://github.com/ysard/cookie-quick-manager category: browser-addon types: [] platform: diff --git a/weapons/corsair_scan.yaml b/weapons/corsair_scan.yaml index 25f6c43..fdf0028 100644 --- a/weapons/corsair_scan.yaml +++ b/weapons/corsair_scan.yaml @@ -2,10 +2,7 @@ name: corsair_scan description: Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). -urls: -- https://github.com/Santandersecurityresearch/corsair_scan) -- https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan) -- https://img.shields.io/github/languages/top/Santandersecurityresearch/corsair_scan) +url: https://github.com/Santandersecurityresearch/corsair_scan category: tool types: [] platform: [] diff --git a/weapons/crawlergo.yaml b/weapons/crawlergo.yaml index b741110..2e1fc32 100644 --- a/weapons/crawlergo.yaml +++ b/weapons/crawlergo.yaml @@ -1,10 +1,7 @@ --- name: crawlergo description: A powerful browser crawler for web vulnerability scanners -urls: -- https://github.com/Qianlitp/crawlergo) -- https://img.shields.io/github/stars/Qianlitp/crawlergo) -- https://img.shields.io/github/languages/top/Qianlitp/crawlergo) +url: https://github.com/Qianlitp/crawlergo category: tool types: [] platform: [] diff --git a/weapons/crlfuzz.yaml b/weapons/crlfuzz.yaml index a6a2b22..0f0a462 100644 --- a/weapons/crlfuzz.yaml +++ b/weapons/crlfuzz.yaml @@ -1,10 +1,7 @@ --- name: crlfuzz description: 'A fast tool to scan CRLF vulnerability written in Go ' -urls: -- https://github.com/dwisiswant0/crlfuzz) -- https://img.shields.io/github/stars/dwisiswant0/crlfuzz) -- https://img.shields.io/github/languages/top/dwisiswant0/crlfuzz) +url: https://github.com/dwisiswant0/crlfuzz category: tool types: [] platform: diff --git a/weapons/csp-auditor.yaml b/weapons/csp-auditor.yaml index adfaafa..476ab7f 100644 --- a/weapons/csp-auditor.yaml +++ b/weapons/csp-auditor.yaml @@ -1,10 +1,7 @@ --- name: csp-auditor description: -urls: -- https://github.com/GoSecure/csp-auditor) -- https://img.shields.io/github/stars/GoSecure/csp-auditor) -- https://img.shields.io/github/languages/top/GoSecure/csp-auditor) +url: https://github.com/GoSecure/csp-auditor category: tool-addon types: [] platform: diff --git a/weapons/curl.yaml b/weapons/curl.yaml index 4eee758..c0282a1 100644 --- a/weapons/curl.yaml +++ b/weapons/curl.yaml @@ -4,10 +4,7 @@ description: A command line tool and library for transferring data with URL synt supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features -urls: -- https://github.com/curl/curl) -- https://img.shields.io/github/stars/curl/curl) -- https://img.shields.io/github/languages/top/curl/curl) +url: https://github.com/curl/curl category: tool types: [] platform: [] diff --git a/weapons/dalfox.yaml b/weapons/dalfox.yaml index 53614c8..a60dcd1 100644 --- a/weapons/dalfox.yaml +++ b/weapons/dalfox.yaml @@ -2,10 +2,7 @@ name: dalfox description: "\U0001F318\U0001F98A DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang " -urls: -- https://github.com/hahwul/dalfox) -- https://img.shields.io/github/stars/hahwul/dalfox) -- https://img.shields.io/github/languages/top/hahwul/dalfox) +url: https://github.com/hahwul/dalfox category: tool types: [] platform: diff --git a/weapons/dirsearch.yaml b/weapons/dirsearch.yaml index 71a9a68..6a6f9a9 100644 --- a/weapons/dirsearch.yaml +++ b/weapons/dirsearch.yaml @@ -1,10 +1,7 @@ --- name: dirsearch description: 'Web path scanner ' -urls: -- https://github.com/maurosoria/dirsearch) -- https://img.shields.io/github/stars/maurosoria/dirsearch) -- https://img.shields.io/github/languages/top/maurosoria/dirsearch) +url: https://github.com/maurosoria/dirsearch category: tool types: [] platform: diff --git a/weapons/ditto.yaml b/weapons/ditto.yaml index 162ecd0..aa090d1 100644 --- a/weapons/ditto.yaml +++ b/weapons/ditto.yaml @@ -1,10 +1,7 @@ --- name: ditto description: A tool for IDN homograph attacks and detection. -urls: -- https://github.com/evilsocket/ditto) -- https://img.shields.io/github/stars/evilsocket/ditto) -- https://img.shields.io/github/languages/top/evilsocket/ditto) +url: https://github.com/evilsocket/ditto category: tool types: [] platform: [] diff --git a/weapons/dmut.yaml b/weapons/dmut.yaml index 273781a..b145a7e 100644 --- a/weapons/dmut.yaml +++ b/weapons/dmut.yaml @@ -2,10 +2,7 @@ name: dmut description: A tool to perform permutations, mutations and alteration of subdomains in golang. -urls: -- https://github.com/bp0lr/dmut) -- https://img.shields.io/github/stars/bp0lr/dmut) -- https://img.shields.io/github/languages/top/bp0lr/dmut) +url: https://github.com/bp0lr/dmut category: tool types: [] platform: [] diff --git a/weapons/dnsobserver.yaml b/weapons/dnsobserver.yaml index e733027..35ceb1c 100644 --- a/weapons/dnsobserver.yaml +++ b/weapons/dnsobserver.yaml @@ -3,10 +3,7 @@ name: dnsobserver description: 'A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester''s server for out-of-band DNS interactions and sends lookup notifications via Slack. ' -urls: -- https://github.com/allyomalley/dnsobserver) -- https://img.shields.io/github/stars/allyomalley/dnsobserver) -- https://img.shields.io/github/languages/top/allyomalley/dnsobserver) +url: https://github.com/allyomalley/dnsobserver category: tool types: [] platform: [] diff --git a/weapons/dnsprobe.yaml b/weapons/dnsprobe.yaml index ae6bd05..86505fc 100644 --- a/weapons/dnsprobe.yaml +++ b/weapons/dnsprobe.yaml @@ -2,10 +2,7 @@ name: dnsprobe description: 'DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. ' -urls: -- https://github.com/projectdiscovery/dnsprobe) -- https://img.shields.io/github/stars/projectdiscovery/dnsprobe) -- https://img.shields.io/github/languages/top/projectdiscovery/dnsprobe) +url: https://github.com/projectdiscovery/dnsprobe category: tool types: [] platform: diff --git a/weapons/dnsvalidator.yaml b/weapons/dnsvalidator.yaml index df489b8..ef76021 100644 --- a/weapons/dnsvalidator.yaml +++ b/weapons/dnsvalidator.yaml @@ -2,10 +2,7 @@ name: dnsvalidator description: Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. -urls: -- https://github.com/vortexau/dnsvalidator) -- https://img.shields.io/github/stars/vortexau/dnsvalidator) -- https://img.shields.io/github/languages/top/vortexau/dnsvalidator) +url: https://github.com/vortexau/dnsvalidator category: tool types: [] platform: [] diff --git a/weapons/dnsx.yaml b/weapons/dnsx.yaml index 5011348..7655a0a 100644 --- a/weapons/dnsx.yaml +++ b/weapons/dnsx.yaml @@ -2,10 +2,7 @@ name: dnsx description: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. -urls: -- https://github.com/projectdiscovery/dnsx) -- https://img.shields.io/github/stars/projectdiscovery/dnsx) -- https://img.shields.io/github/languages/top/projectdiscovery/dnsx) +url: https://github.com/projectdiscovery/dnsx category: tool types: [] platform: [] diff --git a/weapons/docem.yaml b/weapons/docem.yaml index 19eba25..4dc0f07 100644 --- a/weapons/docem.yaml +++ b/weapons/docem.yaml @@ -2,10 +2,7 @@ name: docem description: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) -urls: -- https://github.com/whitel1st/docem) -- https://img.shields.io/github/stars/whitel1st/docem) -- https://img.shields.io/github/languages/top/whitel1st/docem) +url: https://github.com/whitel1st/docem category: tool types: [] platform: [] diff --git a/weapons/domdig.yaml b/weapons/domdig.yaml index 01b47cc..5cee306 100644 --- a/weapons/domdig.yaml +++ b/weapons/domdig.yaml @@ -1,10 +1,7 @@ --- name: domdig description: 'DOM XSS scanner for Single Page Applications ' -urls: -- https://github.com/fcavallarin/domdig) -- https://img.shields.io/github/stars/fcavallarin/domdig) -- https://img.shields.io/github/languages/top/fcavallarin/domdig) +url: https://github.com/fcavallarin/domdig category: tool types: [] platform: diff --git a/weapons/dontgo403.yaml b/weapons/dontgo403.yaml index b308746..74f7378 100644 --- a/weapons/dontgo403.yaml +++ b/weapons/dontgo403.yaml @@ -1,10 +1,7 @@ --- name: dontgo403 description: Tool to bypass 40X response codes. -urls: -- https://github.com/devploit/dontgo403) -- https://img.shields.io/github/stars/devploit/dontgo403) -- https://img.shields.io/github/languages/top/devploit/dontgo403) +url: https://github.com/devploit/dontgo403 category: tool types: [] platform: [] diff --git a/weapons/dotdotpwn.yaml b/weapons/dotdotpwn.yaml index 8a79181..3a6fdb7 100644 --- a/weapons/dotdotpwn.yaml +++ b/weapons/dotdotpwn.yaml @@ -1,10 +1,7 @@ --- name: dotdotpwn description: 'DotDotPwn - The Directory Traversal Fuzzer ' -urls: -- https://github.com/wireghoul/dotdotpwn) -- https://img.shields.io/github/stars/wireghoul/dotdotpwn) -- https://img.shields.io/github/languages/top/wireghoul/dotdotpwn) +url: https://github.com/wireghoul/dotdotpwn category: tool types: [] platform: diff --git a/weapons/eval_villain.yaml b/weapons/eval_villain.yaml index e7976a5..03e3eee 100644 --- a/weapons/eval_villain.yaml +++ b/weapons/eval_villain.yaml @@ -1,10 +1,7 @@ --- name: eval_villain description: A Firefox Web Extension to improve the discovery of DOM XSS. -urls: -- https://github.com/swoops/eval_villain) -- https://img.shields.io/github/stars/swoops/eval_villain) -- https://img.shields.io/github/languages/top/swoops/eval_villain) +url: https://github.com/swoops/eval_villain category: browser-addon types: [] platform: diff --git a/weapons/ezXSS.yaml b/weapons/ezXSS.yaml index e8daaae..6fec55a 100644 --- a/weapons/ezXSS.yaml +++ b/weapons/ezXSS.yaml @@ -2,10 +2,7 @@ name: ezXSS description: 'ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. ' -urls: -- https://github.com/ssl/ezXSS) -- https://img.shields.io/github/stars/ssl/ezXSS) -- https://img.shields.io/github/languages/top/ssl/ezXSS) +url: https://github.com/ssl/ezXSS category: tool types: [] platform: diff --git a/weapons/femida.yaml b/weapons/femida.yaml index 18cceeb..3d3a4cb 100644 --- a/weapons/femida.yaml +++ b/weapons/femida.yaml @@ -1,10 +1,7 @@ --- name: femida description: -urls: -- https://github.com/wish-i-was/femida) -- https://img.shields.io/github/stars/wish-i-was/femida) -- https://img.shields.io/github/languages/top/wish-i-was/femida) +url: https://github.com/wish-i-was/femida category: tool-addon types: [] platform: diff --git a/weapons/feroxbuster.yaml b/weapons/feroxbuster.yaml index 05d6ffa..0a02f90 100644 --- a/weapons/feroxbuster.yaml +++ b/weapons/feroxbuster.yaml @@ -1,10 +1,7 @@ --- name: feroxbuster description: A fast, simple, recursive content discovery tool written in Rust. -urls: -- https://github.com/epi052/feroxbuster) -- https://img.shields.io/github/stars/epi052/feroxbuster) -- https://img.shields.io/github/languages/top/epi052/feroxbuster) +url: https://github.com/epi052/feroxbuster category: tool types: [] platform: [] diff --git a/weapons/ffuf.yaml b/weapons/ffuf.yaml index b906005..81505be 100644 --- a/weapons/ffuf.yaml +++ b/weapons/ffuf.yaml @@ -1,10 +1,7 @@ --- name: ffuf description: 'Fast web fuzzer written in Go ' -urls: -- https://github.com/ffuf/ffuf) -- https://img.shields.io/github/stars/ffuf/ffuf) -- https://img.shields.io/github/languages/top/ffuf/ffuf) +url: https://github.com/ffuf/ffuf category: tool types: [] platform: diff --git a/weapons/fhc.yaml b/weapons/fhc.yaml index 298915c..53a8d65 100644 --- a/weapons/fhc.yaml +++ b/weapons/fhc.yaml @@ -1,10 +1,7 @@ --- name: fhc description: Fast HTTP Checker. -urls: -- https://github.com/Edu4rdSHL/fhc) -- https://img.shields.io/github/stars/Edu4rdSHL/fhc) -- https://img.shields.io/github/languages/top/Edu4rdSHL/fhc) +url: https://github.com/Edu4rdSHL/fhc category: tool types: [] platform: [] diff --git a/weapons/findom-xss.yaml b/weapons/findom-xss.yaml index 50d5854..5bb0472 100644 --- a/weapons/findom-xss.yaml +++ b/weapons/findom-xss.yaml @@ -1,10 +1,7 @@ --- name: findom-xss description: 'A fast DOM based XSS vulnerability scanner with simplicity. ' -urls: -- https://github.com/dwisiswant0/findom-xss) -- https://img.shields.io/github/stars/dwisiswant0/findom-xss) -- https://img.shields.io/github/languages/top/dwisiswant0/findom-xss) +url: https://github.com/dwisiswant0/findom-xss category: tool types: [] platform: diff --git a/weapons/findomain.yaml b/weapons/findomain.yaml index b42df81..0bf58d8 100644 --- a/weapons/findomain.yaml +++ b/weapons/findomain.yaml @@ -2,10 +2,7 @@ name: findomain description: 'The fastest and cross-platform subdomain enumerator, do not waste your time. ' -urls: -- https://github.com/Edu4rdSHL/findomain) -- https://img.shields.io/github/stars/Edu4rdSHL/findomain) -- https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) +url: https://github.com/Edu4rdSHL/findomain category: tool types: [] platform: diff --git a/weapons/fockcache.yaml b/weapons/fockcache.yaml index 2e70a5c..58c9cb8 100644 --- a/weapons/fockcache.yaml +++ b/weapons/fockcache.yaml @@ -1,10 +1,7 @@ --- name: fockcache description: FockCache - Minimalized Test Cache Poisoning -urls: -- https://github.com/tismayil/fockcache) -- https://img.shields.io/github/stars/tismayil/fockcache) -- https://img.shields.io/github/languages/top/tismayil/fockcache) +url: https://github.com/tismayil/fockcache category: tool types: [] platform: [] diff --git a/weapons/fuzzparam.yaml b/weapons/fuzzparam.yaml index d50bf2c..641ae89 100644 --- a/weapons/fuzzparam.yaml +++ b/weapons/fuzzparam.yaml @@ -1,10 +1,7 @@ --- name: fuzzparam description: A fast go based param miner to fuzz possible parameters a URL can have. -urls: -- https://github.com/0xsapra/fuzzparam) -- https://img.shields.io/github/stars/0xsapra/fuzzparam) -- https://img.shields.io/github/languages/top/0xsapra/fuzzparam) +url: https://github.com/0xsapra/fuzzparam category: tool types: [] platform: [] diff --git a/weapons/fzf.yaml b/weapons/fzf.yaml index de9de4f..9cd16fb 100644 --- a/weapons/fzf.yaml +++ b/weapons/fzf.yaml @@ -1,10 +1,7 @@ --- name: fzf description: A command-line fuzzy finder -urls: -- https://github.com/junegunn/fzf) -- https://img.shields.io/github/stars/junegunn/fzf) -- https://img.shields.io/github/languages/top/junegunn/fzf) +url: https://github.com/junegunn/fzf category: tool types: [] platform: diff --git a/weapons/gau.yaml b/weapons/gau.yaml index 9f1b784..6998bff 100644 --- a/weapons/gau.yaml +++ b/weapons/gau.yaml @@ -2,10 +2,7 @@ name: gau description: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. -urls: -- https://github.com/lc/gau) -- https://img.shields.io/github/stars/lc/gau) -- https://img.shields.io/github/languages/top/lc/gau) +url: https://github.com/lc/gau category: tool types: [] platform: diff --git a/weapons/gauplus.yaml b/weapons/gauplus.yaml index 5cabbde..352f8b9 100644 --- a/weapons/gauplus.yaml +++ b/weapons/gauplus.yaml @@ -2,10 +2,7 @@ name: gauplus description: A modified version of gau for personal usage. Support workers, proxies and some extra things. -urls: -- https://github.com/bp0lr/gauplus) -- https://img.shields.io/github/stars/bp0lr/gauplus) -- https://img.shields.io/github/languages/top/bp0lr/gauplus) +url: https://github.com/bp0lr/gauplus category: tool types: [] platform: [] diff --git a/weapons/gee.yaml b/weapons/gee.yaml index 640a49e..0884af7 100644 --- a/weapons/gee.yaml +++ b/weapons/gee.yaml @@ -3,10 +3,7 @@ name: gee description: "\U0001F3F5 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go" -urls: -- https://github.com/hahwul/gee) -- https://img.shields.io/github/stars/hahwul/gee) -- https://img.shields.io/github/languages/top/hahwul/gee) +url: https://github.com/hahwul/gee category: tool types: [] platform: [] diff --git a/weapons/getJS.yaml b/weapons/getJS.yaml index 955b18f..23491bd 100644 --- a/weapons/getJS.yaml +++ b/weapons/getJS.yaml @@ -1,10 +1,7 @@ --- name: getJS description: A tool to fastly get all javascript sources/files -urls: -- https://github.com/003random/getJS) -- https://img.shields.io/github/stars/003random/getJS) -- https://img.shields.io/github/languages/top/003random/getJS) +url: https://github.com/003random/getJS category: tool types: [] platform: [] diff --git a/weapons/gf.yaml b/weapons/gf.yaml index 0d1712d..6749963 100644 --- a/weapons/gf.yaml +++ b/weapons/gf.yaml @@ -1,10 +1,7 @@ --- name: gf description: 'A wrapper around grep, to help you grep for things ' -urls: -- https://github.com/tomnomnom/gf) -- https://img.shields.io/github/stars/tomnomnom/gf) -- https://img.shields.io/github/languages/top/tomnomnom/gf) +url: https://github.com/tomnomnom/gf category: tool types: [] platform: diff --git a/weapons/gitGraber.yaml b/weapons/gitGraber.yaml index b07c02a..5eaecf3 100644 --- a/weapons/gitGraber.yaml +++ b/weapons/gitGraber.yaml @@ -1,10 +1,7 @@ --- name: gitGraber description: 'gitGraber ' -urls: -- https://github.com/hisxo/gitGraber) -- https://img.shields.io/github/stars/hisxo/gitGraber) -- https://img.shields.io/github/languages/top/hisxo/gitGraber) +url: https://github.com/hisxo/gitGraber category: tool types: [] platform: diff --git a/weapons/github-endpoints.yaml b/weapons/github-endpoints.yaml index 7f71d7d..25066f7 100644 --- a/weapons/github-endpoints.yaml +++ b/weapons/github-endpoints.yaml @@ -1,10 +1,7 @@ --- name: github-endpoints description: Find endpoints on GitHub. -urls: -- https://github.com/gwen001/github-endpoints) -- https://img.shields.io/github/stars/gwen001/github-endpoints) -- https://img.shields.io/github/languages/top/gwen001/github-endpoints) +url: https://github.com/gwen001/github-endpoints category: tool types: [] platform: [] diff --git a/weapons/github-regexp.yaml b/weapons/github-regexp.yaml index 9bf90a3..203e367 100644 --- a/weapons/github-regexp.yaml +++ b/weapons/github-regexp.yaml @@ -1,10 +1,7 @@ --- name: github-regexp description: Basically a regexp over a GitHub search. -urls: -- https://github.com/gwen001/github-regexp) -- https://img.shields.io/github/stars/gwen001/github-regexp) -- https://img.shields.io/github/languages/top/gwen001/github-regexp) +url: https://github.com/gwen001/github-regexp category: tool types: [] platform: [] diff --git a/weapons/github-search.yaml b/weapons/github-search.yaml index e7571ca..da1b29d 100644 --- a/weapons/github-search.yaml +++ b/weapons/github-search.yaml @@ -1,10 +1,7 @@ --- name: github-search description: 'Tools to perform basic search on GitHub. ' -urls: -- https://github.com/gwen001/github-search) -- https://img.shields.io/github/stars/gwen001/github-search) -- https://img.shields.io/github/languages/top/gwen001/github-search) +url: https://github.com/gwen001/github-search category: tool types: [] platform: diff --git a/weapons/github-subdomains.yaml b/weapons/github-subdomains.yaml index 522fef8..416ebe3 100644 --- a/weapons/github-subdomains.yaml +++ b/weapons/github-subdomains.yaml @@ -1,10 +1,7 @@ --- name: github-subdomains description: Find subdomains on GitHub -urls: -- https://github.com/gwen001/github-subdomains) -- https://img.shields.io/github/stars/gwen001/github-subdomains) -- https://img.shields.io/github/languages/top/gwen001/github-subdomains) +url: https://github.com/gwen001/github-subdomains category: tool types: [] platform: [] diff --git a/weapons/gitleaks.yaml b/weapons/gitleaks.yaml index c84c827..085007b 100644 --- a/weapons/gitleaks.yaml +++ b/weapons/gitleaks.yaml @@ -1,10 +1,7 @@ --- name: gitleaks description: "Scan git repos (or files) for secrets using regex and entropy \U0001F511" -urls: -- https://github.com/zricethezav/gitleaks) -- https://img.shields.io/github/stars/zricethezav/gitleaks) -- https://img.shields.io/github/languages/top/zricethezav/gitleaks) +url: https://github.com/zricethezav/gitleaks category: tool types: [] platform: [] diff --git a/weapons/gitls.yaml b/weapons/gitls.yaml index 18b7bfe..eaac3e4 100644 --- a/weapons/gitls.yaml +++ b/weapons/gitls.yaml @@ -1,10 +1,7 @@ --- name: gitls description: Listing git repository from URL/User/Org -urls: -- https://github.com/hahwul/gitls) -- https://img.shields.io/github/stars/hahwul/gitls) -- https://img.shields.io/github/languages/top/hahwul/gitls) +url: https://github.com/hahwul/gitls category: tool types: [] platform: [] diff --git a/weapons/gitrob.yaml b/weapons/gitrob.yaml index 2559a88..83a7aa7 100644 --- a/weapons/gitrob.yaml +++ b/weapons/gitrob.yaml @@ -1,10 +1,7 @@ --- name: gitrob description: 'Reconnaissance tool for GitHub organizations ' -urls: -- https://github.com/michenriksen/gitrob) -- https://img.shields.io/github/stars/michenriksen/gitrob) -- https://img.shields.io/github/languages/top/michenriksen/gitrob) +url: https://github.com/michenriksen/gitrob category: tool types: [] platform: diff --git a/weapons/go-dork.yaml b/weapons/go-dork.yaml index 8328da0..6966923 100644 --- a/weapons/go-dork.yaml +++ b/weapons/go-dork.yaml @@ -1,10 +1,7 @@ --- name: go-dork description: 'The fastest dork scanner written in Go. ' -urls: -- https://github.com/dwisiswant0/go-dork) -- https://img.shields.io/github/stars/dwisiswant0/go-dork) -- https://img.shields.io/github/languages/top/dwisiswant0/go-dork) +url: https://github.com/dwisiswant0/go-dork category: tool types: [] platform: diff --git a/weapons/gobuster.yaml b/weapons/gobuster.yaml index 79f2d8c..9f31f52 100644 --- a/weapons/gobuster.yaml +++ b/weapons/gobuster.yaml @@ -1,10 +1,7 @@ --- name: gobuster description: 'Directory/File, DNS and VHost busting tool written in Go ' -urls: -- https://github.com/OJ/gobuster) -- https://img.shields.io/github/stars/OJ/gobuster) -- https://img.shields.io/github/languages/top/OJ/gobuster) +url: https://github.com/OJ/gobuster category: tool types: [] platform: diff --git a/weapons/gospider.yaml b/weapons/gospider.yaml index c324c3e..b0a4733 100644 --- a/weapons/gospider.yaml +++ b/weapons/gospider.yaml @@ -1,10 +1,7 @@ --- name: gospider description: 'Gospider - Fast web spider written in Go ' -urls: -- https://github.com/jaeles-project/gospider) -- https://img.shields.io/github/stars/jaeles-project/gospider) -- https://img.shields.io/github/languages/top/jaeles-project/gospider) +url: https://github.com/jaeles-project/gospider category: tool types: [] platform: diff --git a/weapons/gotator.yaml b/weapons/gotator.yaml index 069511f..e62aeda 100644 --- a/weapons/gotator.yaml +++ b/weapons/gotator.yaml @@ -1,10 +1,7 @@ --- name: gotator description: Gotator is a tool to generate DNS wordlists through permutations. -urls: -- https://github.com/Josue87/gotator) -- https://img.shields.io/github/stars/Josue87/gotator) -- https://img.shields.io/github/languages/top/Josue87/gotator) +url: https://github.com/Josue87/gotator category: tool types: [] platform: [] diff --git a/weapons/gotestwaf.yaml b/weapons/gotestwaf.yaml index 0ce8d2d..cd285cf 100644 --- a/weapons/gotestwaf.yaml +++ b/weapons/gotestwaf.yaml @@ -2,10 +2,7 @@ name: gotestwaf description: An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses -urls: -- https://github.com/wallarm/gotestwaf) -- https://img.shields.io/github/stars/wallarm/gotestwaf) -- https://img.shields.io/github/languages/top/wallarm/gotestwaf) +url: https://github.com/wallarm/gotestwaf category: tool types: [] platform: [] diff --git a/weapons/gowitness.yaml b/weapons/gowitness.yaml index 61fa78a..11849b1 100644 --- a/weapons/gowitness.yaml +++ b/weapons/gowitness.yaml @@ -2,10 +2,7 @@ name: gowitness description: "\U0001F50D gowitness - a golang, web screenshot utility using Chrome Headless " -urls: -- https://github.com/sensepost/gowitness) -- https://img.shields.io/github/stars/sensepost/gowitness) -- https://img.shields.io/github/languages/top/sensepost/gowitness) +url: https://github.com/sensepost/gowitness category: tool types: [] platform: diff --git a/weapons/graphql-voyager.yaml b/weapons/graphql-voyager.yaml index 1ae12f2..9d12e34 100644 --- a/weapons/graphql-voyager.yaml +++ b/weapons/graphql-voyager.yaml @@ -1,10 +1,7 @@ --- name: graphql-voyager description: "\U0001F6F0️ Represent any GraphQL API as an interactive graph " -urls: -- https://github.com/APIs-guru/graphql-voyager) -- https://img.shields.io/github/stars/APIs-guru/graphql-voyager) -- https://img.shields.io/github/languages/top/APIs-guru/graphql-voyager) +url: https://github.com/APIs-guru/graphql-voyager category: tool types: [] platform: diff --git a/weapons/grc.yaml b/weapons/grc.yaml index 2e4de8c..0113914 100644 --- a/weapons/grc.yaml +++ b/weapons/grc.yaml @@ -1,10 +1,7 @@ --- name: grc description: generic colouriser -urls: -- https://github.com/garabik/grc) -- https://img.shields.io/github/stars/garabik/grc) -- https://img.shields.io/github/languages/top/garabik/grc) +url: https://github.com/garabik/grc category: tool types: [] platform: [] diff --git a/weapons/grex.yaml b/weapons/grex.yaml index 27835a6..792d6e3 100644 --- a/weapons/grex.yaml +++ b/weapons/grex.yaml @@ -2,10 +2,7 @@ name: grex description: A command-line tool and library for generating regular expressions from user-provided test cases -urls: -- https://github.com/pemistahl/grex) -- https://img.shields.io/github/stars/pemistahl/grex) -- https://img.shields.io/github/languages/top/pemistahl/grex) +url: https://github.com/pemistahl/grex category: tool types: [] platform: [] diff --git a/weapons/gron.yaml b/weapons/gron.yaml index ffb6136..cac3d58 100644 --- a/weapons/gron.yaml +++ b/weapons/gron.yaml @@ -1,10 +1,7 @@ --- name: gron description: 'Make JSON greppable! ' -urls: -- https://github.com/tomnomnom/gron) -- https://img.shields.io/github/stars/tomnomnom/gron) -- https://img.shields.io/github/languages/top/tomnomnom/gron) +url: https://github.com/tomnomnom/gron category: tool types: [] platform: diff --git a/weapons/h2csmuggler.yaml b/weapons/h2csmuggler.yaml index cd3714c..861ef8f 100644 --- a/weapons/h2csmuggler.yaml +++ b/weapons/h2csmuggler.yaml @@ -1,10 +1,7 @@ --- name: h2csmuggler description: HTTP Request Smuggling Detection Tool -urls: -- https://github.com/assetnote/h2csmuggler) -- https://img.shields.io/github/stars/assetnote/h2csmuggler) -- https://img.shields.io/github/languages/top/assetnote/h2csmuggler) +url: https://github.com/assetnote/h2csmuggler category: tool types: [] platform: diff --git a/weapons/hacks.yaml b/weapons/hacks.yaml index f015781..729882d 100644 --- a/weapons/hacks.yaml +++ b/weapons/hacks.yaml @@ -1,10 +1,7 @@ --- name: hacks description: 'A collection of hacks and one-off scripts ' -urls: -- https://github.com/tomnomnom/hacks) -- https://img.shields.io/github/stars/tomnomnom/hacks) -- https://img.shields.io/github/languages/top/tomnomnom/hacks) +url: https://github.com/tomnomnom/hacks category: tool types: [] platform: diff --git a/weapons/hakcheckurl.yaml b/weapons/hakcheckurl.yaml index 80bf7c6..49511d9 100644 --- a/weapons/hakcheckurl.yaml +++ b/weapons/hakcheckurl.yaml @@ -1,10 +1,7 @@ --- name: hakcheckurl description: Takes a list of URLs and returns their HTTP response codes -urls: -- https://github.com/hakluke/hakcheckurl) -- https://img.shields.io/github/stars/hakluke/hakcheckurl) -- https://img.shields.io/github/languages/top/hakluke/hakcheckurl) +url: https://github.com/hakluke/hakcheckurl category: tool types: [] platform: [] diff --git a/weapons/hakrawler.yaml b/weapons/hakrawler.yaml index 2185850..193b3c3 100644 --- a/weapons/hakrawler.yaml +++ b/weapons/hakrawler.yaml @@ -2,10 +2,7 @@ name: hakrawler description: 'Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application ' -urls: -- https://github.com/hakluke/hakrawler) -- https://img.shields.io/github/stars/hakluke/hakrawler) -- https://img.shields.io/github/languages/top/hakluke/hakrawler) +url: https://github.com/hakluke/hakrawler category: tool types: [] platform: diff --git a/weapons/hakrevdns.yaml b/weapons/hakrevdns.yaml index 7964126..fa7b879 100644 --- a/weapons/hakrevdns.yaml +++ b/weapons/hakrevdns.yaml @@ -1,10 +1,7 @@ --- name: hakrevdns description: 'Small, fast tool for performing reverse DNS lookups en masse. ' -urls: -- https://github.com/hakluke/hakrevdns) -- https://img.shields.io/github/stars/hakluke/hakrevdns) -- https://img.shields.io/github/languages/top/hakluke/hakrevdns) +url: https://github.com/hakluke/hakrevdns category: tool types: [] platform: diff --git a/weapons/haktrails.yaml b/weapons/haktrails.yaml index f441719..782d958 100644 --- a/weapons/haktrails.yaml +++ b/weapons/haktrails.yaml @@ -1,10 +1,7 @@ --- name: haktrails description: Golang client for querying SecurityTrails API data -urls: -- https://github.com/hakluke/haktrails) -- https://img.shields.io/github/stars/hakluke/haktrails) -- https://img.shields.io/github/languages/top/hakluke/haktrails) +url: https://github.com/hakluke/haktrails category: tool types: [] platform: [] diff --git a/weapons/hashcat.yaml b/weapons/hashcat.yaml index de3a859..0df7ee6 100644 --- a/weapons/hashcat.yaml +++ b/weapons/hashcat.yaml @@ -1,10 +1,7 @@ --- name: hashcat description: 'World''s fastest and most advanced password recovery utility ' -urls: -- https://github.com/hashcat/hashcat/) -- https://img.shields.io/github/stars/hashcat/hashcat/) -- https://img.shields.io/github/languages/top/hashcat/hashcat/) +url: https://github.com/hashcat/hashcat/ category: tool types: [] platform: [] diff --git a/weapons/headi.yaml b/weapons/headi.yaml index c567b3e..a90b73b 100644 --- a/weapons/headi.yaml +++ b/weapons/headi.yaml @@ -1,10 +1,7 @@ --- name: headi description: Customisable and automated HTTP header injection -urls: -- https://github.com/mlcsec/headi) -- https://img.shields.io/github/stars/mlcsec/headi) -- https://img.shields.io/github/languages/top/mlcsec/headi) +url: https://github.com/mlcsec/headi category: tool types: [] platform: [] diff --git a/weapons/hetty.yaml b/weapons/hetty.yaml index c589ccd..d1c66c2 100644 --- a/weapons/hetty.yaml +++ b/weapons/hetty.yaml @@ -3,10 +3,7 @@ name: hetty description: Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. -urls: -- https://github.com/dstotijn/hetty) -- https://img.shields.io/github/stars/dstotijn/hetty) -- https://img.shields.io/github/languages/top/dstotijn/hetty) +url: https://github.com/dstotijn/hetty category: tool types: [] platform: diff --git a/weapons/hinject.yaml b/weapons/hinject.yaml index 24eafe1..1b6233b 100644 --- a/weapons/hinject.yaml +++ b/weapons/hinject.yaml @@ -1,10 +1,7 @@ --- name: hinject description: 'Host Header Injection Checker ' -urls: -- https://github.com/dwisiswant0/hinject) -- https://img.shields.io/github/stars/dwisiswant0/hinject) -- https://img.shields.io/github/languages/top/dwisiswant0/hinject) +url: https://github.com/dwisiswant0/hinject category: tool types: [] platform: diff --git a/weapons/htcat.yaml b/weapons/htcat.yaml index 12bb558..ff6e227 100644 --- a/weapons/htcat.yaml +++ b/weapons/htcat.yaml @@ -1,10 +1,7 @@ --- name: htcat description: 'Parallel and Pipelined HTTP GET Utility ' -urls: -- https://github.com/htcat/htcat) -- https://img.shields.io/github/stars/htcat/htcat) -- https://img.shields.io/github/languages/top/htcat/htcat) +url: https://github.com/htcat/htcat category: tool types: [] platform: diff --git a/weapons/http-request-smuggler.yaml b/weapons/http-request-smuggler.yaml index 2b0e0eb..2cbc389 100644 --- a/weapons/http-request-smuggler.yaml +++ b/weapons/http-request-smuggler.yaml @@ -1,10 +1,7 @@ --- name: http-request-smuggler description: -urls: -- https://github.com/PortSwigger/http-request-smuggler) -- https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) -- https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) +url: https://github.com/PortSwigger/http-request-smuggler category: tool-addon types: [] platform: diff --git a/weapons/http-request-smuggling.yaml b/weapons/http-request-smuggling.yaml index 58dd1aa..bceaa99 100644 --- a/weapons/http-request-smuggling.yaml +++ b/weapons/http-request-smuggling.yaml @@ -1,10 +1,7 @@ --- name: http-request-smuggling description: HTTP Request Smuggling Detection Tool -urls: -- https://github.com/anshumanpattnaik/http-request-smuggling) -- https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling) -- https://img.shields.io/github/languages/top/anshumanpattnaik/http-request-smuggling) +url: https://github.com/anshumanpattnaik/http-request-smuggling category: tool types: [] platform: [] diff --git a/weapons/http-script-generator.yaml b/weapons/http-script-generator.yaml index 948870e..bc36948 100644 --- a/weapons/http-script-generator.yaml +++ b/weapons/http-script-generator.yaml @@ -1,10 +1,7 @@ --- name: http-script-generator description: -urls: -- https://github.com/h3xstream/http-script-generator) -- https://img.shields.io/github/stars/h3xstream/http-script-generator) -- https://img.shields.io/github/languages/top/h3xstream/http-script-generator) +url: https://github.com/h3xstream/http-script-generator category: tool-addon types: [] platform: diff --git a/weapons/http2smugl.yaml b/weapons/http2smugl.yaml index 13f0207..a507772 100644 --- a/weapons/http2smugl.yaml +++ b/weapons/http2smugl.yaml @@ -2,10 +2,7 @@ name: http2smugl description: This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. -urls: -- https://github.com/neex/http2smugl) -- https://img.shields.io/github/stars/neex/http2smugl) -- https://img.shields.io/github/languages/top/neex/http2smugl) +url: https://github.com/neex/http2smugl category: tool types: [] platform: [] diff --git a/weapons/httpie.yaml b/weapons/httpie.yaml index f2cac1c..33bcf5e 100644 --- a/weapons/httpie.yaml +++ b/weapons/httpie.yaml @@ -3,11 +3,7 @@ name: httpie description: "As easy as /aitch-tee-tee-pie/ \U0001F967 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie" -urls: -- https://github.com/httpie/httpie) -- https://twitter.com/httpie -- https://img.shields.io/github/stars/httpie/httpie) -- https://img.shields.io/github/languages/top/httpie/httpie) +url: https://github.com/httpie/httpie category: tool types: [] platform: [] diff --git a/weapons/httprobe.yaml b/weapons/httprobe.yaml index e2fd2e5..56a9a4e 100644 --- a/weapons/httprobe.yaml +++ b/weapons/httprobe.yaml @@ -1,10 +1,7 @@ --- name: httprobe description: 'Take a list of domains and probe for working HTTP and HTTPS servers ' -urls: -- https://github.com/tomnomnom/httprobe) -- https://img.shields.io/github/stars/tomnomnom/httprobe) -- https://img.shields.io/github/languages/top/tomnomnom/httprobe) +url: https://github.com/tomnomnom/httprobe category: tool types: [] platform: diff --git a/weapons/httptoolkit.yaml b/weapons/httptoolkit.yaml index b1f29ca..c39ec57 100644 --- a/weapons/httptoolkit.yaml +++ b/weapons/httptoolkit.yaml @@ -2,10 +2,7 @@ name: httptoolkit description: HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac -urls: -- https://github.com/httptoolkit/httptoolkit) -- https://img.shields.io/github/stars/httptoolkit/httptoolkit) -- https://img.shields.io/github/languages/top/httptoolkit/httptoolkit) +url: https://github.com/httptoolkit/httptoolkit category: tool types: [] platform: [] diff --git a/weapons/httpx.yaml b/weapons/httpx.yaml index a6a0370..4904d31 100644 --- a/weapons/httpx.yaml +++ b/weapons/httpx.yaml @@ -3,10 +3,7 @@ name: httpx description: 'httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. ' -urls: -- https://github.com/projectdiscovery/httpx) -- https://img.shields.io/github/stars/projectdiscovery/httpx) -- https://img.shields.io/github/languages/top/projectdiscovery/httpx) +url: https://github.com/projectdiscovery/httpx category: tool types: [] platform: diff --git a/weapons/hurl.yaml b/weapons/hurl.yaml index 6e48be3..f574e36 100644 --- a/weapons/hurl.yaml +++ b/weapons/hurl.yaml @@ -1,10 +1,7 @@ --- name: hurl description: Hurl, run and test HTTP requests. -urls: -- https://github.com/Orange-OpenSource/hurl) -- https://img.shields.io/github/stars/Orange-OpenSource/hurl) -- https://img.shields.io/github/languages/top/Orange-OpenSource/hurl) +url: https://github.com/Orange-OpenSource/hurl category: tool types: [] platform: [] diff --git a/weapons/inql.yaml b/weapons/inql.yaml index de41ea3..5c3b625 100644 --- a/weapons/inql.yaml +++ b/weapons/inql.yaml @@ -1,10 +1,7 @@ --- name: inql description: -urls: -- https://github.com/doyensec/inql) -- https://img.shields.io/github/stars/doyensec/inql) -- https://img.shields.io/github/languages/top/doyensec/inql) +url: https://github.com/doyensec/inql category: tool-addon types: [] platform: diff --git a/weapons/interactsh.yaml b/weapons/interactsh.yaml index fdc827f..69c828c 100644 --- a/weapons/interactsh.yaml +++ b/weapons/interactsh.yaml @@ -1,10 +1,7 @@ --- name: interactsh description: An OOB interaction gathering server and client library -urls: -- https://github.com/projectdiscovery/interactsh) -- https://img.shields.io/github/stars/projectdiscovery/interactsh) -- https://img.shields.io/github/languages/top/projectdiscovery/interactsh) +url: https://github.com/projectdiscovery/interactsh category: tool types: [] platform: [] diff --git a/weapons/intrigue-core.yaml b/weapons/intrigue-core.yaml index 881a76e..5c10f54 100644 --- a/weapons/intrigue-core.yaml +++ b/weapons/intrigue-core.yaml @@ -1,10 +1,7 @@ --- name: intrigue-core description: 'Discover Your Attack Surface ' -urls: -- https://github.com/intrigueio/intrigue-core) -- https://img.shields.io/github/stars/intrigueio/intrigue-core) -- https://img.shields.io/github/languages/top/intrigueio/intrigue-core) +url: https://github.com/intrigueio/intrigue-core category: tool types: [] platform: diff --git a/weapons/jaeles.yaml b/weapons/jaeles.yaml index cfff22b..b3ea758 100644 --- a/weapons/jaeles.yaml +++ b/weapons/jaeles.yaml @@ -1,10 +1,7 @@ --- name: jaeles description: 'The Swiss Army knife for automated Web Application Testing ' -urls: -- https://github.com/jaeles-project/jaeles) -- https://img.shields.io/github/stars/jaeles-project/jaeles) -- https://img.shields.io/github/languages/top/jaeles-project/jaeles) +url: https://github.com/jaeles-project/jaeles category: tool types: [] platform: diff --git a/weapons/jsfuck.yaml b/weapons/jsfuck.yaml index f775dd8..3bd94d1 100644 --- a/weapons/jsfuck.yaml +++ b/weapons/jsfuck.yaml @@ -1,10 +1,7 @@ --- name: jsfuck description: Write any JavaScript with 6 Characters -urls: -- https://github.com/aemkei/jsfuck) -- https://img.shields.io/github/stars/aemkei/jsfuck) -- https://img.shields.io/github/languages/top/aemkei/jsfuck) +url: https://github.com/aemkei/jsfuck category: tool types: [] platform: [] diff --git a/weapons/jsonwebtoken.github.io.yaml b/weapons/jsonwebtoken.github.io.yaml index fefcbaf..0cf8f23 100644 --- a/weapons/jsonwebtoken.github.io.yaml +++ b/weapons/jsonwebtoken.github.io.yaml @@ -1,10 +1,7 @@ --- name: jsonwebtoken.github.io description: JWT En/Decode and Verify -urls: -- https://github.com/jsonwebtoken/jsonwebtoken.github.io) -- https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io) -- https://img.shields.io/github/languages/top/jsonwebtoken/jsonwebtoken.github.io) +url: https://github.com/jsonwebtoken/jsonwebtoken.github.io category: browser-addon types: [] platform: diff --git a/weapons/jsprime.yaml b/weapons/jsprime.yaml index 823d0dc..c6a1e64 100644 --- a/weapons/jsprime.yaml +++ b/weapons/jsprime.yaml @@ -1,10 +1,7 @@ --- name: jsprime description: a javascript static security analysis tool -urls: -- https://github.com/dpnishant/jsprime) -- https://img.shields.io/github/stars/dpnishant/jsprime) -- https://img.shields.io/github/languages/top/dpnishant/jsprime) +url: https://github.com/dpnishant/jsprime category: tool types: [] platform: [] diff --git a/weapons/jwt-cracker.yaml b/weapons/jwt-cracker.yaml index 639d1d3..7a95c3f 100644 --- a/weapons/jwt-cracker.yaml +++ b/weapons/jwt-cracker.yaml @@ -1,10 +1,7 @@ --- name: jwt-cracker description: 'Simple HS256 JWT token brute force cracker ' -urls: -- https://github.com/lmammino/jwt-cracker) -- https://img.shields.io/github/stars/lmammino/jwt-cracker) -- https://img.shields.io/github/languages/top/lmammino/jwt-cracker) +url: https://github.com/lmammino/jwt-cracker category: tool types: [] platform: diff --git a/weapons/jwt-hack.yaml b/weapons/jwt-hack.yaml index f816b01..82c25dd 100644 --- a/weapons/jwt-hack.yaml +++ b/weapons/jwt-hack.yaml @@ -2,10 +2,7 @@ name: jwt-hack description: "\U0001F529 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)" -urls: -- https://github.com/hahwul/jwt-hack) -- https://img.shields.io/github/stars/hahwul/jwt-hack) -- https://img.shields.io/github/languages/top/hahwul/jwt-hack) +url: https://github.com/hahwul/jwt-hack category: tool types: [] platform: diff --git a/weapons/kiterunner.yaml b/weapons/kiterunner.yaml index b245de9..48b0bb1 100644 --- a/weapons/kiterunner.yaml +++ b/weapons/kiterunner.yaml @@ -1,10 +1,7 @@ --- name: kiterunner description: Contextual Content Discovery Tool -urls: -- https://github.com/assetnote/kiterunner) -- https://img.shields.io/github/stars/assetnote/kiterunner) -- https://img.shields.io/github/languages/top/assetnote/kiterunner) +url: https://github.com/assetnote/kiterunner category: tool types: [] platform: [] diff --git a/weapons/knife.yaml b/weapons/knife.yaml index 6c8dc4e..e0d8633 100644 --- a/weapons/knife.yaml +++ b/weapons/knife.yaml @@ -1,10 +1,7 @@ --- name: knife description: A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 -urls: -- https://github.com/bit4woo/knife) -- https://img.shields.io/github/stars/bit4woo/knife) -- https://img.shields.io/github/languages/top/bit4woo/knife) +url: https://github.com/bit4woo/knife category: tool-addon types: [] platform: diff --git a/weapons/knock.yaml b/weapons/knock.yaml index 539952b..040b0bf 100644 --- a/weapons/knock.yaml +++ b/weapons/knock.yaml @@ -1,10 +1,7 @@ --- name: knock description: 'Knock Subdomain Scan ' -urls: -- https://github.com/guelfoweb/knock) -- https://img.shields.io/github/stars/guelfoweb/knock) -- https://img.shields.io/github/languages/top/guelfoweb/knock) +url: https://github.com/guelfoweb/knock category: tool types: [] platform: diff --git a/weapons/lazyrecon.yaml b/weapons/lazyrecon.yaml index 69fa40f..25f1a2f 100644 --- a/weapons/lazyrecon.yaml +++ b/weapons/lazyrecon.yaml @@ -2,10 +2,7 @@ name: lazyrecon description: 'This script is intended to automate your reconnaissance process in an organized fashion ' -urls: -- https://github.com/nahamsec/lazyrecon) -- https://img.shields.io/github/stars/nahamsec/lazyrecon) -- https://img.shields.io/github/languages/top/nahamsec/lazyrecon) +url: https://github.com/nahamsec/lazyrecon category: tool types: [] platform: diff --git a/weapons/longtongue.yaml b/weapons/longtongue.yaml index 3e550a5..3f537c8 100644 --- a/weapons/longtongue.yaml +++ b/weapons/longtongue.yaml @@ -1,10 +1,7 @@ --- name: longtongue description: Customized Password/Passphrase List inputting Target Info -urls: -- https://github.com/edoardottt/longtongue) -- https://img.shields.io/github/stars/edoardottt/longtongue) -- https://img.shields.io/github/languages/top/edoardottt/longtongue) +url: https://github.com/edoardottt/longtongue category: tool types: [] platform: [] diff --git a/weapons/masscan.yaml b/weapons/masscan.yaml index d9b4528..42ed8a3 100644 --- a/weapons/masscan.yaml +++ b/weapons/masscan.yaml @@ -2,10 +2,7 @@ name: masscan description: 'TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. ' -urls: -- https://github.com/robertdavidgraham/masscan) -- https://img.shields.io/github/stars/robertdavidgraham/masscan) -- https://img.shields.io/github/languages/top/robertdavidgraham/masscan) +url: https://github.com/robertdavidgraham/masscan category: tool types: [] platform: diff --git a/weapons/medusa.yaml b/weapons/medusa.yaml index 5fa72fa..9c5cc0f 100644 --- a/weapons/medusa.yaml +++ b/weapons/medusa.yaml @@ -1,10 +1,7 @@ --- name: medusa description: 'Fastest recursive HTTP fuzzer, like a Ferrari. ' -urls: -- https://github.com/riza/medusa) -- https://img.shields.io/github/stars/riza/medusa) -- https://img.shields.io/github/languages/top/riza/medusa) +url: https://github.com/riza/medusa category: tool types: [] platform: diff --git a/weapons/meg.yaml b/weapons/meg.yaml index 5e2ab76..9cfd64a 100644 --- a/weapons/meg.yaml +++ b/weapons/meg.yaml @@ -1,10 +1,7 @@ --- name: meg description: 'Fetch many paths for many hosts - without killing the hosts ' -urls: -- https://github.com/tomnomnom/meg) -- https://img.shields.io/github/stars/tomnomnom/meg) -- https://img.shields.io/github/languages/top/tomnomnom/meg) +url: https://github.com/tomnomnom/meg category: tool types: [] platform: diff --git a/weapons/megplus.yaml b/weapons/megplus.yaml index 2ba48de..e1f4431 100644 --- a/weapons/megplus.yaml +++ b/weapons/megplus.yaml @@ -1,10 +1,7 @@ --- name: megplus description: 'Automated reconnaissance wrapper — TomNomNom''s meg on steroids. [DEPRECATED] ' -urls: -- https://github.com/EdOverflow/megplus) -- https://img.shields.io/github/stars/EdOverflow/megplus) -- https://img.shields.io/github/languages/top/EdOverflow/megplus) +url: https://github.com/EdOverflow/megplus category: tool types: [] platform: diff --git a/weapons/naabu.yaml b/weapons/naabu.yaml index 67cb90a..b227115 100644 --- a/weapons/naabu.yaml +++ b/weapons/naabu.yaml @@ -3,10 +3,7 @@ name: naabu description: 'A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests ' -urls: -- https://github.com/projectdiscovery/naabu) -- https://img.shields.io/github/stars/projectdiscovery/naabu) -- https://img.shields.io/github/languages/top/projectdiscovery/naabu) +url: https://github.com/projectdiscovery/naabu category: tool types: [] platform: diff --git a/weapons/nikto.yaml b/weapons/nikto.yaml index 27d5af9..debb6a9 100644 --- a/weapons/nikto.yaml +++ b/weapons/nikto.yaml @@ -1,10 +1,7 @@ --- name: nikto description: 'Nikto web server scanner ' -urls: -- https://github.com/sullo/nikto) -- https://img.shields.io/github/stars/sullo/nikto) -- https://img.shields.io/github/languages/top/sullo/nikto) +url: https://github.com/sullo/nikto category: tool types: [] platform: diff --git a/weapons/nmap.yaml b/weapons/nmap.yaml index d13fc9d..6c2dbb4 100644 --- a/weapons/nmap.yaml +++ b/weapons/nmap.yaml @@ -1,10 +1,7 @@ --- name: nmap description: 'Nmap - the Network Mapper. Github mirror of official SVN repository. ' -urls: -- https://github.com/nmap/nmap) -- https://img.shields.io/github/stars/nmap/nmap) -- https://img.shields.io/github/languages/top/nmap/nmap) +url: https://github.com/nmap/nmap category: tool types: [] platform: diff --git a/weapons/nosqli.yaml b/weapons/nosqli.yaml index d1226d6..8a398b8 100644 --- a/weapons/nosqli.yaml +++ b/weapons/nosqli.yaml @@ -1,10 +1,7 @@ --- name: nosqli description: NoSql Injection CLI tool -urls: -- https://github.com/Charlie-belmer/nosqli) -- https://img.shields.io/github/stars/Charlie-belmer/nosqli) -- https://img.shields.io/github/languages/top/Charlie-belmer/nosqli) +url: https://github.com/Charlie-belmer/nosqli category: tool types: [] platform: diff --git a/weapons/nuclei.yaml b/weapons/nuclei.yaml index ef7141c..95c951f 100644 --- a/weapons/nuclei.yaml +++ b/weapons/nuclei.yaml @@ -2,10 +2,7 @@ name: nuclei description: 'Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. ' -urls: -- https://github.com/projectdiscovery/nuclei) -- https://img.shields.io/github/stars/projectdiscovery/nuclei) -- https://img.shields.io/github/languages/top/projectdiscovery/nuclei) +url: https://github.com/projectdiscovery/nuclei category: tool types: [] platform: diff --git a/weapons/ob_hacky_slack.yaml b/weapons/ob_hacky_slack.yaml index e0d7c98..7be0fc0 100644 --- a/weapons/ob_hacky_slack.yaml +++ b/weapons/ob_hacky_slack.yaml @@ -1,10 +1,7 @@ --- name: ob_hacky_slack description: Hacky Slack - a bash script that sends beautiful messages to Slack -urls: -- https://github.com/openbridge/ob_hacky_slack) -- https://img.shields.io/github/stars/openbridge/ob_hacky_slack) -- https://img.shields.io/github/languages/top/openbridge/ob_hacky_slack) +url: https://github.com/openbridge/ob_hacky_slack category: tool types: [] platform: [] diff --git a/weapons/owasp-zap-jwt-addon.yaml b/weapons/owasp-zap-jwt-addon.yaml index 4fb8297..f8b53ba 100644 --- a/weapons/owasp-zap-jwt-addon.yaml +++ b/weapons/owasp-zap-jwt-addon.yaml @@ -1,10 +1,7 @@ --- name: owasp-zap-jwt-addon description: -urls: -- https://github.com/SasanLabs/owasp-zap-jwt-addon) -- https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon) -- https://img.shields.io/github/languages/top/SasanLabs/owasp-zap-jwt-addon) +url: https://github.com/SasanLabs/owasp-zap-jwt-addon category: tool-addon types: [] platform: diff --git a/weapons/oxml_xxe.yaml b/weapons/oxml_xxe.yaml index 1d4bd8a..b5ceca5 100644 --- a/weapons/oxml_xxe.yaml +++ b/weapons/oxml_xxe.yaml @@ -1,10 +1,7 @@ --- name: oxml_xxe description: 'A tool for embedding XXE/XML exploits into different filetypes ' -urls: -- https://github.com/BuffaloWill/oxml_xxe) -- https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) -- https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) +url: https://github.com/BuffaloWill/oxml_xxe category: tool types: [] platform: diff --git a/weapons/pagodo.yaml b/weapons/pagodo.yaml index 5b58da8..7db2d2a 100644 --- a/weapons/pagodo.yaml +++ b/weapons/pagodo.yaml @@ -2,10 +2,7 @@ name: pagodo description: pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching -urls: -- https://github.com/opsdisk/pagodo) -- https://img.shields.io/github/stars/opsdisk/pagodo) -- https://img.shields.io/github/languages/top/opsdisk/pagodo) +url: https://github.com/opsdisk/pagodo category: tool types: [] platform: [] diff --git a/weapons/param-miner.yaml b/weapons/param-miner.yaml index e12ab9c..7bcc573 100644 --- a/weapons/param-miner.yaml +++ b/weapons/param-miner.yaml @@ -1,10 +1,7 @@ --- name: param-miner description: -urls: -- https://github.com/PortSwigger/param-miner) -- https://img.shields.io/github/stars/PortSwigger/param-miner) -- https://img.shields.io/github/languages/top/PortSwigger/param-miner) +url: https://github.com/PortSwigger/param-miner category: tool-addon types: [] platform: diff --git a/weapons/parameth.yaml b/weapons/parameth.yaml index d12373c..6cd81e3 100644 --- a/weapons/parameth.yaml +++ b/weapons/parameth.yaml @@ -1,10 +1,7 @@ --- name: parameth description: This tool can be used to brute discover GET and POST parameters -urls: -- https://github.com/maK-/parameth) -- https://img.shields.io/github/stars/maK-/parameth) -- https://img.shields.io/github/languages/top/maK-/parameth) +url: https://github.com/maK-/parameth category: tool types: [] platform: [] diff --git a/weapons/pentest-tools.yaml b/weapons/pentest-tools.yaml index eaa9d58..490b9bf 100644 --- a/weapons/pentest-tools.yaml +++ b/weapons/pentest-tools.yaml @@ -1,10 +1,7 @@ --- name: pentest-tools description: 'Custom pentesting tools ' -urls: -- https://github.com/gwen001/pentest-tools) -- https://img.shields.io/github/stars/gwen001/pentest-tools) -- https://img.shields.io/github/languages/top/gwen001/pentest-tools) +url: https://github.com/gwen001/pentest-tools category: tool types: [] platform: diff --git a/weapons/pet.yaml b/weapons/pet.yaml index 5a026dc..b1895b3 100644 --- a/weapons/pet.yaml +++ b/weapons/pet.yaml @@ -1,10 +1,7 @@ --- name: pet description: Simple command-line snippet manager, written in Go. -urls: -- https://github.com/knqyf263/pet) -- https://img.shields.io/github/stars/knqyf263/pet) -- https://img.shields.io/github/languages/top/knqyf263/pet) +url: https://github.com/knqyf263/pet category: tool types: [] platform: diff --git a/weapons/plution.yaml b/weapons/plution.yaml index f5de5ad..9a7707d 100644 --- a/weapons/plution.yaml +++ b/weapons/plution.yaml @@ -1,10 +1,7 @@ --- name: plution description: Prototype pollution scanner using headless chrome -urls: -- https://github.com/raverrr/plution) -- https://img.shields.io/github/stars/raverrr/plution) -- https://img.shields.io/github/languages/top/raverrr/plution) +url: https://github.com/raverrr/plution category: tool types: [] platform: [] diff --git a/weapons/postMessage-tracker.yaml b/weapons/postMessage-tracker.yaml index 50ac4ac..dd1846d 100644 --- a/weapons/postMessage-tracker.yaml +++ b/weapons/postMessage-tracker.yaml @@ -2,10 +2,7 @@ name: postMessage-tracker description: A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon -urls: -- https://github.com/fransr/postMessage-tracker) -- https://img.shields.io/github/stars/fransr/postMessage-tracker) -- https://img.shields.io/github/languages/top/fransr/postMessage-tracker) +url: https://github.com/fransr/postMessage-tracker category: browser-addon types: [] platform: diff --git a/weapons/ppfuzz.yaml b/weapons/ppfuzz.yaml index d502be9..2698546 100644 --- a/weapons/ppfuzz.yaml +++ b/weapons/ppfuzz.yaml @@ -2,10 +2,7 @@ name: ppfuzz description: "A fast tool to scan client-side prototype pollution vulnerability written in Rust. \U0001F980" -urls: -- https://github.com/dwisiswant0/ppfuzz) -- https://img.shields.io/github/stars/dwisiswant0/ppfuzz) -- https://img.shields.io/github/languages/top/dwisiswant0/ppfuzz) +url: https://github.com/dwisiswant0/ppfuzz category: tool types: [] platform: [] diff --git a/weapons/ppmap.yaml b/weapons/ppmap.yaml index f19d025..6ca421c 100644 --- a/weapons/ppmap.yaml +++ b/weapons/ppmap.yaml @@ -2,10 +2,7 @@ name: ppmap description: A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. -urls: -- https://github.com/kleiton0x00/ppmap) -- https://img.shields.io/github/stars/kleiton0x00/ppmap) -- https://img.shields.io/github/languages/top/kleiton0x00/ppmap) +url: https://github.com/kleiton0x00/ppmap category: tool types: [] platform: [] diff --git a/weapons/proxify.yaml b/weapons/proxify.yaml index e742817..2b7ad24 100644 --- a/weapons/proxify.yaml +++ b/weapons/proxify.yaml @@ -2,10 +2,7 @@ name: proxify description: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay -urls: -- https://github.com/projectdiscovery/proxify) -- https://img.shields.io/github/stars/projectdiscovery/proxify) -- https://img.shields.io/github/languages/top/projectdiscovery/proxify) +url: https://github.com/projectdiscovery/proxify category: tool types: [] platform: [] diff --git a/weapons/puredns.yaml b/weapons/puredns.yaml index abf8736..ff9db20 100644 --- a/weapons/puredns.yaml +++ b/weapons/puredns.yaml @@ -2,10 +2,7 @@ name: puredns description: Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. -urls: -- https://github.com/d3mondev/puredns) -- https://img.shields.io/github/stars/d3mondev/puredns) -- https://img.shields.io/github/languages/top/d3mondev/puredns) +url: https://github.com/d3mondev/puredns category: tool types: [] platform: [] diff --git a/weapons/pwncat.yaml b/weapons/pwncat.yaml index 34a54c6..8cff32f 100644 --- a/weapons/pwncat.yaml +++ b/weapons/pwncat.yaml @@ -3,10 +3,7 @@ name: pwncat description: 'pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) ' -urls: -- https://github.com/cytopia/pwncat) -- https://img.shields.io/github/stars/cytopia/pwncat) -- https://img.shields.io/github/languages/top/cytopia/pwncat) +url: https://github.com/cytopia/pwncat category: tool types: [] platform: diff --git a/weapons/qsreplace.yaml b/weapons/qsreplace.yaml index 432755a..579723b 100644 --- a/weapons/qsreplace.yaml +++ b/weapons/qsreplace.yaml @@ -2,10 +2,7 @@ name: qsreplace description: 'Accept URLs on stdin, replace all query string values with a user-supplied value ' -urls: -- https://github.com/tomnomnom/qsreplace) -- https://img.shields.io/github/stars/tomnomnom/qsreplace) -- https://img.shields.io/github/languages/top/tomnomnom/qsreplace) +url: https://github.com/tomnomnom/qsreplace category: tool types: [] platform: diff --git a/weapons/quickjack.yaml b/weapons/quickjack.yaml index 38849b7..fbc8708 100644 --- a/weapons/quickjack.yaml +++ b/weapons/quickjack.yaml @@ -2,10 +2,7 @@ name: quickjack description: Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks. -urls: -- https://github.com/samyk/quickjack) -- https://img.shields.io/github/stars/samyk/quickjack) -- https://img.shields.io/github/languages/top/samyk/quickjack) +url: https://github.com/samyk/quickjack category: tool types: [] platform: [] diff --git a/weapons/rapidscan.yaml b/weapons/rapidscan.yaml index 4a1092f..ae70793 100644 --- a/weapons/rapidscan.yaml +++ b/weapons/rapidscan.yaml @@ -1,10 +1,7 @@ --- name: rapidscan description: 'The Multi-Tool Web Vulnerability Scanner. ' -urls: -- https://github.com/skavngr/rapidscan) -- https://img.shields.io/github/stars/skavngr/rapidscan) -- https://img.shields.io/github/languages/top/skavngr/rapidscan) +url: https://github.com/skavngr/rapidscan category: tool types: [] platform: diff --git a/weapons/recon_profile.yaml b/weapons/recon_profile.yaml index 90eb02e..6a2f724 100644 --- a/weapons/recon_profile.yaml +++ b/weapons/recon_profile.yaml @@ -1,10 +1,7 @@ --- name: recon_profile description: 'Recon profile (bash profile) for bugbounty ' -urls: -- https://github.com/nahamsec/recon_profile) -- https://img.shields.io/github/stars/nahamsec/recon_profile) -- https://img.shields.io/github/languages/top/nahamsec/recon_profile) +url: https://github.com/nahamsec/recon_profile category: tool types: [] platform: diff --git a/weapons/reconftw.yaml b/weapons/reconftw.yaml index 4207aa6..a8b061b 100644 --- a/weapons/reconftw.yaml +++ b/weapons/reconftw.yaml @@ -2,10 +2,7 @@ name: reconftw description: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities -urls: -- https://github.com/six2dez/reconftw) -- https://img.shields.io/github/stars/six2dez/reconftw) -- https://img.shields.io/github/languages/top/six2dez/reconftw) +url: https://github.com/six2dez/reconftw category: tool types: [] platform: [] diff --git a/weapons/reflect.yaml b/weapons/reflect.yaml index d533b35..2ad9594 100644 --- a/weapons/reflect.yaml +++ b/weapons/reflect.yaml @@ -1,10 +1,7 @@ --- name: reflect description: -urls: -- https://github.com/TypeError/reflect) -- https://img.shields.io/github/stars/TypeError/reflect) -- https://img.shields.io/github/languages/top/TypeError/reflect) +url: https://github.com/TypeError/reflect category: tool-addon types: [] platform: diff --git a/weapons/reflected-parameters.yaml b/weapons/reflected-parameters.yaml index 5f9b9e9..14245f0 100644 --- a/weapons/reflected-parameters.yaml +++ b/weapons/reflected-parameters.yaml @@ -1,10 +1,7 @@ --- name: reflected-parameters description: -urls: -- https://github.com/PortSwigger/reflected-parameters) -- https://img.shields.io/github/stars/PortSwigger/reflected-parameters) -- https://img.shields.io/github/languages/top/PortSwigger/reflected-parameters) +url: https://github.com/PortSwigger/reflected-parameters category: tool-addon types: [] platform: diff --git a/weapons/rengine.yaml b/weapons/rengine.yaml index 4af8331..9b7be01 100644 --- a/weapons/rengine.yaml +++ b/weapons/rengine.yaml @@ -3,10 +3,7 @@ name: rengine description: 'reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. ' -urls: -- https://github.com/yogeshojha/rengine) -- https://img.shields.io/github/stars/yogeshojha/rengine) -- https://img.shields.io/github/languages/top/yogeshojha/rengine) +url: https://github.com/yogeshojha/rengine category: tool types: [] platform: diff --git a/weapons/rusolver.yaml b/weapons/rusolver.yaml index 42bfdb8..afd97ef 100644 --- a/weapons/rusolver.yaml +++ b/weapons/rusolver.yaml @@ -1,10 +1,7 @@ --- name: rusolver description: Fast and accurate DNS resolver. -urls: -- https://github.com/Edu4rdSHL/rusolver) -- https://img.shields.io/github/stars/Edu4rdSHL/rusolver) -- https://img.shields.io/github/languages/top/Edu4rdSHL/rusolver) +url: https://github.com/Edu4rdSHL/rusolver category: tool types: [] platform: [] diff --git a/weapons/s3reverse.yaml b/weapons/s3reverse.yaml index a736c8d..b84bb80 100644 --- a/weapons/s3reverse.yaml +++ b/weapons/s3reverse.yaml @@ -2,10 +2,7 @@ name: s3reverse description: 'The format of various s3 buckets is convert in one format. for bugbounty and security testing. ' -urls: -- https://github.com/hahwul/s3reverse) -- https://img.shields.io/github/stars/hahwul/s3reverse) -- https://img.shields.io/github/languages/top/hahwul/s3reverse) +url: https://github.com/hahwul/s3reverse category: tool types: [] platform: diff --git a/weapons/safecopy.yaml b/weapons/safecopy.yaml index bccea33..a9f903a 100644 --- a/weapons/safecopy.yaml +++ b/weapons/safecopy.yaml @@ -1,10 +1,7 @@ --- name: safecopy description: -urls: -- https://github.com/yashrs/safecopy) -- https://img.shields.io/github/stars/yashrs/safecopy) -- https://img.shields.io/github/languages/top/yashrs/safecopy) +url: https://github.com/yashrs/safecopy category: tool-addon types: [] platform: diff --git a/weapons/scilla.yaml b/weapons/scilla.yaml index 18f0fcc..980ae98 100644 --- a/weapons/scilla.yaml +++ b/weapons/scilla.yaml @@ -2,10 +2,7 @@ name: scilla description: "\U0001F3F4‍☠️ Information Gathering tool \U0001F3F4‍☠️ dns/subdomain/port enumeration" -urls: -- https://github.com/edoardottt/scilla) -- https://img.shields.io/github/stars/edoardottt/scilla) -- https://img.shields.io/github/languages/top/edoardottt/scilla) +url: https://github.com/edoardottt/scilla category: tool types: [] platform: diff --git a/weapons/security-crawl-maze.yaml b/weapons/security-crawl-maze.yaml index 85cf3ab..9348bb8 100644 --- a/weapons/security-crawl-maze.yaml +++ b/weapons/security-crawl-maze.yaml @@ -3,10 +3,7 @@ name: security-crawl-maze description: Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document. -urls: -- https://github.com/google/security-crawl-maze) -- https://img.shields.io/github/stars/google/security-crawl-maze) -- https://img.shields.io/github/languages/top/google/security-crawl-maze) +url: https://github.com/google/security-crawl-maze category: tool types: [] platform: [] diff --git a/weapons/security-research-pocs.yaml b/weapons/security-research-pocs.yaml index da31b3d..db6f2d5 100644 --- a/weapons/security-research-pocs.yaml +++ b/weapons/security-research-pocs.yaml @@ -2,10 +2,7 @@ name: security-research-pocs description: Proof-of-concept codes created as part of security research done by Google Security Team. -urls: -- https://github.com/google/security-research-pocs) -- https://img.shields.io/github/stars/google/security-research-pocs) -- https://img.shields.io/github/languages/top/google/security-research-pocs) +url: https://github.com/google/security-research-pocs category: tool types: [] platform: [] diff --git a/weapons/shuffledns.yaml b/weapons/shuffledns.yaml index 8ba3685..cd0d857 100644 --- a/weapons/shuffledns.yaml +++ b/weapons/shuffledns.yaml @@ -3,10 +3,7 @@ name: shuffledns description: 'shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. ' -urls: -- https://github.com/projectdiscovery/shuffledns) -- https://img.shields.io/github/stars/projectdiscovery/shuffledns) -- https://img.shields.io/github/languages/top/projectdiscovery/shuffledns) +url: https://github.com/projectdiscovery/shuffledns category: tool types: [] platform: diff --git a/weapons/singularity.yaml b/weapons/singularity.yaml index e55ea46..38d70bc 100644 --- a/weapons/singularity.yaml +++ b/weapons/singularity.yaml @@ -1,10 +1,7 @@ --- name: singularity description: A DNS rebinding attack framework. -urls: -- https://github.com/nccgroup/singularity) -- https://img.shields.io/github/stars/nccgroup/singularity) -- https://img.shields.io/github/languages/top/nccgroup/singularity) +url: https://github.com/nccgroup/singularity category: tool types: [] platform: [] diff --git a/weapons/slackcat.yaml b/weapons/slackcat.yaml index 6dc8646..79edd05 100644 --- a/weapons/slackcat.yaml +++ b/weapons/slackcat.yaml @@ -1,10 +1,7 @@ --- name: slackcat description: CLI utility to post files and command output to slack -urls: -- https://github.com/bcicen/slackcat) -- https://img.shields.io/github/stars/bcicen/slackcat) -- https://img.shields.io/github/languages/top/bcicen/slackcat) +url: https://github.com/bcicen/slackcat category: tool types: [] platform: [] diff --git a/weapons/smuggler.yaml b/weapons/smuggler.yaml index 75d54b2..15ccf7d 100644 --- a/weapons/smuggler.yaml +++ b/weapons/smuggler.yaml @@ -2,10 +2,7 @@ name: smuggler description: 'Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 ' -urls: -- https://github.com/defparam/smuggler) -- https://img.shields.io/github/stars/defparam/smuggler) -- https://img.shields.io/github/languages/top/defparam/smuggler) +url: https://github.com/defparam/smuggler category: tool types: [] platform: diff --git a/weapons/sn0int.yaml b/weapons/sn0int.yaml index 32db1ba..3ab07df 100644 --- a/weapons/sn0int.yaml +++ b/weapons/sn0int.yaml @@ -1,10 +1,7 @@ --- name: sn0int description: Semi-automatic OSINT framework and package manager -urls: -- https://github.com/kpcyrd/sn0int) -- https://img.shields.io/github/stars/kpcyrd/sn0int) -- https://img.shields.io/github/languages/top/kpcyrd/sn0int) +url: https://github.com/kpcyrd/sn0int category: tool types: [] platform: [] diff --git a/weapons/spiderfoot.yaml b/weapons/spiderfoot.yaml index e58cfbb..e9dba3f 100644 --- a/weapons/spiderfoot.yaml +++ b/weapons/spiderfoot.yaml @@ -1,10 +1,7 @@ --- name: spiderfoot description: SpiderFoot automates OSINT collection so that you can focus on analysis. -urls: -- https://github.com/smicallef/spiderfoot) -- https://img.shields.io/github/stars/smicallef/spiderfoot) -- https://img.shields.io/github/languages/top/smicallef/spiderfoot) +url: https://github.com/smicallef/spiderfoot category: tool types: [] platform: [] diff --git a/weapons/sqliv.yaml b/weapons/sqliv.yaml index 61ab844..3cfc29a 100644 --- a/weapons/sqliv.yaml +++ b/weapons/sqliv.yaml @@ -1,10 +1,7 @@ --- name: sqliv description: massive SQL injection vulnerability scanner -urls: -- https://github.com/the-robot/sqliv) -- https://img.shields.io/github/stars/the-robot/sqliv) -- https://img.shields.io/github/languages/top/the-robot/sqliv) +url: https://github.com/the-robot/sqliv category: tool types: [] platform: [] diff --git a/weapons/sqlmap.yaml b/weapons/sqlmap.yaml index 0857324..ef2ddfc 100644 --- a/weapons/sqlmap.yaml +++ b/weapons/sqlmap.yaml @@ -1,10 +1,7 @@ --- name: sqlmap description: Automatic SQL injection and database takeover tool -urls: -- https://github.com/sqlmapproject/sqlmap) -- https://img.shields.io/github/stars/sqlmapproject/sqlmap) -- https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) +url: https://github.com/sqlmapproject/sqlmap category: tool types: [] platform: diff --git a/weapons/ssrf-sheriff.yaml b/weapons/ssrf-sheriff.yaml index f29fc86..898b695 100644 --- a/weapons/ssrf-sheriff.yaml +++ b/weapons/ssrf-sheriff.yaml @@ -1,10 +1,7 @@ --- name: ssrf-sheriff description: 'A simple SSRF-testing sheriff written in Go ' -urls: -- https://github.com/teknogeek/ssrf-sheriff) -- https://img.shields.io/github/stars/teknogeek/ssrf-sheriff) -- https://img.shields.io/github/languages/top/teknogeek/ssrf-sheriff) +url: https://github.com/teknogeek/ssrf-sheriff category: tool types: [] platform: diff --git a/weapons/subfinder.yaml b/weapons/subfinder.yaml index e498d2f..2e1a4b2 100644 --- a/weapons/subfinder.yaml +++ b/weapons/subfinder.yaml @@ -3,10 +3,7 @@ name: subfinder description: 'Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. ' -urls: -- https://github.com/projectdiscovery/subfinder) -- https://img.shields.io/github/stars/projectdiscovery/subfinder) -- https://img.shields.io/github/languages/top/projectdiscovery/subfinder) +url: https://github.com/projectdiscovery/subfinder category: tool types: [] platform: diff --git a/weapons/subgen.yaml b/weapons/subgen.yaml index 10843f3..441dfda 100644 --- a/weapons/subgen.yaml +++ b/weapons/subgen.yaml @@ -2,10 +2,7 @@ name: subgen description: A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! -urls: -- https://github.com/pry0cc/subgen) -- https://img.shields.io/github/stars/pry0cc/subgen) -- https://img.shields.io/github/languages/top/pry0cc/subgen) +url: https://github.com/pry0cc/subgen category: tool types: [] platform: [] diff --git a/weapons/subjack.yaml b/weapons/subjack.yaml index 1b54d46..e52dbf5 100644 --- a/weapons/subjack.yaml +++ b/weapons/subjack.yaml @@ -1,10 +1,7 @@ --- name: subjack description: 'Subdomain Takeover tool written in Go ' -urls: -- https://github.com/haccer/subjack) -- https://img.shields.io/github/stars/haccer/subjack) -- https://img.shields.io/github/languages/top/haccer/subjack) +url: https://github.com/haccer/subjack category: tool types: [] platform: diff --git a/weapons/subjs.yaml b/weapons/subjs.yaml index 50f2c86..f1607c6 100644 --- a/weapons/subjs.yaml +++ b/weapons/subjs.yaml @@ -1,10 +1,7 @@ --- name: subjs description: Fetches javascript file from a list of URLS or subdomains. -urls: -- https://github.com/lc/subjs) -- https://img.shields.io/github/stars/lc/subjs) -- https://img.shields.io/github/languages/top/lc/subjs) +url: https://github.com/lc/subjs category: tool types: [] platform: [] diff --git a/weapons/subs_all.yaml b/weapons/subs_all.yaml index 4303823..b452cb1 100644 --- a/weapons/subs_all.yaml +++ b/weapons/subs_all.yaml @@ -1,10 +1,7 @@ --- name: subs_all description: 'Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ' -urls: -- https://github.com/emadshanab/subs_all) -- https://img.shields.io/github/stars/emadshanab/subs_all) -- https://img.shields.io/github/languages/top/emadshanab/subs_all) +url: https://github.com/emadshanab/subs_all category: tool types: [] platform: diff --git a/weapons/subzy.yaml b/weapons/subzy.yaml index c24d637..0b3a428 100644 --- a/weapons/subzy.yaml +++ b/weapons/subzy.yaml @@ -1,10 +1,7 @@ --- name: subzy description: Subdomain takeover vulnerability checker -urls: -- https://github.com/LukaSikic/subzy) -- https://img.shields.io/github/stars/LukaSikic/subzy) -- https://img.shields.io/github/languages/top/LukaSikic/subzy) +url: https://github.com/LukaSikic/subzy category: tool types: [] platform: [] diff --git a/weapons/taborator.yaml b/weapons/taborator.yaml index d57d661..e18439a 100644 --- a/weapons/taborator.yaml +++ b/weapons/taborator.yaml @@ -1,10 +1,7 @@ --- name: taborator description: -urls: -- https://github.com/hackvertor/taborator) -- https://img.shields.io/github/stars/hackvertor/taborator) -- https://img.shields.io/github/languages/top/hackvertor/taborator) +url: https://github.com/hackvertor/taborator category: tool-addon types: [] platform: diff --git a/weapons/template-generator.yaml b/weapons/template-generator.yaml index 7b0d05f..95c0c11 100644 --- a/weapons/template-generator.yaml +++ b/weapons/template-generator.yaml @@ -4,10 +4,7 @@ description: 'A simple variable based template editor using handlebarjs+strapdow The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. ' -urls: -- https://github.com/fransr/template-generator) -- https://img.shields.io/github/stars/fransr/template-generator) -- https://img.shields.io/github/languages/top/fransr/template-generator) +url: https://github.com/fransr/template-generator category: tool types: [] platform: diff --git a/weapons/testssl.sh.yaml b/weapons/testssl.sh.yaml index e6c126f..daaa991 100644 --- a/weapons/testssl.sh.yaml +++ b/weapons/testssl.sh.yaml @@ -1,10 +1,7 @@ --- name: testssl.sh description: 'Testing TLS/SSL encryption anywhere on any port ' -urls: -- https://github.com/drwetter/testssl.sh) -- https://img.shields.io/github/stars/drwetter/testssl.sh) -- https://img.shields.io/github/languages/top/drwetter/testssl.sh) +url: https://github.com/drwetter/testssl.sh category: tool types: [] platform: diff --git a/weapons/thc-hydra.yaml b/weapons/thc-hydra.yaml index a8287b4..eb16807 100644 --- a/weapons/thc-hydra.yaml +++ b/weapons/thc-hydra.yaml @@ -1,10 +1,7 @@ --- name: thc-hydra description: 'hydra ' -urls: -- https://github.com/vanhauser-thc/thc-hydra) -- https://img.shields.io/github/stars/vanhauser-thc/thc-hydra) -- https://img.shields.io/github/languages/top/vanhauser-thc/thc-hydra) +url: https://github.com/vanhauser-thc/thc-hydra category: tool types: [] platform: diff --git a/weapons/tiscripts.yaml b/weapons/tiscripts.yaml index 57030d8..b20e22f 100644 --- a/weapons/tiscripts.yaml +++ b/weapons/tiscripts.yaml @@ -1,10 +1,7 @@ --- name: tiscripts description: Turbo Intruder Scripts -urls: -- https://github.com/defparam/tiscripts) -- https://img.shields.io/github/stars/defparam/tiscripts) -- https://img.shields.io/github/languages/top/defparam/tiscripts) +url: https://github.com/defparam/tiscripts category: tool types: [] platform: [] diff --git a/weapons/tplmap.yaml b/weapons/tplmap.yaml index 7435141..d00e1e5 100644 --- a/weapons/tplmap.yaml +++ b/weapons/tplmap.yaml @@ -2,10 +2,7 @@ name: tplmap description: Server-Side Template Injection and Code Injection Detection and Exploitation Tool -urls: -- https://github.com/epinna/tplmap) -- https://img.shields.io/github/stars/epinna/tplmap) -- https://img.shields.io/github/languages/top/epinna/tplmap) +url: https://github.com/epinna/tplmap category: tool types: [] platform: [] diff --git a/weapons/turbo-intruder.yaml b/weapons/turbo-intruder.yaml index b3f3795..deca9d5 100644 --- a/weapons/turbo-intruder.yaml +++ b/weapons/turbo-intruder.yaml @@ -1,10 +1,7 @@ --- name: turbo-intruder description: -urls: -- https://github.com/PortSwigger/turbo-intruder) -- https://img.shields.io/github/stars/PortSwigger/turbo-intruder) -- https://img.shields.io/github/languages/top/PortSwigger/turbo-intruder) +url: https://github.com/PortSwigger/turbo-intruder category: tool-addon types: [] platform: diff --git a/weapons/uncover.yaml b/weapons/uncover.yaml index d70ced6..211824e 100644 --- a/weapons/uncover.yaml +++ b/weapons/uncover.yaml @@ -2,10 +2,7 @@ name: uncover description: Quickly discover exposed hosts on the internet using multiple search engine. -urls: -- https://github.com/projectdiscovery/uncover) -- https://img.shields.io/github/stars/projectdiscovery/uncover) -- https://img.shields.io/github/languages/top/projectdiscovery/uncover) +url: https://github.com/projectdiscovery/uncover category: tool types: [] platform: [] diff --git a/weapons/unfurl.yaml b/weapons/unfurl.yaml index 6545aaf..2e6c31a 100644 --- a/weapons/unfurl.yaml +++ b/weapons/unfurl.yaml @@ -1,10 +1,7 @@ --- name: unfurl description: 'Pull out bits of URLs provided on stdin ' -urls: -- https://github.com/tomnomnom/unfurl) -- https://img.shields.io/github/stars/tomnomnom/unfurl) -- https://img.shields.io/github/languages/top/tomnomnom/unfurl) +url: https://github.com/tomnomnom/unfurl category: tool types: [] platform: diff --git a/weapons/urlgrab.yaml b/weapons/urlgrab.yaml index 16b968d..e5e2088 100644 --- a/weapons/urlgrab.yaml +++ b/weapons/urlgrab.yaml @@ -2,10 +2,7 @@ name: urlgrab description: 'A golang utility to spider through a website searching for additional links. ' -urls: -- https://github.com/IAmStoxe/urlgrab) -- https://img.shields.io/github/stars/IAmStoxe/urlgrab) -- https://img.shields.io/github/languages/top/IAmStoxe/urlgrab) +url: https://github.com/IAmStoxe/urlgrab category: tool types: [] platform: diff --git a/weapons/urlhunter.yaml b/weapons/urlhunter.yaml index c22ff58..17a1e61 100644 --- a/weapons/urlhunter.yaml +++ b/weapons/urlhunter.yaml @@ -2,10 +2,7 @@ name: urlhunter description: a recon tool that allows searching on URLs that are exposed via shortener services -urls: -- https://github.com/utkusen/urlhunter) -- https://img.shields.io/github/stars/utkusen/urlhunter) -- https://img.shields.io/github/languages/top/utkusen/urlhunter) +url: https://github.com/utkusen/urlhunter category: tool types: [] platform: [] diff --git a/weapons/urlprobe.yaml b/weapons/urlprobe.yaml index 07a8538..da500d0 100644 --- a/weapons/urlprobe.yaml +++ b/weapons/urlprobe.yaml @@ -1,10 +1,7 @@ --- name: urlprobe description: 'Urls status code & content length checker ' -urls: -- https://github.com/1ndianl33t/urlprobe) -- https://img.shields.io/github/stars/1ndianl33t/urlprobe) -- https://img.shields.io/github/languages/top/1ndianl33t/urlprobe) +url: https://github.com/1ndianl33t/urlprobe category: tool types: [] platform: diff --git a/weapons/uro.yaml b/weapons/uro.yaml index 2c43e90..894a46a 100644 --- a/weapons/uro.yaml +++ b/weapons/uro.yaml @@ -1,10 +1,7 @@ --- name: uro description: declutters url lists for crawling/pentesting -urls: -- https://github.com/s0md3v/uro) -- https://img.shields.io/github/stars/s0md3v/uro) -- https://img.shields.io/github/languages/top/s0md3v/uro) +url: https://github.com/s0md3v/uro category: tool types: [] platform: [] diff --git a/weapons/waybackurls.yaml b/weapons/waybackurls.yaml index 4cad08d..3dbcdb9 100644 --- a/weapons/waybackurls.yaml +++ b/weapons/waybackurls.yaml @@ -1,10 +1,7 @@ --- name: waybackurls description: 'Fetch all the URLs that the Wayback Machine knows about for a domain ' -urls: -- https://github.com/tomnomnom/waybackurls) -- https://img.shields.io/github/stars/tomnomnom/waybackurls) -- https://img.shields.io/github/languages/top/tomnomnom/waybackurls) +url: https://github.com/tomnomnom/waybackurls category: tool types: [] platform: diff --git a/weapons/weaponised-XSS-payloads.yaml b/weapons/weaponised-XSS-payloads.yaml index 174c3f3..e240a84 100644 --- a/weapons/weaponised-XSS-payloads.yaml +++ b/weapons/weaponised-XSS-payloads.yaml @@ -1,10 +1,7 @@ --- name: weaponised-XSS-payloads description: XSS payloads designed to turn alert(1) into P1 -urls: -- https://github.com/hakluke/weaponised-XSS-payloads) -- https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) -- https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) +url: https://github.com/hakluke/weaponised-XSS-payloads category: tool types: [] platform: [] diff --git a/weapons/web_cache_poison.yaml b/weapons/web_cache_poison.yaml index fce29a1..ccd3286 100644 --- a/weapons/web_cache_poison.yaml +++ b/weapons/web_cache_poison.yaml @@ -1,10 +1,7 @@ --- name: web_cache_poison description: web cache poison - Top 1 web hacking technique of 2019 -urls: -- https://github.com/fngoo/web_cache_poison) -- https://img.shields.io/github/stars/fngoo/web_cache_poison) -- https://img.shields.io/github/languages/top/fngoo/web_cache_poison) +url: https://github.com/fngoo/web_cache_poison category: tool types: [] platform: [] diff --git a/weapons/websocket-connection-smuggler.yaml b/weapons/websocket-connection-smuggler.yaml index e7b47cd..72a1a18 100644 --- a/weapons/websocket-connection-smuggler.yaml +++ b/weapons/websocket-connection-smuggler.yaml @@ -1,10 +1,7 @@ --- name: websocket-connection-smuggler description: websocket-connection-smuggler -urls: -- https://github.com/hahwul/websocket-connection-smuggler) -- https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) -- https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) +url: https://github.com/hahwul/websocket-connection-smuggler category: tool types: [] platform: [] diff --git a/weapons/wfuzz.yaml b/weapons/wfuzz.yaml index 53468e9..7bc6163 100644 --- a/weapons/wfuzz.yaml +++ b/weapons/wfuzz.yaml @@ -1,10 +1,7 @@ --- name: wfuzz description: 'Web application fuzzer ' -urls: -- https://github.com/xmendez/wfuzz) -- https://img.shields.io/github/stars/xmendez/wfuzz) -- https://img.shields.io/github/languages/top/xmendez/wfuzz) +url: https://github.com/xmendez/wfuzz category: tool types: [] platform: diff --git a/weapons/wprecon.yaml b/weapons/wprecon.yaml index 69c367a..debe825 100644 --- a/weapons/wprecon.yaml +++ b/weapons/wprecon.yaml @@ -2,10 +2,7 @@ name: wprecon description: Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. -urls: -- https://github.com/blackcrw/wprecon) -- https://img.shields.io/github/stars/blackcrw/wprecon) -- https://img.shields.io/github/languages/top/blackcrw/wprecon) +url: https://github.com/blackcrw/wprecon category: tool types: [] platform: [] diff --git a/weapons/wpscan.yaml b/weapons/wpscan.yaml index 11d6eea..e9b5ed3 100644 --- a/weapons/wpscan.yaml +++ b/weapons/wpscan.yaml @@ -3,10 +3,7 @@ name: wpscan description: 'WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. ' -urls: -- https://github.com/wpscanteam/wpscan) -- https://img.shields.io/github/stars/wpscanteam/wpscan) -- https://img.shields.io/github/languages/top/wpscanteam/wpscan) +url: https://github.com/wpscanteam/wpscan category: tool types: [] platform: diff --git a/weapons/ws-smuggler.yaml b/weapons/ws-smuggler.yaml index 5a0f9ac..b942fd8 100644 --- a/weapons/ws-smuggler.yaml +++ b/weapons/ws-smuggler.yaml @@ -1,10 +1,7 @@ --- name: ws-smuggler description: WebSocket Connection Smuggler -urls: -- https://github.com/hahwul/ws-smuggler) -- https://img.shields.io/github/stars/hahwul/ws-smuggler) -- https://img.shields.io/github/languages/top/hahwul/ws-smuggler) +url: https://github.com/hahwul/ws-smuggler category: tool types: [] platform: [] diff --git a/weapons/wssip.yaml b/weapons/wssip.yaml index 21a2df9..167f108 100644 --- a/weapons/wssip.yaml +++ b/weapons/wssip.yaml @@ -2,10 +2,7 @@ name: wssip description: Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. -urls: -- https://github.com/nccgroup/wssip) -- https://img.shields.io/github/stars/nccgroup/wssip) -- https://img.shields.io/github/languages/top/nccgroup/wssip) +url: https://github.com/nccgroup/wssip category: tool types: [] platform: [] diff --git a/weapons/wuzz.yaml b/weapons/wuzz.yaml index a82e6ce..3c49953 100644 --- a/weapons/wuzz.yaml +++ b/weapons/wuzz.yaml @@ -1,10 +1,7 @@ --- name: wuzz description: 'Interactive cli tool for HTTP inspection ' -urls: -- https://github.com/asciimoo/wuzz) -- https://img.shields.io/github/stars/asciimoo/wuzz) -- https://img.shields.io/github/languages/top/asciimoo/wuzz) +url: https://github.com/asciimoo/wuzz category: tool types: [] platform: diff --git a/weapons/x8.yaml b/weapons/x8.yaml index 9cf8dd7..d797bd0 100644 --- a/weapons/x8.yaml +++ b/weapons/x8.yaml @@ -1,10 +1,7 @@ --- name: x8 description: Hidden parameters discovery suite -urls: -- https://github.com/Sh1Yo/x8) -- https://img.shields.io/github/stars/Sh1Yo/x8) -- https://img.shields.io/github/languages/top/Sh1Yo/x8) +url: https://github.com/Sh1Yo/x8 category: tool types: [] platform: [] diff --git a/weapons/xsinator.com.yaml b/weapons/xsinator.com.yaml index 2d130d8..0f6b109 100644 --- a/weapons/xsinator.com.yaml +++ b/weapons/xsinator.com.yaml @@ -1,10 +1,7 @@ --- name: xsinator.com description: XS-Leak Browser Test Suite -urls: -- https://github.com/RUB-NDS/xsinator.com) -- https://img.shields.io/github/stars/RUB-NDS/xsinator.com) -- https://img.shields.io/github/languages/top/RUB-NDS/xsinator.com) +url: https://github.com/RUB-NDS/xsinator.com category: tool types: [] platform: [] diff --git a/weapons/xss-cheatsheet-data.yaml b/weapons/xss-cheatsheet-data.yaml index 93d3d00..a418c51 100644 --- a/weapons/xss-cheatsheet-data.yaml +++ b/weapons/xss-cheatsheet-data.yaml @@ -2,10 +2,7 @@ name: xss-cheatsheet-data description: 'This repository contains all the XSS cheatsheet data to allow contributions from the community. ' -urls: -- https://github.com/PortSwigger/xss-cheatsheet-data) -- https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) -- https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) +url: https://github.com/PortSwigger/xss-cheatsheet-data category: tool types: [] platform: diff --git a/weapons/xsscrapy.yaml b/weapons/xsscrapy.yaml index d335368..7f44232 100644 --- a/weapons/xsscrapy.yaml +++ b/weapons/xsscrapy.yaml @@ -2,10 +2,7 @@ name: xsscrapy description: 'XSS/SQLi spider. Give it a URL and it''ll test every link it finds for XSS and some SQLi. ' -urls: -- https://github.com/DanMcInerney/xsscrapy) -- https://img.shields.io/github/stars/DanMcInerney/xsscrapy) -- https://img.shields.io/github/languages/top/DanMcInerney/xsscrapy) +url: https://github.com/DanMcInerney/xsscrapy category: tool types: [] platform: diff --git a/weapons/xsser.yaml b/weapons/xsser.yaml index cec34fa..ff6a24e 100644 --- a/weapons/xsser.yaml +++ b/weapons/xsser.yaml @@ -2,10 +2,7 @@ name: xsser description: 'Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. ' -urls: -- https://github.com/epsylon/xsser) -- https://img.shields.io/github/stars/epsylon/xsser) -- https://img.shields.io/github/languages/top/epsylon/xsser) +url: https://github.com/epsylon/xsser category: tool types: [] platform: diff --git a/weapons/xssor2.yaml b/weapons/xssor2.yaml index 07d4587..3972040 100644 --- a/weapons/xssor2.yaml +++ b/weapons/xssor2.yaml @@ -1,10 +1,7 @@ --- name: xssor2 description: XSS'OR - Hack with JavaScript. -urls: -- https://github.com/evilcos/xssor2) -- https://img.shields.io/github/stars/evilcos/xssor2) -- https://img.shields.io/github/languages/top/evilcos/xssor2) +url: https://github.com/evilcos/xssor2 category: tool types: [] platform: [] diff --git a/weapons/xxeserv.yaml b/weapons/xxeserv.yaml index cb894e8..6f9b786 100644 --- a/weapons/xxeserv.yaml +++ b/weapons/xxeserv.yaml @@ -1,10 +1,7 @@ --- name: xxeserv description: A mini webserver with FTP support for XXE payloads -urls: -- https://github.com/staaldraad/xxeserv) -- https://img.shields.io/github/stars/staaldraad/xxeserv) -- https://img.shields.io/github/languages/top/staaldraad/xxeserv) +url: https://github.com/staaldraad/xxeserv category: tool types: [] platform: [] diff --git a/weapons/ysoserial.net.yaml b/weapons/ysoserial.net.yaml index 774ca19..1720dd3 100644 --- a/weapons/ysoserial.net.yaml +++ b/weapons/ysoserial.net.yaml @@ -1,10 +1,7 @@ --- name: ysoserial.net description: 'Deserialization payload generator for a variety of .NET formatters ' -urls: -- https://github.com/pwntester/ysoserial.net) -- https://img.shields.io/github/stars/pwntester/ysoserial.net) -- https://img.shields.io/github/languages/top/pwntester/ysoserial.net) +url: https://github.com/pwntester/ysoserial.net category: tool types: [] platform: diff --git a/weapons/ysoserial.yaml b/weapons/ysoserial.yaml index 7c3250e..74801c8 100644 --- a/weapons/ysoserial.yaml +++ b/weapons/ysoserial.yaml @@ -2,10 +2,7 @@ name: ysoserial description: 'A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. ' -urls: -- https://github.com/frohoff/ysoserial) -- https://img.shields.io/github/stars/frohoff/ysoserial) -- https://img.shields.io/github/languages/top/frohoff/ysoserial) +url: https://github.com/frohoff/ysoserial category: tool types: [] platform: diff --git a/weapons/zap-cli.yaml b/weapons/zap-cli.yaml index 657cc6e..a3b84c1 100644 --- a/weapons/zap-cli.yaml +++ b/weapons/zap-cli.yaml @@ -1,10 +1,7 @@ --- name: zap-cli description: 'A simple tool for interacting with OWASP ZAP from the commandline. ' -urls: -- https://github.com/Grunny/zap-cli) -- https://img.shields.io/github/stars/Grunny/zap-cli) -- https://img.shields.io/github/languages/top/Grunny/zap-cli) +url: https://github.com/Grunny/zap-cli category: tool types: [] platform: diff --git a/weapons/zap-hud.yaml b/weapons/zap-hud.yaml index 39576e6..267208a 100644 --- a/weapons/zap-hud.yaml +++ b/weapons/zap-hud.yaml @@ -1,10 +1,7 @@ --- name: zap-hud description: -urls: -- https://github.com/zaproxy/zap-hud) -- https://img.shields.io/github/stars/zaproxy/zap-hud) -- https://img.shields.io/github/languages/top/zaproxy/zap-hud) +url: https://github.com/zaproxy/zap-hud category: tool-addon types: [] platform: diff --git a/weapons/zaproxy.yaml b/weapons/zaproxy.yaml index 885ebc9..a3aab88 100644 --- a/weapons/zaproxy.yaml +++ b/weapons/zaproxy.yaml @@ -1,10 +1,7 @@ --- name: zaproxy description: The OWASP ZAP core project -urls: -- https://github.com/zaproxy/zaproxy) -- https://img.shields.io/github/stars/zaproxy/zaproxy) -- https://img.shields.io/github/languages/top/zaproxy/zaproxy) +url: https://github.com/zaproxy/zaproxy category: tool types: [] platform: [] diff --git a/weapons/zdns.yaml b/weapons/zdns.yaml index f440e5c..a05627f 100644 --- a/weapons/zdns.yaml +++ b/weapons/zdns.yaml @@ -1,10 +1,7 @@ --- name: zdns description: Fast CLI DNS Lookup Tool -urls: -- https://github.com/zmap/zdns) -- https://img.shields.io/github/stars/zmap/zdns) -- https://img.shields.io/github/languages/top/zmap/zdns) +url: https://github.com/zmap/zdns category: tool types: [] platform: [] From b0781b1b3ecf5267de3eca0c31777188e6a3b178 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:05:58 +0900 Subject: [PATCH 16/42] Add badge --- images/apple.png | Bin 0 -> 886 bytes images/chrome.png | Bin 0 -> 1068 bytes images/firefox.png | Bin 0 -> 1583 bytes images/linux.png | Bin 0 -> 1270 bytes images/safari.png | Bin 0 -> 1325 bytes images/windows.png | Bin 0 -> 998 bytes scripts/erb.rb | 26 ++++++++++++++++++++++---- 7 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 images/apple.png create mode 100644 images/chrome.png create mode 100644 images/firefox.png create mode 100644 images/linux.png create mode 100644 images/safari.png create mode 100644 images/windows.png diff --git a/images/apple.png b/images/apple.png new file mode 100644 index 0000000000000000000000000000000000000000..b9d6d098abbc401257e40da40dbaf094b5476bf7 GIT binary patch literal 886 zcmeAS@N?(olHy`uVBq!ia0vp^5+KaM1|%Pp+x`GjjKx9jP7LeL$-D$|Tv8)E(|mmy zw18|52FCVG1{RPKAeI7R1_tH@j10^`nh_+nfC(-uv49!D1}S`GTDq2jf$4##i(`lf z@6=Flf8jupdDGaObU1IYs|lD(#c&uFuD;;m&1ugR^T4f+F^{!Lx})*P4`G#wypM#g zB#4OHJ>qMQ(}k?8nUBBU{o?oRoX_exPi7aNe{EfU?#vy|$g8R?1w1?0V%YQ; zrsyV!{@{7T$TTN1Z^0wc3G6uyDtQ-aB zwM>cY&W;mC0$Y-oJG#5?z9T79lJlhatkkth$^koy)hf7ockli^?a!Y=rSs38@$6sS zC)2pNs>9*xT=&I+H}BmN+35dvp3kx%=AsFwC+J1&o7wK9n3Oxm~4j(hXdS*;>j z<$asy&6>q`(`;wWp*h5;Jn`$6`FH1a zKg1q3o_@Vlb@#SyVg0_@Mc+R0*)gg&C@&21xM^tx4LrB6sb{ zpA*@-?=$S$d}(8ZkJ-K$TUgqfVwi~L6EeX=Jv^rz$>(|$x zBPaUH`hmNdNlAFck_xE_-E-P(nx1AKy6fxbbK-3yW2xN7H!shorRL;ZIhS%NF6q`2 zh3Wo37FY1Ih|WFg-q&S6*PEk`p{D$kd~c+4QBjC!Sv}93rJTi)!G+H|elB63xBY;j zz?B}mV?RQT%me0J*D%P6{IzCR-w#m-`Jmqs>ltL8^BqWQ{3QOz-$0?Z{x=^e&3n4~ KxvXPx#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET6mPtfGR7ee_R!dA1Q53y1okGQe zr5_5)M=@$u)M&&It1JZ3Xd)IBV$^6%3GuT~*ccWDqs9$lOaxJi8vF!5SeJ^h@k3)Y z7=(&0&?rWcwpwTnwsq$D-blxGI>Q29GM#(Rx%b?e`#w_&CKv_)b@`msiaj%p<;FN= zhLWOGBs_#rU^o~WyfNgmH4c1jbOZS0WGE?u2;W|@(4MPN7fA79?4{S=S=QZeaRKpQ>JYa;zWkpVn{AS9OZvD z;&X&`g#sI98;dW@O>YhplfCC_6N?4{fgY!C>>bgdc_9O+<7)HT*ni$+wS_#JDZ7o# zBLR3x^U?hK91ZlPbsAQPnu0-E+`7`#MkE+~sWqnLLgG9zB`9_}M!Do)xLm}bmo5iI zWi?PKsXU5?zXP&Y1MPhp5fyE&0a$N%1!`t~si`88I$f-X+FQc{#2l&uZ=nUO4};L} z3G(DGYHv`~wBj6D5 zS0A=lW6Z6w0-BK@nI2{D->k6GDvc^D3dPRZO7IP>*L!2)7N(NL>lPNIRxSyM-Aa60n zfoQ~X0Vxsk+^#Vh0XMu!c~80G_uVhkxkTo3y-{rPz(>?+hx)RjGTTa>7FRj&_}7w>3nF6D~%CPrx4_ zbLCpQc;f4ly4ZQlNKAn)C+f7+ge>8<@EYSk(gprUsL64jUXW>Bpbw_k>$(yMMRq9J mL@n)X^Z5r{quVY2x8*M`*)y3wz>3-c0000Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET8nMp)JR7ee-Ra);Ois?k3`sYyR~(0}vTF4pa%A?v`0S)V+=JF@O@F;OqyX-crSl2!NL!C|-H_n^{pV1rNDVTji^g zbyGpw0J6-$d%U@+_`$L=ghy@00J=7noKez}req}T!=+{K?0lwj zw>-kw@pVvkHg^($W?vWQn;fVDMf@28!{imNChXQ-?5Rx2wemprz- zyl6!(y)qWBApw+7F+zi>9-!36OuX<`j-Z&%&K+9~i?_>kY+O5Bk7*C>gBqdDbw7(v zAVHIt!Kn@|UD7WoTc+Lf`kb(TZtftZ0zyi&R1npbkkluk^WrLWcCE#Ueect`%%mK4 zsR_eKBYx3?=?jjr2CUss0RadS(wT{aSjvj41-ick8Ad8Pf$fGKD)f=~e zSq(cJf}(j5@>xtyLfB&OgAN@Ny?<7*o0z%F|HEFkFXJk|K`K?&Uh%1^o23a%=Ali; z0z~6%DaZ_l@#FDEq$6?KxR7NNK}kiL^h8{njiy5~Gw=zZ6aj2HA7NmHbeBJFZ@paLXr))7Lip8s2~^vfzQBNl4U(KwU3>@2i1hTd+unZDygQGf)#r z$cY3zr0VIXwnEKPKUT=*7|Pok1T?&OdHdxJ>Hv~MiNS(c*l!fl1EZ&y6xBv^S3d@d zTk-91BeYZo5Z%K#vWzs#XY7eZpTRpU=m;`$wlt%LF2OZ|$SQK`>TsrygadKMys^}| zZ<*v{dpX<^a;qi{nSMMXcOtHMp|iAwN&-#cQ`k`X1tw)uD-J&sQb@zR z)}LxmClcp`?;J&95rrQ6%Z(m=-mO_}WXUio5g)BQW%S@Mb%(Rfc~s~SHa~1SKS4Kr zOwx~MyW5u^j1CCfKf={+V)-_Wxq51q!HNK;=phVD>kJ{y1W3wro ztO1pQxNO5E@gJHFWd_?ueN6~(>(KL^Z`s$6D^pk4k^zh2NbG$&7ZC|jB!yoxjcXMx zR{!2d6Z@azwz$XR#%&plJLUVhMZ16ft7`rFDU!d^BS}8Nx#>FkH7C=%!|eS0OY7wJ h>-oF;FVpPx#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET7U`a$lR7eelR%>h&RTTbac3b+S zkKML(W8HvBtHwlsY^4w@wnjrCP@qLL&>w(_;vcFZ8cQ%3`m6Ov`GL_;Q!6wv7E;nE z614_mi#C*QDWa`ucvKfzyY12!-RE4-ncbbv?kswfnK}17zH`sH=bk$f{%csR*|wbr z-?VOScs<2ZTq38Wrm?yb4ETc6fB)(E=2ZLL?&F`p}UROYgbNr`A?W zG?MB>nS#dRuY*7S{_fUon3`Hh)HN7eHtycO`q-&6gexa1i=ZEh-v>E!B@+FTALZ7O zhWhCXT|IicIFMEQ47e!wzM(WemMQbHFPv zIndlfLPJzy_y=IfPc@`Vtd$pcIYOX745Z7Ry)Jy9dz4Sg86>SL81-KRfASG^05D_4-7 zo(`m>LZJvoyf8$6_|wL}-2^dlG9(U#+cCDVr&v#vm~3iJj1q)U4vB-Ke` zBq}Ch%UtK=F(Jr!Kgw0wgZlHhy|5m4OfSQ}|0|eeGP%*ODkh7BF&W#m`e;XoIV;x^ z54k)OUN?65C$O=07gj#|Dke=fn9QjtC@jRlhi?H}=~fu#P((+Oee+mhv)g4p zp^>TaEtD|C2X$y{Y%~aKYHA=WAz)t_$s*;H7>RoNW5?fsz>KfkVYB8VBO}8g=A>4v zs{rPvfvd|UtarlL+Bq;F5JOz*Ms00vGLg#LQCAm{^&F4WiF3k@D^9AP_!i-CIP{!2 zx~!DbL&JSr{peq+6HmY|b63<0G@9DOx!sfK_~;;l!Jx+02ugcT>%Pcz)}yiYgqU&v zC3DNwGnp<3+(qa32H4W((Y$U1)m2q+I-PN9ITM|*nCDbpc3Sc(7vF#WnZyUp@$Em{ zCN!-t#wtMMLk!DwDvuP9z+sE`73|HRoYCyBuwg zHsMC*(@`fvq1ERtJ0Lcq{!o)8gOB2_}lyGP@x=UZs zWq6I!6;kvHdRhqHP;qqgHqNPx#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET7mq|oHR7eetR%=X~RTzHG*K%oT zfvp!VjxrROn=_bUBSw%VNavOqsGv?031W1MKa}YFqec^5qAt3`#39M%ewa9Q#_W&y zOR_9;VUc8+N^}>-luLnLwsy3ox38b?`*rO~Ey$aE{mysJd!F;2_x4m^Eis#o#`ahC z8(RBb)Ra}!K%*^I)#XG)4lK?DfBEXmr87gr@Oqb4gAsWbEEa=x{|~41jrNXey#jL) z5RrjUBBfoT1&TC)FABIq0>P`}qu${jCp?~DE}oP-p?i3*v+nRe0q4%waZ7zvmk9zRHPyw+bYqla|sKAjHm-dsGgn!shO0Vo4|SjL8;gL8+)~uy<7HWSm))Fu7{NWeipan<6*xPu@>+Gh5}$`WfFSAWNeLb_kq{yn_D}l$ln}L_WA$G;MEZv8~Yq06vCoXg#O*{ zX14GR<|!GBg@Au4>erZFK6<>tT54*mNM^Dnqn$G-kB2dO`aL{8cL9;*7$T84oX$^h zt5Cl}v!^zR0A-=4WOJ>gDXX+`5gomvQ8QwNX4c0Z;lghtgQy95RA2@l-qDLWgE>np zl~s(zn40oRn*>ck5m)H;@;teCduu6O_fVG^@$Nk-aI)TIv|^~~$ra$~kL?>2wdy6p zR=Ri#t#>Q*@e?v59t@A6iR z>gu!AR*X4|7>hCGfO}da3>$Q%+gdv(mjt2|m^k$p7XJOIGl6g*W%;+B3VbwULrhuQ zs|@U-Zm>*PGb2Y1N!-t8!vc;f>W<{ww7lIULkW8Ew>yA+lUwke$C6%J^UV;9HAiin zu_Y#p(3SB~>K~{qR$wDwlM1=yUbtgap6d|aTS;zZEanKtPMMt5?6@VL zv@c@tVi~3)DFRyuHd-vHLQNe2YIe1EnjLq&g`t67UsT|^nlPRkx58u~8e6B>&5GIu z`iOiOgR#==mf-{L-?4-eoVGpYu#n+#$}%RD0*WbLGnW%MTR5Ohomx`R5!3xj1m*hv zgEvDze{no*Tjl_sh+RHA#$C|lB`Pc8Q@Dl$_Z(r4?L^f_C?6j1jnq@VwQ^kG?lTck3pO;B&) j4N0odBo)zm{z>%00000NkvXXu0mjfN#bD| literal 0 HcmV?d00001 diff --git a/images/windows.png b/images/windows.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd706a0854df58495cf37e3e9a107b0d3b8e661 GIT binary patch literal 998 zcmVPx#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET6P)S5VR7ef2RZU1#Q4~J!zURzX zGfJtXrqV`*C^r!n5rGyIMP;BZBnWCzt2PNmix%w)f}kSEf@oJ{(GM;9QR&aX7#Jlo zg&Z|((i!t-#`$~icFvu5pKqK|QM@p7&pY>=?>qP2^S%eL*eERYu(MZMv{!?DT30Nh zedC7sk&QlD1B_V=Ldm*VROD8#J%6TbsjUM=$sQvUIgZ}1@Aa0$M`3JiM!Mz9q+!kb zn;W#(fk|cSj`}6RDG3XpSjqv+wQx*BwL93UOXt-KH(N0&lh_`Z%|;$pf2;}gWSDzD ze3l_|1jsJHu_n2=f>}|v*X=Wg27EBk^MmqJV0h+Yi_5HB1rBc9Yq17Us_M`l!FuV+ zI5(09HssTt;1U2`==@_*FxiQ*9t5az0+i(#kf$opT%bU;3;l@Yz;)RJzCaYVb@>5m zHj|SPrhangUX9vJbPF+=qqCAjts9AL4HTR;;6?v9?AlZ!!!qa5K+1gc{aeCqC6|R^&A#4o_O3GIVvv?YjB;(~839KqxeYYJwx1*d>xk z@)5vDZ&y1I!)&)hh2phNDD^m@!=LIrDqg?dw2lZ+6mUc$ag^8|q38ID3!jQASFsVm zKSJs#T=W0P8`HVyu)#^IO}YN$>T&qh>!tV<0a>Kq_^}{8$0w5nmn+JU1RHGu5=ylV zZoGSNk$-8sD}8eW=%FtWeJogAL!))LVkb+Jh-1OZ?chX`s#Ma+Ion4+k-$6olyN7V zwuTp~Ke~K`8b(6MIXi(|B|S&U6^biFk-6yNc_JPIe2KXC?LDKr?KWMeOqoCb2lua0 U)M!Q1&Hw-a07*qoM6N<$f(2%+A^-pY literal 0 HcmV?d00001 diff --git a/scripts/erb.rb b/scripts/erb.rb index 592ca88..ff9ab40 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -1,8 +1,26 @@ require 'erb' require 'yaml' -def generate_badge - +def generate_badge array + badge = "" + array.each { |t| + case t + when 'linux' + badge = badge + "![](./images/linux.png)" + when 'windows' + badge = badge + "![](./images/windows.png)" + when 'macos' + badge = badge + "![](./images/apple.png)" + when 'firefox' + badge = badge + "![](./images/firefox.png)" + when 'safari' + badge = badge + "![](./images/safari.png)" + when 'chrome' + badge = badge + "![](./images/chrome.png)" + end + } + + return badge end template = %q{ @@ -70,9 +88,9 @@ Dir.entries("./weapons/").each do | name | split_result = data['url'].split "//github.com/" popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" end - badge = generate_badge + badge = generate_badge(data['platform']) line = "|#{data['types']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" - case data['category'] + case data['category'] when 'tool' tools = tools + line + "\n" when 'tool-addon' From 6f42538c090b52452a23617454610a8ef0f9b024 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:15:01 +0900 Subject: [PATCH 17/42] Update --- README.md | 598 +++++++++++++++++++++++++++---------------------- scripts/erb.rb | 3 +- 2 files changed, 326 insertions(+), 275 deletions(-) diff --git a/README.md b/README.md index c433b19..6b448b7 100644 --- a/README.md +++ b/README.md @@ -1,290 +1,340 @@ +

-
- -
- - - - - - +
+ +
+ + + +

-A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting +A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting ## Family project [![WebHackersWeapons](https://img.shields.io/github/stars/hahwul/WebHackersWeapons?label=WebHackersWeapons)](https://github.com/hahwul/WebHackersWeapons) [![MobileHackersWeapons](https://img.shields.io/github/stars/hahwul/MobileHackersWeapons?label=MobileHackersWeapons)](https://github.com/hahwul/MobileHackersWeapons) ## Table of Contents -- [WHW-Tools](https://whw-tools.hahwul.com) - [Weapons](#weapons) -- [Awesome Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) -- [Awesome Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) -- [Awesome Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) + - Tools + - [Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) + - [Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) + - [Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) - [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md) - [Thanks to contributor](#thanks-to-contributor) -## WHW-Tools -> Always use the latest tools 😎 - -`WHW-Tools` is tools web of `#WebHackersWeapons`. Easy install and Easy manage upgrade. Go to [WHW-Tools](https://whw-tools.hahwul.com/) - ## Weapons -| Type | Name | Description | Popularity | Language | -| ---------- | :---------- | :----------: | :----------: | :----------: | -| Army-Knife/SCAN | [jaeles](https://github.com/jaeles-project/jaeles) | The Swiss Army knife for automated Web Application Testing | ![](https://img.shields.io/github/stars/jaeles-project/jaeles) | ![](https://img.shields.io/github/languages/top/jaeles-project/jaeles) | -| Army-Knife/PROXY | [BurpSuite](https://portswigger.net/burp) | the BurpSuite Project|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -| Army-Knife/PROXY | [hetty](https://github.com/dstotijn/hetty) | Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. | ![](https://img.shields.io/github/stars/dstotijn/hetty) | ![](https://img.shields.io/github/languages/top/dstotijn/hetty) | -| Army-Knife/PROXY | [httptoolkit](https://github.com/httptoolkit/httptoolkit) | HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac | ![](https://img.shields.io/github/stars/httptoolkit/httptoolkit) | ![](https://img.shields.io/github/languages/top/httptoolkit/httptoolkit) | -| Army-Knife/PROXY | [proxify](https://github.com/projectdiscovery/proxify) | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay | ![](https://img.shields.io/github/stars/projectdiscovery/proxify) | ![](https://img.shields.io/github/languages/top/projectdiscovery/proxify) | -| Army-Knife/PROXY | [zaproxy](https://github.com/zaproxy/zaproxy) | The OWASP ZAP core project | ![](https://img.shields.io/github/stars/zaproxy/zaproxy) | ![](https://img.shields.io/github/languages/top/zaproxy/zaproxy) | -| Army-Knife/SCAN | [nuclei](https://github.com/projectdiscovery/nuclei) | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | ![](https://img.shields.io/github/stars/projectdiscovery/nuclei) | ![](https://img.shields.io/github/languages/top/projectdiscovery/nuclei) | -| Discovery/ALL | [3klCon](https://github.com/eslam3kl/3klCon) | Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. | ![](https://img.shields.io/github/stars/eslam3kl/3klCon) | ![](https://img.shields.io/github/languages/top/eslam3kl/3klCon) | -| Discovery/ALL | [HydraRecon](https://github.com/aufzayed/HydraRecon) | All In One, Fast, Easy Recon Tool | ![](https://img.shields.io/github/stars/aufzayed/HydraRecon) | ![](https://img.shields.io/github/languages/top/aufzayed/HydraRecon) | -| Discovery/ALL | [OneForAll](https://github.com/shmilylty/OneForAll) | OneForAll是一款功能强大的子域收集工具 | ![](https://img.shields.io/github/stars/shmilylty/OneForAll) | ![](https://img.shields.io/github/languages/top/shmilylty/OneForAll) | -| Discovery/ALL | [aquatone](https://github.com/michenriksen/aquatone) | A Tool for Domain Flyovers | ![](https://img.shields.io/github/stars/michenriksen/aquatone) | ![](https://img.shields.io/github/languages/top/michenriksen/aquatone) | -| Discovery/ALL | [intrigue-core](https://github.com/intrigueio/intrigue-core) | Discover Your Attack Surface | ![](https://img.shields.io/github/stars/intrigueio/intrigue-core) | ![](https://img.shields.io/github/languages/top/intrigueio/intrigue-core) | -| Discovery/ALL | [lazyrecon](https://github.com/nahamsec/lazyrecon) | This script is intended to automate your reconnaissance process in an organized fashion | ![](https://img.shields.io/github/stars/nahamsec/lazyrecon) | ![](https://img.shields.io/github/languages/top/nahamsec/lazyrecon) | -| Discovery/ALL | [reconftw](https://github.com/six2dez/reconftw) | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities | ![](https://img.shields.io/github/stars/six2dez/reconftw) | ![](https://img.shields.io/github/languages/top/six2dez/reconftw) | -| Discovery/ALL | [rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. | ![](https://img.shields.io/github/stars/yogeshojha/rengine) | ![](https://img.shields.io/github/languages/top/yogeshojha/rengine) | -| Discovery/ALL | [scilla](https://github.com/edoardottt/scilla) | 🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration | ![](https://img.shields.io/github/stars/edoardottt/scilla) | ![](https://img.shields.io/github/languages/top/edoardottt/scilla) | -| Discovery/ALL | [sn0int](https://github.com/kpcyrd/sn0int) | Semi-automatic OSINT framework and package manager | ![](https://img.shields.io/github/stars/kpcyrd/sn0int) | ![](https://img.shields.io/github/languages/top/kpcyrd/sn0int) | -| Discovery/API | [kiterunner](https://github.com/assetnote/kiterunner) | Contextual Content Discovery Tool | ![](https://img.shields.io/github/stars/assetnote/kiterunner) | ![](https://img.shields.io/github/languages/top/assetnote/kiterunner) | -| Discovery/APK | [apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints & secrets. | ![](https://img.shields.io/github/stars/dwisiswant0/apkleaks) | ![](https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) | -| Discovery/URL | [Photon](https://github.com/s0md3v/Photon) | Incredibly fast crawler designed for OSINT. | ![](https://img.shields.io/github/stars/s0md3v/Photon) | ![](https://img.shields.io/github/languages/top/s0md3v/Photon) | -| Discovery/URL | [cc.py](https://github.com/si9int/cc.py) | Extracting URLs of a specific target based on the results of "commoncrawl.org" | ![](https://img.shields.io/github/stars/si9int/cc.py) | ![](https://img.shields.io/github/languages/top/si9int/cc.py) | -| Discovery/URL | [go-dork](https://github.com/dwisiswant0/go-dork) | The fastest dork scanner written in Go. | ![](https://img.shields.io/github/stars/dwisiswant0/go-dork) | ![](https://img.shields.io/github/languages/top/dwisiswant0/go-dork) | -| Discovery/URL | [gospider](https://github.com/jaeles-project/gospider) | Gospider - Fast web spider written in Go | ![](https://img.shields.io/github/stars/jaeles-project/gospider) | ![](https://img.shields.io/github/languages/top/jaeles-project/gospider) | -| Discovery/URL | [hakrawler](https://github.com/hakluke/hakrawler) | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application | ![](https://img.shields.io/github/stars/hakluke/hakrawler) | ![](https://img.shields.io/github/languages/top/hakluke/hakrawler) | -| Discovery/URL | [urlgrab](https://github.com/IAmStoxe/urlgrab) | A golang utility to spider through a website searching for additional links. | ![](https://img.shields.io/github/stars/IAmStoxe/urlgrab) | ![](https://img.shields.io/github/languages/top/IAmStoxe/urlgrab) | -| Discovery/DNS | [DNSDumpster](https://dnsdumpster.com) | Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Discovery/DNS | [SecurityTrails](https://securitytrails.com) | Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Discovery/DNS | [dnsprobe](https://github.com/projectdiscovery/dnsprobe) | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsprobe) | -| Discovery/DNS | [dnsvalidator](https://github.com/vortexau/dnsvalidator) | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. | ![](https://img.shields.io/github/stars/vortexau/dnsvalidator) | ![](https://img.shields.io/github/languages/top/vortexau/dnsvalidator) | -| Discovery/DNS | [dnsx](https://github.com/projectdiscovery/dnsx) | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsx) | -| Discovery/DNS | [hakrevdns](https://github.com/hakluke/hakrevdns) | Small, fast tool for performing reverse DNS lookups en masse. | ![](https://img.shields.io/github/stars/hakluke/hakrevdns) | ![](https://img.shields.io/github/languages/top/hakluke/hakrevdns) | -| Discovery/DNS | [haktrails](https://github.com/hakluke/haktrails) | Golang client for querying SecurityTrails API data | ![](https://img.shields.io/github/stars/hakluke/haktrails) | ![](https://img.shields.io/github/languages/top/hakluke/haktrails) | -| Discovery/DNS | [puredns](https://github.com/d3mondev/puredns) | Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. | ![](https://img.shields.io/github/stars/d3mondev/puredns) | ![](https://img.shields.io/github/languages/top/d3mondev/puredns) | -| Discovery/DNS | [rusolver](https://github.com/Edu4rdSHL/rusolver) | Fast and accurate DNS resolver. | ![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/rusolver) | -| Discovery/DNS | [shuffledns](https://github.com/projectdiscovery/shuffledns) | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. | ![](https://img.shields.io/github/stars/projectdiscovery/shuffledns) | ![](https://img.shields.io/github/languages/top/projectdiscovery/shuffledns) | -| Discovery/DNS | [subgen](https://github.com/pry0cc/subgen) | A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! | ![](https://img.shields.io/github/stars/pry0cc/subgen) | ![](https://img.shields.io/github/languages/top/pry0cc/subgen) | -| Discovery/DNS | [zdns](https://github.com/zmap/zdns) | Fast CLI DNS Lookup Tool | ![](https://img.shields.io/github/stars/zmap/zdns) | ![](https://img.shields.io/github/languages/top/zmap/zdns) | -| Discovery/DOMAIN | [Amass](https://github.com/OWASP/Amass) | In-depth Attack Surface Mapping and Asset Discovery | ![](https://img.shields.io/github/stars/OWASP/Amass) | ![](https://img.shields.io/github/languages/top/OWASP/Amass) | -| Discovery/DOMAIN | [Chaos Web](https://chaos.projectdiscovery.io) | actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) -| Discovery/DOMAIN | [Sublist3r](https://github.com/aboul3la/Sublist3r) | Fast subdomains enumeration tool for penetration testers | ![](https://img.shields.io/github/stars/aboul3la/Sublist3r) | ![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) | -| Discovery/DOMAIN | [altdns](https://github.com/infosec-au/altdns) | Generates permutations, alterations and mutations of subdomains and then resolves them | ![](https://img.shields.io/github/stars/infosec-au/altdns) | ![](https://img.shields.io/github/languages/top/infosec-au/altdns) | -| Discovery/DOMAIN | [assetfinder](https://github.com/tomnomnom/assetfinder) | Find domains and subdomains related to a given domain | ![](https://img.shields.io/github/stars/tomnomnom/assetfinder) | ![](https://img.shields.io/github/languages/top/tomnomnom/assetfinder) | -| Discovery/DOMAIN | [chaos-client](https://github.com/projectdiscovery/chaos-client) | Go client to communicate with Chaos DNS API. | ![](https://img.shields.io/github/stars/projectdiscovery/chaos-client) | ![](https://img.shields.io/github/languages/top/projectdiscovery/chaos-client) | -| Discovery/DOMAIN | [ditto](https://github.com/evilsocket/ditto) | A tool for IDN homograph attacks and detection. | ![](https://img.shields.io/github/stars/evilsocket/ditto) | ![](https://img.shields.io/github/languages/top/evilsocket/ditto) | -| Discovery/DOMAIN | [dmut](https://github.com/bp0lr/dmut) | A tool to perform permutations, mutations and alteration of subdomains in golang. | ![](https://img.shields.io/github/stars/bp0lr/dmut) | ![](https://img.shields.io/github/languages/top/bp0lr/dmut) | -| Discovery/DOMAIN | [findomain](https://github.com/Edu4rdSHL/findomain) | The fastest and cross-platform subdomain enumerator, do not waste your time. | ![](https://img.shields.io/github/stars/Edu4rdSHL/findomain) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) | -| Discovery/DOMAIN | [knock](https://github.com/guelfoweb/knock) | Knock Subdomain Scan | ![](https://img.shields.io/github/stars/guelfoweb/knock) | ![](https://img.shields.io/github/languages/top/guelfoweb/knock) | -| Discovery/DOMAIN | [subfinder](https://github.com/projectdiscovery/subfinder) | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. | ![](https://img.shields.io/github/stars/projectdiscovery/subfinder) | ![](https://img.shields.io/github/languages/top/projectdiscovery/subfinder) | -| Discovery/FAVICON | [FavFreak](https://github.com/devanshbatham/FavFreak) | Making Favicon.ico based Recon Great again ! | ![](https://img.shields.io/github/stars/devanshbatham/FavFreak) | ![](https://img.shields.io/github/languages/top/devanshbatham/FavFreak) | -| Discovery/FUZZ | [DirDar](https://github.com/M4DM0e/DirDar) | DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it | ![](https://img.shields.io/github/stars/M4DM0e/DirDar) | ![](https://img.shields.io/github/languages/top/M4DM0e/DirDar) | -| Discovery/FUZZ | [dirsearch](https://github.com/maurosoria/dirsearch) | Web path scanner | ![](https://img.shields.io/github/stars/maurosoria/dirsearch) | ![](https://img.shields.io/github/languages/top/maurosoria/dirsearch) | -| Discovery/FUZZ | [dontgo403](https://github.com/devploit/dontgo403) | Tool to bypass 40X response codes. | ![](https://img.shields.io/github/stars/devploit/dontgo403) | ![](https://img.shields.io/github/languages/top/devploit/dontgo403) | -| Discovery/FUZZ | [feroxbuster](https://github.com/epi052/feroxbuster) | A fast, simple, recursive content discovery tool written in Rust. | ![](https://img.shields.io/github/stars/epi052/feroxbuster) | ![](https://img.shields.io/github/languages/top/epi052/feroxbuster) | -| Discovery/FUZZ | [gobuster](https://github.com/OJ/gobuster) | Directory/File, DNS and VHost busting tool written in Go | ![](https://img.shields.io/github/stars/OJ/gobuster) | ![](https://img.shields.io/github/languages/top/OJ/gobuster) | -| Discovery/FUZZ | [medusa](https://github.com/riza/medusa) | Fastest recursive HTTP fuzzer, like a Ferrari. | ![](https://img.shields.io/github/stars/riza/medusa) | ![](https://img.shields.io/github/languages/top/riza/medusa) | -| Discovery/GH | [pagodo](https://github.com/opsdisk/pagodo) | pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching | ![](https://img.shields.io/github/stars/opsdisk/pagodo) | ![](https://img.shields.io/github/languages/top/opsdisk/pagodo) | -| Discovery/GIT | [GitMiner](https://github.com/UnkL4b/GitMiner) | Tool for advanced mining for content on Github | ![](https://img.shields.io/github/stars/UnkL4b/GitMiner) | ![](https://img.shields.io/github/languages/top/UnkL4b/GitMiner) | -| Discovery/GIT | [gitGraber](https://github.com/hisxo/gitGraber) | gitGraber | ![](https://img.shields.io/github/stars/hisxo/gitGraber) | ![](https://img.shields.io/github/languages/top/hisxo/gitGraber) | -| Discovery/GIT | [github-endpoints](https://github.com/gwen001/github-endpoints) | Find endpoints on GitHub. | ![](https://img.shields.io/github/stars/gwen001/github-endpoints) | ![](https://img.shields.io/github/languages/top/gwen001/github-endpoints) | -| Discovery/GIT | [github-regexp](https://github.com/gwen001/github-regexp) | Basically a regexp over a GitHub search. | ![](https://img.shields.io/github/stars/gwen001/github-regexp) | ![](https://img.shields.io/github/languages/top/gwen001/github-regexp) | -| Discovery/GIT | [github-search](https://github.com/gwen001/github-search) | Tools to perform basic search on GitHub. | ![](https://img.shields.io/github/stars/gwen001/github-search) | ![](https://img.shields.io/github/languages/top/gwen001/github-search) | -| Discovery/GIT | [github-subdomains](https://github.com/gwen001/github-subdomains) | Find subdomains on GitHub | ![](https://img.shields.io/github/stars/gwen001/github-subdomains) | ![](https://img.shields.io/github/languages/top/gwen001/github-subdomains) | -| Discovery/GIT | [gitleaks](https://github.com/zricethezav/gitleaks) | Scan git repos (or files) for secrets using regex and entropy 🔑 | ![](https://img.shields.io/github/stars/zricethezav/gitleaks) | ![](https://img.shields.io/github/languages/top/zricethezav/gitleaks) | -| Discovery/GIT | [gitrob](https://github.com/michenriksen/gitrob) | Reconnaissance tool for GitHub organizations | ![](https://img.shields.io/github/stars/michenriksen/gitrob) | ![](https://img.shields.io/github/languages/top/michenriksen/gitrob) | -| Discovery/GQL | [graphql-voyager](https://github.com/APIs-guru/graphql-voyager) | 🛰️ Represent any GraphQL API as an interactive graph | ![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager) | ![](https://img.shields.io/github/languages/top/APIs-guru/graphql-voyager) | -| Discovery/GQL | [inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing | ![](https://img.shields.io/github/stars/doyensec/inql) | ![](https://img.shields.io/github/languages/top/doyensec/inql) | -| Discovery/HOST | [uncover](https://github.com/projectdiscovery/uncover) | Quickly discover exposed hosts on the internet using multiple search engine. | ![](https://img.shields.io/github/stars/projectdiscovery/uncover) | ![](https://img.shields.io/github/languages/top/projectdiscovery/uncover) | -| Discovery/HTTP | [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite. | ![](https://img.shields.io/github/stars/s0md3v/Arjun) | ![](https://img.shields.io/github/languages/top/s0md3v/Arjun) | -| Discovery/HTTP | [headi](https://github.com/mlcsec/headi) | Customisable and automated HTTP header injection | ![](https://img.shields.io/github/stars/mlcsec/headi) | ![](https://img.shields.io/github/languages/top/mlcsec/headi) | -| Discovery/JS | [JSFScan.sh](https://github.com/KathanP19/JSFScan.sh) | Automation for javascript recon in bug bounty. | ![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh) | ![](https://img.shields.io/github/languages/top/KathanP19/JSFScan.sh) | -| Discovery/JS | [LinkFinder](https://github.com/GerbenJavado/LinkFinder) | A python script that finds endpoints in JavaScript files | ![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder) | ![](https://img.shields.io/github/languages/top/GerbenJavado/LinkFinder) | -| Discovery/JS | [SecretFinder](https://github.com/m4ll0k/SecretFinder) | SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files | ![](https://img.shields.io/github/stars/m4ll0k/SecretFinder) | ![](https://img.shields.io/github/languages/top/m4ll0k/SecretFinder) | -| Discovery/JS | [subjs](https://github.com/lc/subjs) | Fetches javascript file from a list of URLS or subdomains. | ![](https://img.shields.io/github/stars/lc/subjs) | ![](https://img.shields.io/github/languages/top/lc/subjs) | -| Discovery/OSINT | [spiderfoot](https://github.com/smicallef/spiderfoot) | SpiderFoot automates OSINT collection so that you can focus on analysis. | ![](https://img.shields.io/github/stars/smicallef/spiderfoot) | ![](https://img.shields.io/github/languages/top/smicallef/spiderfoot) | -| Discovery/PARAM | [ParamSpider](https://github.com/devanshbatham/ParamSpider) | Mining parameters from dark corners of Web Archives | ![](https://img.shields.io/github/stars/devanshbatham/ParamSpider) | ![](https://img.shields.io/github/languages/top/devanshbatham/ParamSpider) | -| Discovery/PARAM | [Parth](https://github.com/s0md3v/Parth) | Heuristic Vulnerable Parameter Scanner | ![](https://img.shields.io/github/stars/s0md3v/Parth) | ![](https://img.shields.io/github/languages/top/s0md3v/Parth) | -| Discovery/PARAM | [fuzzparam](https://github.com/0xsapra/fuzzparam) | A fast go based param miner to fuzz possible parameters a URL can have. | ![](https://img.shields.io/github/stars/0xsapra/fuzzparam) | ![](https://img.shields.io/github/languages/top/0xsapra/fuzzparam) | -| Discovery/PARAM | [parameth](https://github.com/maK-/parameth) | This tool can be used to brute discover GET and POST parameters | ![](https://img.shields.io/github/stars/maK-/parameth) | ![](https://img.shields.io/github/languages/top/maK-/parameth) | -| Discovery/PARAM | [x8](https://github.com/Sh1Yo/x8) | Hidden parameters discovery suite | ![](https://img.shields.io/github/stars/Sh1Yo/x8) | ![](https://img.shields.io/github/languages/top/Sh1Yo/x8) | -| Discovery/PORT | [RustScan](https://github.com/brandonskerritt/RustScan) | Faster Nmap Scanning with Rust | ![](https://img.shields.io/github/stars/brandonskerritt/RustScan) | ![](https://img.shields.io/github/languages/top/brandonskerritt/RustScan) | -| Discovery/PORT | [Shodan](https://www.shodan.io/) | World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Discovery/PORT | [masscan](https://github.com/robertdavidgraham/masscan) | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | ![](https://img.shields.io/github/stars/robertdavidgraham/masscan) | ![](https://img.shields.io/github/languages/top/robertdavidgraham/masscan) | -| Discovery/PORT | [naabu](https://github.com/projectdiscovery/naabu) | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | ![](https://img.shields.io/github/stars/projectdiscovery/naabu) | ![](https://img.shields.io/github/languages/top/projectdiscovery/naabu) | -| Discovery/PORT | [nmap](https://github.com/nmap/nmap) | Nmap - the Network Mapper. Github mirror of official SVN repository. | ![](https://img.shields.io/github/stars/nmap/nmap) | ![](https://img.shields.io/github/languages/top/nmap/nmap) | -| Discovery/TKOV | [SubOver](https://github.com/Ice3man543/SubOver) | A Powerful Subdomain Takeover Tool | ![](https://img.shields.io/github/stars/Ice3man543/SubOver) | ![](https://img.shields.io/github/languages/top/Ice3man543/SubOver) | -| Discovery/TKOV | [can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz) | "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records. | ![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz) | ![](https://img.shields.io/github/languages/top/EdOverflow/can-i-take-over-xyz) | -| Discovery/TKOV | [subjack](https://github.com/haccer/subjack) | Subdomain Takeover tool written in Go | ![](https://img.shields.io/github/stars/haccer/subjack) | ![](https://img.shields.io/github/languages/top/haccer/subjack) | -| Discovery/TKOV | [subzy](https://github.com/LukaSikic/subzy) | Subdomain takeover vulnerability checker | ![](https://img.shields.io/github/stars/LukaSikic/subzy) | ![](https://img.shields.io/github/languages/top/LukaSikic/subzy) | -| Discovery/URL | [cariddi](https://github.com/edoardottt/cariddi) | Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... | ![](https://img.shields.io/github/stars/edoardottt/cariddi) | ![](https://img.shields.io/github/languages/top/edoardottt/cariddi) | -| Discovery/URL | [crawlergo](https://github.com/Qianlitp/crawlergo) | A powerful browser crawler for web vulnerability scanners | ![](https://img.shields.io/github/stars/Qianlitp/crawlergo) | ![](https://img.shields.io/github/languages/top/Qianlitp/crawlergo) | -| Discovery/URL | [gau](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. | ![](https://img.shields.io/github/stars/lc/gau) | ![](https://img.shields.io/github/languages/top/lc/gau) | -| Discovery/URL | [gauplus](https://github.com/bp0lr/gauplus) | A modified version of gau for personal usage. Support workers, proxies and some extra things. | ![](https://img.shields.io/github/stars/bp0lr/gauplus) | ![](https://img.shields.io/github/languages/top/bp0lr/gauplus) | -| Discovery/URL | [security-crawl-maze](https://github.com/google/security-crawl-maze) | Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document. | ![](https://img.shields.io/github/stars/google/security-crawl-maze) | ![](https://img.shields.io/github/languages/top/google/security-crawl-maze) | -| Discovery/URL | [urlhunter](https://github.com/utkusen/urlhunter) | a recon tool that allows searching on URLs that are exposed via shortener services | ![](https://img.shields.io/github/stars/utkusen/urlhunter) | ![](https://img.shields.io/github/languages/top/utkusen/urlhunter) | -| Discovery/URL | [waybackurls](https://github.com/tomnomnom/waybackurls) | Fetch all the URLs that the Wayback Machine knows about for a domain | ![](https://img.shields.io/github/stars/tomnomnom/waybackurls) | ![](https://img.shields.io/github/languages/top/tomnomnom/waybackurls) | -| Discovery/VULN | [Silver](https://github.com/s0md3v/Silver) | Mass scan IPs for vulnerable services | ![](https://img.shields.io/github/stars/s0md3v/Silver) | ![](https://img.shields.io/github/languages/top/s0md3v/Silver) | -| Discovery/WEBSOCK | [STEWS](https://github.com/PalindromeLabs/STEWS) | A Security Tool for Enumerating WebSockets | ![](https://img.shields.io/github/stars/PalindromeLabs/STEWS) | ![](https://img.shields.io/github/languages/top/PalindromeLabs/STEWS) | -| Discovery/WEBSOCK | [wssip](https://github.com/nccgroup/wssip) | Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. | ![](https://img.shields.io/github/stars/nccgroup/wssip) | ![](https://img.shields.io/github/languages/top/nccgroup/wssip) | -| Fetch/HTTP | [fhc](https://github.com/Edu4rdSHL/fhc) | Fast HTTP Checker. | ![](https://img.shields.io/github/stars/Edu4rdSHL/fhc) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/fhc) | -| Fetch/HTTP | [htcat](https://github.com/htcat/htcat) | Parallel and Pipelined HTTP GET Utility | ![](https://img.shields.io/github/stars/htcat/htcat) | ![](https://img.shields.io/github/languages/top/htcat/htcat) | -| Fetch/HTTP | [httprobe](https://github.com/tomnomnom/httprobe) | Take a list of domains and probe for working HTTP and HTTPS servers | ![](https://img.shields.io/github/stars/tomnomnom/httprobe) | ![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) | -| Fetch/HTTP | [httpx](https://github.com/projectdiscovery/httpx) | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. | ![](https://img.shields.io/github/stars/projectdiscovery/httpx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/httpx) | -| Fetch/HTTP | [meg](https://github.com/tomnomnom/meg) | Fetch many paths for many hosts - without killing the hosts | ![](https://img.shields.io/github/stars/tomnomnom/meg) | ![](https://img.shields.io/github/languages/top/tomnomnom/meg) | -| Fetch/HTTP | [wuzz](https://github.com/asciimoo/wuzz) | Interactive cli tool for HTTP inspection | ![](https://img.shields.io/github/stars/asciimoo/wuzz) | ![](https://img.shields.io/github/languages/top/asciimoo/wuzz) | -| Fetch/JS | [getJS](https://github.com/003random/getJS) | A tool to fastly get all javascript sources/files | ![](https://img.shields.io/github/stars/003random/getJS) | ![](https://img.shields.io/github/languages/top/003random/getJS) | -| Scanner/CACHE | [Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner) | Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). | ![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner) | ![](https://img.shields.io/github/languages/top/Hackmanit/Web-Cache-Vulnerability-Scanner) | -| Scanner/CACHE-POISON | [fockcache](https://github.com/tismayil/fockcache) | FockCache - Minimalized Test Cache Poisoning | ![](https://img.shields.io/github/stars/tismayil/fockcache) | ![](https://img.shields.io/github/languages/top/tismayil/fockcache) | -| Scanner/CACHE-POISON | [web_cache_poison](https://github.com/fngoo/web_cache_poison) | web cache poison - Top 1 web hacking technique of 2019 | ![](https://img.shields.io/github/stars/fngoo/web_cache_poison) | ![](https://img.shields.io/github/languages/top/fngoo/web_cache_poison) | -| Scanner/CONFUSE | [confused](https://github.com/visma-prodsec/confused) | Tool to check for dependency confusion vulnerabilities in multiple package management systems | ![](https://img.shields.io/github/stars/visma-prodsec/confused) | ![](https://img.shields.io/github/languages/top/visma-prodsec/confused) | -| Scanner/CORS | [CorsMe](https://github.com/Shivangx01b/CorsMe) | Cross Origin Resource Sharing MisConfiguration Scanner | ![](https://img.shields.io/github/stars/Shivangx01b/CorsMe) | ![](https://img.shields.io/github/languages/top/Shivangx01b/CorsMe) | -| Scanner/CORS | [Corsy](https://github.com/s0md3v/Corsy) | CORS Misconfiguration Scanner | ![](https://img.shields.io/github/stars/s0md3v/Corsy) | ![](https://img.shields.io/github/languages/top/s0md3v/Corsy) | -| Scanner/CORS | [corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan) | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). | ![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan) | ![](https://img.shields.io/github/languages/top/Santandersecurityresearch/corsair_scan) | -| Scanner/CRLF | [crlfuzz](https://github.com/dwisiswant0/crlfuzz) | A fast tool to scan CRLF vulnerability written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz) | ![](https://img.shields.io/github/languages/top/dwisiswant0/crlfuzz) | -| Scanner/CSRF | [XSRFProbe](https://github.com/0xInfection/XSRFProbe) | The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. | ![](https://img.shields.io/github/stars/0xInfection/XSRFProbe) | ![](https://img.shields.io/github/languages/top/0xInfection/XSRFProbe) | -| Scanner/FUZZ | [BruteX](https://github.com/1N3/BruteX) | Automatically brute force all services running on a target. | ![](https://img.shields.io/github/stars/1N3/BruteX) | ![](https://img.shields.io/github/languages/top/1N3/BruteX) | -| Scanner/FUZZ | [PPScan](https://github.com/msrkp/PPScan) | Client Side Prototype Pollution Scanner | ![](https://img.shields.io/github/stars/msrkp/PPScan) | ![](https://img.shields.io/github/languages/top/msrkp/PPScan) | -| Scanner/FUZZ | [VHostScan](https://github.com/codingo/VHostScan) | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. | ![](https://img.shields.io/github/stars/codingo/VHostScan) | ![](https://img.shields.io/github/languages/top/codingo/VHostScan) | -| Scanner/FUZZ | [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer written in Go | ![](https://img.shields.io/github/stars/ffuf/ffuf) | ![](https://img.shields.io/github/languages/top/ffuf/ffuf) | -| Scanner/FUZZ | [plution](https://github.com/raverrr/plution) | Prototype pollution scanner using headless chrome | ![](https://img.shields.io/github/stars/raverrr/plution) | ![](https://img.shields.io/github/languages/top/raverrr/plution) | -| Scanner/FUZZ | [ppfuzz](https://github.com/dwisiswant0/ppfuzz) | A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 | ![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz) | ![](https://img.shields.io/github/languages/top/dwisiswant0/ppfuzz) | -| Scanner/FUZZ | [ppmap](https://github.com/kleiton0x00/ppmap) | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | ![](https://img.shields.io/github/stars/kleiton0x00/ppmap) | ![](https://img.shields.io/github/languages/top/kleiton0x00/ppmap) | -| Scanner/FUZZ | [thc-hydra](https://github.com/vanhauser-thc/thc-hydra) | hydra | ![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra) | ![](https://img.shields.io/github/languages/top/vanhauser-thc/thc-hydra) | -| Scanner/FUZZ | [wfuzz](https://github.com/xmendez/wfuzz) | Web application fuzzer | ![](https://img.shields.io/github/stars/xmendez/wfuzz) | ![](https://img.shields.io/github/languages/top/xmendez/wfuzz) | -| Scanner/GQL | [GraphQLmap](https://github.com/swisskyrepo/GraphQLmap) | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. | ![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap) | ![](https://img.shields.io/github/languages/top/swisskyrepo/GraphQLmap) | -| Scanner/JS | [jsprime](https://github.com/dpnishant/jsprime) | a javascript static security analysis tool | ![](https://img.shields.io/github/stars/dpnishant/jsprime) | ![](https://img.shields.io/github/languages/top/dpnishant/jsprime) | -| Scanner/LFI | [LFISuite](https://github.com/D35m0nd142/LFISuite) | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner | ![](https://img.shields.io/github/stars/D35m0nd142/LFISuite) | ![](https://img.shields.io/github/languages/top/D35m0nd142/LFISuite) | -| Scanner/LFI | [dotdotpwn](https://github.com/wireghoul/dotdotpwn) | DotDotPwn - The Directory Traversal Fuzzer | ![](https://img.shields.io/github/stars/wireghoul/dotdotpwn) | ![](https://img.shields.io/github/languages/top/wireghoul/dotdotpwn) | -| Scanner/NOSQL | [NoSQLMap](https://github.com/codingo/NoSQLMap) | Automated NoSQL database enumeration and web application exploitation tool. | ![](https://img.shields.io/github/stars/codingo/NoSQLMap) | ![](https://img.shields.io/github/languages/top/codingo/NoSQLMap) | -| Scanner/NOSQL | [nosqli](https://github.com/Charlie-belmer/nosqli) | NoSql Injection CLI tool | ![](https://img.shields.io/github/stars/Charlie-belmer/nosqli) | ![](https://img.shields.io/github/languages/top/Charlie-belmer/nosqli) | -| Scanner/RCE | [commix](https://github.com/commixproject/commix) | Automated All-in-One OS Command Injection Exploitation Tool. | ![](https://img.shields.io/github/stars/commixproject/commix) | ![](https://img.shields.io/github/languages/top/commixproject/commix) | -| Scanner/RECON | [Osmedeus](https://github.com/j3ssie/Osmedeus) | Fully automated offensive security framework for reconnaissance and vulnerability scanning | ![](https://img.shields.io/github/stars/j3ssie/Osmedeus) | ![](https://img.shields.io/github/languages/top/j3ssie/Osmedeus) | -| Scanner/RECON | [Sn1per](https://github.com/1N3/Sn1per) | Automated pentest framework for offensive security experts | ![](https://img.shields.io/github/stars/1N3/Sn1per) | ![](https://img.shields.io/github/languages/top/1N3/Sn1per) | -| Scanner/RECON | [megplus](https://github.com/EdOverflow/megplus) | Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] | ![](https://img.shields.io/github/stars/EdOverflow/megplus) | ![](https://img.shields.io/github/languages/top/EdOverflow/megplus) | -| Scanner/REDIRECT | [OpenRedireX](https://github.com/devanshbatham/OpenRedireX) | A Fuzzer for OpenRedirect issues | ![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX) | ![](https://img.shields.io/github/languages/top/devanshbatham/OpenRedireX) | -| Scanner/S3 | [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump) | Security Tool to Look For Interesting Files in S3 Buckets | ![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump) | ![](https://img.shields.io/github/languages/top/jordanpotti/AWSBucketDump) | -| Scanner/S3 | [S3Scanner](https://github.com/sa7mon/S3Scanner) | Scan for open AWS S3 buckets and dump the contents | ![](https://img.shields.io/github/stars/sa7mon/S3Scanner) | ![](https://img.shields.io/github/languages/top/sa7mon/S3Scanner) | -| Scanner/SMUGGLE | [HRS](https://github.com/SafeBreach-Labs/HRS) | HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. | ![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS) | ![](https://img.shields.io/github/languages/top/SafeBreach-Labs/HRS) | -| Scanner/SMUGGLE | [h2csmuggler](https://github.com/assetnote/h2csmuggler) | HTTP Request Smuggling Detection Tool | ![](https://img.shields.io/github/stars/assetnote/h2csmuggler) | ![](https://img.shields.io/github/languages/top/assetnote/h2csmuggler) | -| Scanner/SMUGGLE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs. | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) | -| Scanner/SMUGGLE | [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) | HTTP Request Smuggling Detection Tool | ![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling) | ![](https://img.shields.io/github/languages/top/anshumanpattnaik/http-request-smuggling) | -| Scanner/SMUGGLE | [http2smugl](https://github.com/neex/http2smugl) | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. | ![](https://img.shields.io/github/stars/neex/http2smugl) | ![](https://img.shields.io/github/languages/top/neex/http2smugl) | -| Scanner/SMUGGLE | [smuggler](https://github.com/defparam/smuggler) | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 | ![](https://img.shields.io/github/stars/defparam/smuggler) | ![](https://img.shields.io/github/languages/top/defparam/smuggler) | -| Scanner/SMUGGLE | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler | ![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) | -| Scanner/SMUGGLE | [ws-smuggler](https://github.com/hahwul/ws-smuggler) | WebSocket Connection Smuggler | ![](https://img.shields.io/github/stars/hahwul/ws-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/ws-smuggler) | -| Scanner/SQL | [SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Scanner/SQLi | [DSSS](https://github.com/stamparm/DSSS) | Damn Small SQLi Scanner | ![](https://img.shields.io/github/stars/stamparm/DSSS) | ![](https://img.shields.io/github/languages/top/stamparm/DSSS) | -| Scanner/SQLi | [SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -| Scanner/SQLi | [sqliv](https://github.com/the-robot/sqliv) | massive SQL injection vulnerability scanner | ![](https://img.shields.io/github/stars/the-robot/sqliv) | ![](https://img.shields.io/github/languages/top/the-robot/sqliv) | -| Scanner/SQLi | [sqlmap](https://github.com/sqlmapproject/sqlmap) | Automatic SQL injection and database takeover tool | ![](https://img.shields.io/github/stars/sqlmapproject/sqlmap) | ![](https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) | -| Scanner/SSL | [DeepViolet](https://github.com/spoofzu/DeepViolet) | Tool for introspection of SSL\TLS sessions | ![](https://img.shields.io/github/stars/spoofzu/DeepViolet) | ![](https://img.shields.io/github/languages/top/spoofzu/DeepViolet) | -| Scanner/SSL | [a2sv](https://github.com/hahwul/a2sv) | Auto Scanning to SSL Vulnerability | ![](https://img.shields.io/github/stars/hahwul/a2sv) | ![](https://img.shields.io/github/languages/top/hahwul/a2sv) | -| Scanner/SSL | [testssl.sh](https://github.com/drwetter/testssl.sh) | Testing TLS/SSL encryption anywhere on any port | ![](https://img.shields.io/github/stars/drwetter/testssl.sh) | ![](https://img.shields.io/github/languages/top/drwetter/testssl.sh) | -| Scanner/SSRF | [SSRFmap](https://github.com/swisskyrepo/SSRFmap) | Automatic SSRF fuzzer and exploitation tool | ![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap) | ![](https://img.shields.io/github/languages/top/swisskyrepo/SSRFmap) | -| Scanner/SSRF | [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) | A simple SSRF-testing sheriff written in Go | ![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff) | ![](https://img.shields.io/github/languages/top/teknogeek/ssrf-sheriff) | -| Scanner/SSTI | [tplmap](https://github.com/epinna/tplmap) | Server-Side Template Injection and Code Injection Detection and Exploitation Tool | ![](https://img.shields.io/github/stars/epinna/tplmap) | ![](https://img.shields.io/github/languages/top/epinna/tplmap) | -| Scanner/WP | [wprecon](https://github.com/blackcrw/wprecon) | Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. | ![](https://img.shields.io/github/stars/blackcrw/wprecon) | ![](https://img.shields.io/github/languages/top/blackcrw/wprecon) | -| Scanner/WP | [wpscan](https://github.com/wpscanteam/wpscan) | WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. | ![](https://img.shields.io/github/stars/wpscanteam/wpscan) | ![](https://img.shields.io/github/languages/top/wpscanteam/wpscan) | -| Scanner/WVS | [Striker](https://github.com/s0md3v/Striker) | Striker is an offensive information and vulnerability scanner. | ![](https://img.shields.io/github/stars/s0md3v/Striker) | ![](https://img.shields.io/github/languages/top/s0md3v/Striker) | -| Scanner/WVS | [Taipan](https://github.com/enkomio/Taipan) | Web application vulnerability scanner | ![](https://img.shields.io/github/stars/enkomio/Taipan) | ![](https://img.shields.io/github/languages/top/enkomio/Taipan) | -| Scanner/WVS | [arachni](https://github.com/Arachni/arachni) | Web Application Security Scanner Framework | ![](https://img.shields.io/github/stars/Arachni/arachni) | ![](https://img.shields.io/github/languages/top/Arachni/arachni) | -| Scanner/WVS | [nikto](https://github.com/sullo/nikto) | Nikto web server scanner | ![](https://img.shields.io/github/stars/sullo/nikto) | ![](https://img.shields.io/github/languages/top/sullo/nikto) | -| Scanner/WVS | [rapidscan](https://github.com/skavngr/rapidscan) | The Multi-Tool Web Vulnerability Scanner. | ![](https://img.shields.io/github/stars/skavngr/rapidscan) | ![](https://img.shields.io/github/languages/top/skavngr/rapidscan) | -| Scanner/WVS | [zap-cli](https://github.com/Grunny/zap-cli) | A simple tool for interacting with OWASP ZAP from the commandline. | ![](https://img.shields.io/github/stars/Grunny/zap-cli) | ![](https://img.shields.io/github/languages/top/Grunny/zap-cli) | -| Scanner/XSS | [Cyclops](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) | Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. | ![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking) | ![](https://img.shields.io/github/languages/top/v8blink/Chromium-based-XSS-Taint-Tracking) | -| Scanner/XSS | [DOMPurify](https://github.com/cure53/DOMPurify) | DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: | ![](https://img.shields.io/github/stars/cure53/DOMPurify) | ![](https://img.shields.io/github/languages/top/cure53/DOMPurify) | -| Scanner/XSS | [XSStrike](https://github.com/s0md3v/XSStrike) | Most advanced XSS scanner. | ![](https://img.shields.io/github/stars/s0md3v/XSStrike) | ![](https://img.shields.io/github/languages/top/s0md3v/XSStrike) | -| Scanner/XSS | [XSpear](https://github.com/hahwul/XSpear) | Powerfull XSS Scanning and Parameter analysis tool&gem | ![](https://img.shields.io/github/stars/hahwul/XSpear) | ![](https://img.shields.io/github/languages/top/hahwul/XSpear) | -| Scanner/XSS | [dalfox](https://github.com/hahwul/dalfox) | 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang | ![](https://img.shields.io/github/stars/hahwul/dalfox) | ![](https://img.shields.io/github/languages/top/hahwul/dalfox) | -| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications | ![](https://img.shields.io/github/stars/fcavallarin/domdig) | ![](https://img.shields.io/github/languages/top/fcavallarin/domdig) | -| Scanner/XSS | [ezXSS](https://github.com/ssl/ezXSS) | ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. | ![](https://img.shields.io/github/stars/ssl/ezXSS) | ![](https://img.shields.io/github/languages/top/ssl/ezXSS) | -| Scanner/XSS | [findom-xss](https://github.com/dwisiswant0/findom-xss) | A fast DOM based XSS vulnerability scanner with simplicity. | ![](https://img.shields.io/github/stars/dwisiswant0/findom-xss) | ![](https://img.shields.io/github/languages/top/dwisiswant0/findom-xss) | -| Scanner/XSS | [xsscrapy](https://github.com/DanMcInerney/xsscrapy) | XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. | ![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy) | ![](https://img.shields.io/github/languages/top/DanMcInerney/xsscrapy) | -| Scanner/XSS | [xsser](https://github.com/epsylon/xsser) | Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. | ![](https://img.shields.io/github/stars/epsylon/xsser) | ![](https://img.shields.io/github/languages/top/epsylon/xsser) | -| ToolBox/ALL | [Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz) | BBT - Bug Bounty Tools | ![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz) | ![](https://img.shields.io/github/languages/top/m4ll0k/Bug-Bounty-Toolz) | -| ToolBox/ALL | [CyberChef](https://github.com/gchq/CyberChef) | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis | ![](https://img.shields.io/github/stars/gchq/CyberChef) | ![](https://img.shields.io/github/languages/top/gchq/CyberChef) | -| ToolBox/ALL | [hacks](https://github.com/tomnomnom/hacks) | A collection of hacks and one-off scripts | ![](https://img.shields.io/github/stars/tomnomnom/hacks) | ![](https://img.shields.io/github/languages/top/tomnomnom/hacks) | -| ToolBox/ALL | [pentest-tools](https://github.com/gwen001/pentest-tools) | Custom pentesting tools | ![](https://img.shields.io/github/stars/gwen001/pentest-tools) | ![](https://img.shields.io/github/languages/top/gwen001/pentest-tools) | -| ToolBox/DNS Rebind | [singularity](https://github.com/nccgroup/singularity) | A DNS rebinding attack framework. | ![](https://img.shields.io/github/stars/nccgroup/singularity) | ![](https://img.shields.io/github/languages/top/nccgroup/singularity) | -| Utility/ANY | [anew](https://github.com/tomnomnom/anew) | A tool for adding new lines to files, skipping duplicates | ![](https://img.shields.io/github/stars/tomnomnom/anew) | ![](https://img.shields.io/github/languages/top/tomnomnom/anew) | -| Utility/ANY | [bat](https://github.com/sharkdp/bat) | A cat(1) clone with wings. | ![](https://img.shields.io/github/stars/sharkdp/bat) | ![](https://img.shields.io/github/languages/top/sharkdp/bat) | -| Utility/ANY | [fzf](https://github.com/junegunn/fzf) | A command-line fuzzy finder | ![](https://img.shields.io/github/stars/junegunn/fzf) | ![](https://img.shields.io/github/languages/top/junegunn/fzf) | -| Utility/ANY | [gee](https://github.com/hahwul/gee) | 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go | ![](https://img.shields.io/github/stars/hahwul/gee) | ![](https://img.shields.io/github/languages/top/hahwul/gee) | -| Utility/ANY | [grc](https://github.com/garabik/grc) | generic colouriser | ![](https://img.shields.io/github/stars/garabik/grc) | ![](https://img.shields.io/github/languages/top/garabik/grc) | -| Utility/ANY | [pet](https://github.com/knqyf263/pet) | Simple command-line snippet manager, written in Go. | ![](https://img.shields.io/github/stars/knqyf263/pet) | ![](https://img.shields.io/github/languages/top/knqyf263/pet) | -| Utility/B-ADDON | [postMessage-tracker](https://github.com/fransr/postMessage-tracker) | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon | ![](https://img.shields.io/github/stars/fransr/postMessage-tracker) | ![](https://img.shields.io/github/languages/top/fransr/postMessage-tracker) | -| Utility/BRIDGE | [Atlas](https://github.com/m4ll0k/Atlas) | Quick SQLMap Tamper Suggester | ![](https://img.shields.io/github/stars/m4ll0k/Atlas) | ![](https://img.shields.io/github/languages/top/m4ll0k/Atlas) | -| Utility/CRACK | [hashcat](https://github.com/hashcat/hashcat/) | World's fastest and most advanced password recovery utility | ![](https://img.shields.io/github/stars/hashcat/hashcat/) | ![](https://img.shields.io/github/languages/top/hashcat/hashcat/) | -| Utility/CSP | [CSP Evaluator](https://csp-evaluator.withgoogle.com) | Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Utility/ENV | [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) | GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep | ![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns) | ![](https://img.shields.io/github/languages/top/1ndianl33t/Gf-Patterns) | -| Utility/ENV | [recon_profile](https://github.com/nahamsec/recon_profile) | Recon profile (bash profile) for bugbounty | ![](https://img.shields.io/github/stars/nahamsec/recon_profile) | ![](https://img.shields.io/github/languages/top/nahamsec/recon_profile) | -| Utility/ETC | [Phoenix](https://www.hahwul.com/p/phoenix.html) | hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Utility/FLOW | [SequenceDiagram](https://sequencediagram.org) | Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) | ![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)| -| Utility/GIT | [gitls](https://github.com/hahwul/gitls) | Listing git repository from URL/User/Org | ![](https://img.shields.io/github/stars/hahwul/gitls) | ![](https://img.shields.io/github/languages/top/hahwul/gitls) | -| Utility/GREP | [gf](https://github.com/tomnomnom/gf) | A wrapper around grep, to help you grep for things | ![](https://img.shields.io/github/stars/tomnomnom/gf) | ![](https://img.shields.io/github/languages/top/tomnomnom/gf) | -| Utility/HTTP | [curl](https://github.com/curl/curl) | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features | ![](https://img.shields.io/github/stars/curl/curl) | ![](https://img.shields.io/github/languages/top/curl/curl) | -| Utility/HTTP | [httpie](https://github.com/httpie/httpie) | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie | ![](https://img.shields.io/github/stars/httpie/httpie) | ![](https://img.shields.io/github/languages/top/httpie/httpie) | -| Utility/HTTP | [hurl](https://github.com/Orange-OpenSource/hurl) | Hurl, run and test HTTP requests. | ![](https://img.shields.io/github/stars/Orange-OpenSource/hurl) | ![](https://img.shields.io/github/languages/top/Orange-OpenSource/hurl) | -| Utility/JSON | [gron](https://github.com/tomnomnom/gron) | Make JSON greppable! | ![](https://img.shields.io/github/stars/tomnomnom/gron) | ![](https://img.shields.io/github/languages/top/tomnomnom/gron) | -| Utility/JWT | [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) | JWT brute force cracker written in C | ![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker) | ![](https://img.shields.io/github/languages/top/brendan-rius/c-jwt-cracker) | -| Utility/JWT | [jwt-cracker](https://github.com/lmammino/jwt-cracker) | Simple HS256 JWT token brute force cracker | ![](https://img.shields.io/github/stars/lmammino/jwt-cracker) | ![](https://img.shields.io/github/languages/top/lmammino/jwt-cracker) | -| Utility/JWT | [jwt-hack](https://github.com/hahwul/jwt-hack) | 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce) | ![](https://img.shields.io/github/stars/hahwul/jwt-hack) | ![](https://img.shields.io/github/languages/top/hahwul/jwt-hack) | -| Utility/NOTIFY | [Emissary](https://github.com/BountyStrike/Emissary) | Send notifications on different channels such as Slack, Telegram, Discord etc. | ![](https://img.shields.io/github/stars/BountyStrike/Emissary) | ![](https://img.shields.io/github/languages/top/BountyStrike/Emissary) | -| Utility/NOTIFY | [ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack) | Hacky Slack - a bash script that sends beautiful messages to Slack | ![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack) | ![](https://img.shields.io/github/languages/top/openbridge/ob_hacky_slack) | -| Utility/NOTIFY | [slackcat](https://github.com/bcicen/slackcat) | CLI utility to post files and command output to slack | ![](https://img.shields.io/github/stars/bcicen/slackcat) | ![](https://img.shields.io/github/languages/top/bcicen/slackcat) | -| Utility/OAST | [TukTuk](https://github.com/ArturSS7/TukTuk) | Tool for catching and logging different types of requests. | ![](https://img.shields.io/github/stars/ArturSS7/TukTuk) | ![](https://img.shields.io/github/languages/top/ArturSS7/TukTuk) | -| Utility/OAST | [boast](https://github.com/marcoagner/boast) | The BOAST Outpost for AppSec Testing (v0.1.0) | ![](https://img.shields.io/github/stars/marcoagner/boast) | ![](https://img.shields.io/github/languages/top/marcoagner/boast) | -| Utility/OAST | [dnsobserver](https://github.com/allyomalley/dnsobserver) | A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. | ![](https://img.shields.io/github/stars/allyomalley/dnsobserver) | ![](https://img.shields.io/github/languages/top/allyomalley/dnsobserver) | -| Utility/OAST | [interactsh](https://github.com/projectdiscovery/interactsh) | An OOB interaction gathering server and client library | ![](https://img.shields.io/github/stars/projectdiscovery/interactsh) | ![](https://img.shields.io/github/languages/top/projectdiscovery/interactsh) | -| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. | ![](https://img.shields.io/github/stars/lc/230-OOB) | ![](https://img.shields.io/github/languages/top/lc/230-OOB) | -| Utility/PAYLOAD | [Blacklist3r](https://github.com/NotSoSecure/Blacklist3r) | project-blacklist3r | ![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r) | ![](https://img.shields.io/github/languages/top/NotSoSecure/Blacklist3r) | -| Utility/PAYLOAD | [Findsploit](https://github.com/1N3/Findsploit) | Find exploits in local and online databases instantly | ![](https://img.shields.io/github/stars/1N3/Findsploit) | ![](https://img.shields.io/github/languages/top/1N3/Findsploit) | -| Utility/PAYLOAD | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ![](https://img.shields.io/github/stars/tarunkant/Gopherus) | ![](https://img.shields.io/github/languages/top/tarunkant/Gopherus) | -| Utility/PAYLOAD | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) | -| Utility/PAYLOAD | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) | ![](https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) | -| Utility/PAYLOAD | [PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) | 📡 PoC auto collect from GitHub. Be careful malware. | ![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub) | ![](https://img.shields.io/github/languages/top/nomi-sec/PoC-in-GitHub) | -| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | ![](https://img.shields.io/github/stars/enjoiz/XXEinjector) | ![](https://img.shields.io/github/languages/top/enjoiz/XXEinjector) | -| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | ![](https://img.shields.io/github/stars/whitel1st/docem) | ![](https://img.shields.io/github/languages/top/whitel1st/docem) | -| Utility/PAYLOAD | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) | -| Utility/PAYLOAD | [jsfuck](https://github.com/aemkei/jsfuck) | Write any JavaScript with 6 Characters | ![](https://img.shields.io/github/stars/aemkei/jsfuck) | ![](https://img.shields.io/github/languages/top/aemkei/jsfuck) | -| Utility/PAYLOAD | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes | ![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) | ![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) | -| Utility/PAYLOAD | [quickjack](https://github.com/samyk/quickjack) | Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks. | ![](https://img.shields.io/github/stars/samyk/quickjack) | ![](https://img.shields.io/github/languages/top/samyk/quickjack) | -| Utility/PAYLOAD | [security-research-pocs](https://github.com/google/security-research-pocs) | Proof-of-concept codes created as part of security research done by Google Security Team. | ![](https://img.shields.io/github/stars/google/security-research-pocs) | ![](https://img.shields.io/github/languages/top/google/security-research-pocs) | -| Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 | ![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) | ![](https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) | -| Utility/PAYLOAD | [xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data) | This repository contains all the XSS cheatsheet data to allow contributions from the community. | ![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) | ![](https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) | -| Utility/PAYLOAD | [xssor2](https://github.com/evilcos/xssor2) | XSS'OR - Hack with JavaScript. | ![](https://img.shields.io/github/stars/evilcos/xssor2) | ![](https://img.shields.io/github/languages/top/evilcos/xssor2) | -| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads | ![](https://img.shields.io/github/stars/staaldraad/xxeserv) | ![](https://img.shields.io/github/languages/top/staaldraad/xxeserv) | -| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) | -| Utility/PAYLOAD | [ysoserial.net](https://github.com/pwntester/ysoserial.net) | Deserialization payload generator for a variety of .NET formatters | ![](https://img.shields.io/github/stars/pwntester/ysoserial.net) | ![](https://img.shields.io/github/languages/top/pwntester/ysoserial.net) | -| Utility/PENTEST | [axiom](https://github.com/pry0cc/axiom) | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! | ![](https://img.shields.io/github/stars/pry0cc/axiom) | ![](https://img.shields.io/github/languages/top/pry0cc/axiom) | -| Utility/PENTEST | [pwncat](https://github.com/cytopia/pwncat) | pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) | ![](https://img.shields.io/github/stars/cytopia/pwncat) | ![](https://img.shields.io/github/languages/top/cytopia/pwncat) | -| Utility/S3 | [s3reverse](https://github.com/hahwul/s3reverse) | The format of various s3 buckets is convert in one format. for bugbounty and security testing. | ![](https://img.shields.io/github/stars/hahwul/s3reverse) | ![](https://img.shields.io/github/languages/top/hahwul/s3reverse) | -| Utility/SETUP | [autochrome](https://github.com/nccgroup/autochrome) | This tool downloads, installs, and configures a shiny new copy of Chromium. | ![](https://img.shields.io/github/stars/nccgroup/autochrome) | ![](https://img.shields.io/github/languages/top/nccgroup/autochrome) | -| Utility/SHOT | [gowitness](https://github.com/sensepost/gowitness) | 🔍 gowitness - a golang, web screenshot utility using Chrome Headless | ![](https://img.shields.io/github/stars/sensepost/gowitness) | ![](https://img.shields.io/github/languages/top/sensepost/gowitness) | -| Utility/Scripts | [tiscripts](https://github.com/defparam/tiscripts) | Turbo Intruder Scripts | ![](https://img.shields.io/github/stars/defparam/tiscripts) | ![](https://img.shields.io/github/languages/top/defparam/tiscripts) | -| Utility/TEMPLATE | [bountyplz](https://github.com/fransr/bountyplz) | Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) | ![](https://img.shields.io/github/stars/fransr/bountyplz) | ![](https://img.shields.io/github/languages/top/fransr/bountyplz) | -| Utility/TEMPLATE | [template-generator](https://github.com/fransr/template-generator) | A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. | ![](https://img.shields.io/github/stars/fransr/template-generator) | ![](https://img.shields.io/github/languages/top/fransr/template-generator) | -| Utility/URL | [burl](https://github.com/tomnomnom/burl) | A Broken-URL Checker | ![](https://img.shields.io/github/stars/tomnomnom/burl) | ![](https://img.shields.io/github/languages/top/tomnomnom/burl) | -| Utility/URL | [cf-check](https://github.com/dwisiswant0/cf-check) | Cloudflare Checker written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/cf-check) | ![](https://img.shields.io/github/languages/top/dwisiswant0/cf-check) | -| Utility/URL | [grex](https://github.com/pemistahl/grex) | A command-line tool and library for generating regular expressions from user-provided test cases | ![](https://img.shields.io/github/stars/pemistahl/grex) | ![](https://img.shields.io/github/languages/top/pemistahl/grex) | -| Utility/URL | [hakcheckurl](https://github.com/hakluke/hakcheckurl) | Takes a list of URLs and returns their HTTP response codes | ![](https://img.shields.io/github/stars/hakluke/hakcheckurl) | ![](https://img.shields.io/github/languages/top/hakluke/hakcheckurl) | -| Utility/URL | [qsreplace](https://github.com/tomnomnom/qsreplace) | Accept URLs on stdin, replace all query string values with a user-supplied value | ![](https://img.shields.io/github/stars/tomnomnom/qsreplace) | ![](https://img.shields.io/github/languages/top/tomnomnom/qsreplace) | -| Utility/URL | [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin | ![](https://img.shields.io/github/stars/tomnomnom/unfurl) | ![](https://img.shields.io/github/languages/top/tomnomnom/unfurl) | -| Utility/URL | [urlprobe](https://github.com/1ndianl33t/urlprobe) | Urls status code & content length checker | ![](https://img.shields.io/github/stars/1ndianl33t/urlprobe) | ![](https://img.shields.io/github/languages/top/1ndianl33t/urlprobe) | -| Utility/URL | [uro](https://github.com/s0md3v/uro) | declutters url lists for crawling/pentesting | ![](https://img.shields.io/github/stars/s0md3v/uro) | ![](https://img.shields.io/github/languages/top/s0md3v/uro) | -| Utility/WAF | [gotestwaf](https://github.com/wallarm/gotestwaf) | An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses | ![](https://img.shields.io/github/stars/wallarm/gotestwaf) | ![](https://img.shields.io/github/languages/top/wallarm/gotestwaf) | -| Utility/WORD | [wordlists](https://github.com/assetnote/wordlists) | Automated & Manual Wordlists provided by Assetnote | ![](https://img.shields.io/github/stars/assetnote/wordlists) | ![](https://img.shields.io/github/languages/top/assetnote/wordlists) | -| Utility/WORD | [CT_subdomains](https://github.com/internetwache/CT_subdomains) | An hourly updated list of subdomains gathered from certificate transparency logs | ![](https://img.shields.io/github/stars/internetwache/CT_subdomains) | ![](https://img.shields.io/github/languages/top/internetwache/CT_subdomains) | -| Utility/WORD | [SecLists](https://github.com/danielmiessler/SecLists) | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | ![](https://img.shields.io/github/stars/danielmiessler/SecLists) | ![](https://img.shields.io/github/languages/top/danielmiessler/SecLists) | -| Utility/WORD | [longtongue](https://github.com/edoardottt/longtongue) | Customized Password/Passphrase List inputting Target Info | ![](https://img.shields.io/github/stars/edoardottt/longtongue) | ![](https://img.shields.io/github/languages/top/edoardottt/longtongue) | -| Utility/WORD | [subs_all](https://github.com/emadshanab/subs_all) | Subdomain Enumeration Wordlist. 8956437 unique words. Updated. | ![](https://img.shields.io/github/stars/emadshanab/subs_all) | ![](https://img.shields.io/github/languages/top/emadshanab/subs_all) | -| Utility/WORDLIST | [gotator](https://github.com/Josue87/gotator) | Gotator is a tool to generate DNS wordlists through permutations. | ![](https://img.shields.io/github/stars/Josue87/gotator) | ![](https://img.shields.io/github/languages/top/Josue87/gotator) | -| Utility/XS-Leaks | [xsinator.com](https://github.com/RUB-NDS/xsinator.com) | XS-Leak Browser Test Suite | ![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com) | ![](https://img.shields.io/github/languages/top/RUB-NDS/xsinator.com) | +### Tools +| Type | Name | Description | Badges | Popularity | +| --- | --- | --- | --- | --- | +|[]|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| +|[]|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| +|[]|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| +|[]|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| +|[]|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| +|[]|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| +|[]|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| +|[]|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| +|[]|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| +|[]|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| +|[]|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| +|[]|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| +|[]|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| +|[]|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets||![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| +|[]|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)||x| +|[]|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| +|[]|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| +|[]|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| +|[]|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| +|[]|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| +|[]|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| +|[]|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| +|[]|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| +|[]|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| +|[]|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| +|[]|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| +|[]|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| +|[]|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| +|[]|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| +|[]|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| +|[]|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| +|[]|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| +|[]|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| +|[]|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| +|[]|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| +|[]|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| +|[]|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| +|[]|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| +|[]|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| +|[]|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| +|[]|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| +|[]|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| +|[]|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| +|[]|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| +|[]|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| +|[]|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| +|[]|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| +|[]|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| +|[]|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| +|[]|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| +|[]|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| +|[]|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| +|[]|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| +|[]|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| +|[]|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| +|[]|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| +|[]|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| +|[]|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| +|[]|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| +|[]|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| +|[]|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| +|[]|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| +|[]|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| +|[]|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| +|[]|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| +|[]|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| +|[]|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| +|[]|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| +|[]|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| +|[]|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| +|[]|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| +|[]|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| +|[]|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| +|[]|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| +|[]|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| +|[]|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| +|[]|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| +|[]|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| +|[]|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| +|[]|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| +|[]|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| +|[]|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| +|[]|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| +|[]|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| +|[]|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| +|[]|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| +|[]|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| +|[]|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| +|[]|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| +|[]|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| +|[]|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| +|[]|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| +|[]|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| +|[]|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).||![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| +|[]|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| +|[]|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| +|[]|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| +|[]|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| +|[]|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| +|[]|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| +|[]|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| +|[]|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| +|[]|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| +|[]|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| +|[]|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| +|[]|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| +|[]|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| +|[]|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| +|[]|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| +|[]|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| +|[]|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| +|[]|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| +|[]|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| +|[]|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| +|[]|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| +|[]|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| +|[]|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| +|[]|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| +|[]|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| +|[]|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| +|[]|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| +|[]|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| +|[]|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| +|[]|[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| +|[]|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| +|[]|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| +|[]|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| +|[]|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| +|[]|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.||![](https://img.shields.io/github/stars/lc/230-OOB)| +|[]|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| +|[]|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| +|[]|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| +|[]|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| +|[]|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| +|[]|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| +|[]|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| +|[]|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| +|[]|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| +|[]|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners||![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| +|[]|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| +|[]|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| +|[]|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| +|[]|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)||![](https://img.shields.io/github/stars/marcoagner/boast)| +|[]|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| +|[]|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...||![](https://img.shields.io/github/stars/edoardottt/cariddi)| +|[]|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| +|[]|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack)| +|[]|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| +|[]|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| +|[]|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| +|[]|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| +|[]|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| +|[]|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| +|[]|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| +|[]|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| +|[]|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools ||![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| +|[]|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| +|[]|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| +|[]|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| +|[]|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| +|[]|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| +|[]|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| +|[]|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| +|[]|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| +|[]|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| +|[]|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| +|[]|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +|[]|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| +|[]|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| +|[]|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| +|[]|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| +|[]|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](./images/apple.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| +|[]|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| +|[]|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| +|[]|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.||![](https://img.shields.io/github/stars/commixproject/commix)| +|[]|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| +|[]|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| +|[]|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| +|[]|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| +|[]|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| +|[]|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| +|[]|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| +|[]|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| +|[]|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| +|[]|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| +|[]|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.||![](https://img.shields.io/github/stars/1N3/BruteX)| +|[]|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| +|[]|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| +|[]|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| +|[]|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| +|[]|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| +|[]|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| +|[]|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| +|[]|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| +|[]|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| +|[]|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| +|[]|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| +|[]|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| +|[]|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| +|[]|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| +|[]|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems||![](https://img.shields.io/github/stars/visma-prodsec/confused)| +|[]|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| +|[]|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| +|[]|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| +|[]|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| +|[]|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| +|[]|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| +|[]|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| +|[]|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project||x| +|[]|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| +|[]|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| +|[]|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| +|[]|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| +|[]|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| +|[]|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| +|[]|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| +|[]|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| +|[]|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| +|[]|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.||![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| +|[]|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.||![](https://img.shields.io/github/stars/eslam3kl/3klCon)| +|[]|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| +|[]|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| +|[]|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| +|[]|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| +|[]|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| +|[]|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| +|[]|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| +|[]|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| +|[]|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.||![](https://img.shields.io/github/stars/sharkdp/bat)| +|[]|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| +|[]|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| +|[]|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| +|[]|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| +|[]|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| +|[]|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| +|[]|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| +|[]|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| +|[]|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| +|[]|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r ||![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| +|[]|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| +|[]|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| +|[]|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| + +### Bookmarklets +| Type | Name | Description | Badges | Popularity | +| --- | --- | --- | --- | --- | + +### Browser Addons +| Type | Name | Description | Badges | Popularity | +| --- | --- | --- | --- | --- | +|[]|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](./images/chrome.png)![](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| +|[]|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| +|[]|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](./images/chrome.png)![](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| +|[]|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![](./images/safari.png)|x| +|[]|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![](./images/chrome.png)|x| +|[]|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| +|[]|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![](./images/chrome.png)![](./images/firefox.png)|x| +|[]|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![](./images/safari.png)|x| +|[]|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![](./images/chrome.png)![](./images/firefox.png)|x| +|[]|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](./images/chrome.png)![](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| +|[]|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| +|[]|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| +|[]|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| + +### Burpsuite and ZAP Addons +| Type | Name | Description | Badges | Popularity | +| --- | --- | --- | --- | --- | +|[]|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)|||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| +|[]|[param-miner](https://github.com/PortSwigger/param-miner)|||![](https://img.shields.io/github/stars/PortSwigger/param-miner)| +|[]|[HUNT](https://github.com/bugcrowd/HUNT)|||![](https://img.shields.io/github/stars/bugcrowd/HUNT)| +|[]|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅||![](https://img.shields.io/github/stars/bit4woo/knife)| +|[]|[Autorize](https://github.com/Quitten/Autorize)|||![](https://img.shields.io/github/stars/Quitten/Autorize)| +|[]|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| +|[]|[taborator](https://github.com/hackvertor/taborator)|||![](https://img.shields.io/github/stars/hackvertor/taborator)| +|[]|[BurpBounty](https://github.com/wagiro/BurpBounty)|||![](https://img.shields.io/github/stars/wagiro/BurpBounty)| +|[]|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)|||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| +|[]|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)|||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| +|[]|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)|||![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| +|[]|[safecopy](https://github.com/yashrs/safecopy)|||![](https://img.shields.io/github/stars/yashrs/safecopy)| +|[]|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!||![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| +|[]|[http-script-generator](https://github.com/h3xstream/http-script-generator)|||![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| +|[]|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)|||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| +|[]|[femida](https://github.com/wish-i-was/femida)|||![](https://img.shields.io/github/stars/wish-i-was/femida)| +|[]|[burp-exporter](https://github.com/artssec/burp-exporter)|||![](https://img.shields.io/github/stars/artssec/burp-exporter)| +|[]|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)|||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| +|[]|[zap-hud](https://github.com/zaproxy/zap-hud)|||![](https://img.shields.io/github/stars/zaproxy/zap-hud)| +|[]|[Stepper](https://github.com/CoreyD97/Stepper)|||![](https://img.shields.io/github/stars/CoreyD97/Stepper)| +|[]|[inql](https://github.com/doyensec/inql)|||![](https://img.shields.io/github/stars/doyensec/inql)| +|[]|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)|||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| +|[]|[burp-send-to](https://github.com/bytebutcher/burp-send-to)|||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| +|[]|[csp-auditor](https://github.com/GoSecure/csp-auditor)|||![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| +|[]|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)|||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| +|[]|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)|||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| +|[]|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)|||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| +|[]|[reflect](https://github.com/TypeError/reflect)|||![](https://img.shields.io/github/stars/TypeError/reflect)| +|[]|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)|||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| +|[]|[burp-piper](https://github.com/silentsignal/burp-piper)|||![](https://img.shields.io/github/stars/silentsignal/burp-piper)| +|[]|[community-scripts](https://github.com/zaproxy/community-scripts)|||![](https://img.shields.io/github/stars/zaproxy/community-scripts)| +|[]|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)|||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| +|[]|[auto-repeater](https://github.com/PortSwigger/auto-repeater)|||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 -![](/CONTRIBUTORS.svg) +![](/images/CONTRIBUTORS.svg) + diff --git a/scripts/erb.rb b/scripts/erb.rb index ff9ab40..ca603fd 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -108,4 +108,5 @@ Dir.entries("./weapons/").each do | name | end markdown = ERB.new(template, trim_mode: "%<>") -puts markdown.result \ No newline at end of file +#puts markdown.result +File.write './README.md', markdown.result \ No newline at end of file From c55bd3079f5be66f7e7cbe8b8c44c7b17015db81 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:15:58 +0900 Subject: [PATCH 18/42] y --- README.md | 278 ++++++++++++++++++++++++------------------------- scripts/erb.rb | 12 +-- 2 files changed, 145 insertions(+), 145 deletions(-) diff --git a/README.md b/README.md index 6b448b7..ecd002f 100644 --- a/README.md +++ b/README.md @@ -27,155 +27,155 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Tools | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| +|[]|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| |[]|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| |[]|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| -|[]|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| -|[]|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| -|[]|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| +|[]|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| +|[]|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| +|[]|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| |[]|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| |[]|[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| -|[]|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| +|[]|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| |[]|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| -|[]|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| +|[]|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| |[]|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| |[]|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| -|[]|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| +|[]|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| |[]|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets||![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| |[]|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)||x| -|[]|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| -|[]|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| -|[]|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| -|[]|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| +|[]|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| +|[]|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| +|[]|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| +|[]|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| |[]|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| -|[]|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| +|[]|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| |[]|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| -|[]|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| +|[]|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| |[]|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| -|[]|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| +|[]|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| |[]|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| |[]|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| -|[]|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| +|[]|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| +|[]|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| |[]|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| -|[]|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| +|[]|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| |[]|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| -|[]|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| +|[]|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| |[]|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| -|[]|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| -|[]|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| +|[]|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| +|[]|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| |[]|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| -|[]|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| -|[]|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| +|[]|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| +|[]|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| |[]|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| |[]|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| -|[]|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| -|[]|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| -|[]|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| +|[]|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| +|[]|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| +|[]|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| |[]|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| -|[]|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| +|[]|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| |[]|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| |[]|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| -|[]|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| -|[]|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| +|[]|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| +|[]|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| |[]|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| |[]|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| -|[]|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| -|[]|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| -|[]|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| -|[]|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| +|[]|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| +|[]|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| +|[]|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| +|[]|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| +|[]|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| |[]|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| -|[]|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| -|[]|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| -|[]|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| +|[]|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| +|[]|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| +|[]|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| |[]|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| -|[]|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| -|[]|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| -|[]|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| -|[]|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| +|[]|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| +|[]|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| +|[]|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| +|[]|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| |[]|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| |[]|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| |[]|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| -|[]|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| +|[]|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| |[]|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| -|[]|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| -|[]|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| -|[]|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| +|[]|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| +|[]|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| +|[]|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| |[]|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| |[]|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| |[]|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| |[]|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| |[]|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| |[]|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| -|[]|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| -|[]|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| +|[]|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| +|[]|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| |[]|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| -|[]|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| +|[]|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| |[]|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| -|[]|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| -|[]|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| +|[]|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| +|[]|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| |[]|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| |[]|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| -|[]|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| +|[]|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| |[]|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| -|[]|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| -|[]|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| +|[]|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| +|[]|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| |[]|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| -|[]|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| +|[]|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| |[]|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| |[]|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).||![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| |[]|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| -|[]|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| +|[]|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| |[]|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| -|[]|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| -|[]|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| -|[]|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| -|[]|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| +|[]|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| +|[]|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| +|[]|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| +|[]|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| |[]|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| -|[]|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| -|[]|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| -|[]|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| -|[]|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| -|[]|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| +|[]|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| +|[]|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| +|[]|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| +|[]|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| +|[]|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| |[]|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| -|[]|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| -|[]|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| +|[]|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| +|[]|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| |[]|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| |[]|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| |[]|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| -|[]|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| -|[]|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| -|[]|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| +|[]|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| +|[]|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| +|[]|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| |[]|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| -|[]|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| +|[]|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| |[]|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| -|[]|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| +|[]|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| |[]|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| -|[]|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| -|[]|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| +|[]|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| +|[]|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| |[]|[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| |[]|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| |[]|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| |[]|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| |[]|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| -|[]|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| +|[]|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| |[]|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.||![](https://img.shields.io/github/stars/lc/230-OOB)| -|[]|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| +|[]|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| |[]|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| -|[]|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| -|[]|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| -|[]|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| -|[]|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| -|[]|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| -|[]|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| +|[]|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| +|[]|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| +|[]|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| +|[]|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| +|[]|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| +|[]|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| |[]|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| |[]|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners||![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| -|[]|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| -|[]|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](./images/linux.png)![](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| +|[]|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| +|[]|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| |[]|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| |[]|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)||![](https://img.shields.io/github/stars/marcoagner/boast)| -|[]|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| +|[]|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| |[]|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| |[]|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...||![](https://img.shields.io/github/stars/edoardottt/cariddi)| |[]|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| @@ -183,98 +183,98 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun |[]|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| |[]|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| |[]|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| -|[]|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| -|[]|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| +|[]|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| +|[]|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| |[]|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| |[]|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| |[]|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| |[]|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools ||![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| -|[]|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| +|[]|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| |[]|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| |[]|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| |[]|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| |[]|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| -|[]|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| -|[]|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| +|[]|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| +|[]|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| |[]|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| -|[]|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| +|[]|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| |[]|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| |[]|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| |[]|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| |[]|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| -|[]|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| -|[]|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| -|[]|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](./images/apple.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| +|[]|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| +|[]|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| +|[]|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![macos](./images/apple.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| |[]|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| -|[]|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| +|[]|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| |[]|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.||![](https://img.shields.io/github/stars/commixproject/commix)| -|[]|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| -|[]|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| +|[]|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| +|[]|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| |[]|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| -|[]|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| -|[]|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| -|[]|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| +|[]|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| +|[]|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| +|[]|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| |[]|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| -|[]|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| -|[]|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| -|[]|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| +|[]|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| +|[]|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| +|[]|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| |[]|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.||![](https://img.shields.io/github/stars/1N3/BruteX)| -|[]|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| -|[]|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| +|[]|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| +|[]|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| |[]|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| -|[]|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| +|[]|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| |[]|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| |[]|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| |[]|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| -|[]|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| +|[]|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| |[]|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| |[]|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| |[]|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| |[]|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| |[]|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| -|[]|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| +|[]|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| |[]|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems||![](https://img.shields.io/github/stars/visma-prodsec/confused)| -|[]|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| +|[]|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| |[]|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| |[]|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| |[]|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| -|[]|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| -|[]|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| -|[]|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| +|[]|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| +|[]|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| +|[]|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| |[]|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project||x| |[]|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| -|[]|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| +|[]|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| |[]|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| -|[]|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| -|[]|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| -|[]|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| +|[]|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| +|[]|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| +|[]|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| |[]|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| -|[]|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| +|[]|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| |[]|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| |[]|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.||![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| |[]|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.||![](https://img.shields.io/github/stars/eslam3kl/3klCon)| |[]|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| |[]|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| -|[]|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| +|[]|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| |[]|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| -|[]|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| -|[]|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| -|[]|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| +|[]|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| +|[]|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| +|[]|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| |[]|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| |[]|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.||![](https://img.shields.io/github/stars/sharkdp/bat)| |[]|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| -|[]|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| -|[]|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| +|[]|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| +|[]|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| |[]|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| |[]|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| -|[]|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| +|[]|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| |[]|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| -|[]|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| +|[]|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| |[]|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| |[]|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r ||![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| -|[]|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| -|[]|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| -|[]|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](./images/linux.png)![](./images/apple.png)![](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| +|[]|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| +|[]|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| +|[]|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| ### Bookmarklets | Type | Name | Description | Badges | Popularity | @@ -283,19 +283,19 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Browser Addons | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](./images/chrome.png)![](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| -|[]|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| -|[]|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](./images/chrome.png)![](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| -|[]|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![](./images/safari.png)|x| -|[]|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![](./images/chrome.png)|x| -|[]|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| -|[]|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![](./images/chrome.png)![](./images/firefox.png)|x| -|[]|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![](./images/safari.png)|x| -|[]|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![](./images/chrome.png)![](./images/firefox.png)|x| -|[]|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](./images/chrome.png)![](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| -|[]|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| -|[]|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| -|[]|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| +|[]|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| +|[]|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| +|[]|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| +|[]|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![safari](./images/safari.png)|x| +|[]|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![chrome](./images/chrome.png)|x| +|[]|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| +|[]|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| +|[]|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![safari](./images/safari.png)|x| +|[]|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| +|[]|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| +|[]|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| +|[]|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| +|[]|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| ### Burpsuite and ZAP Addons | Type | Name | Description | Badges | Popularity | diff --git a/scripts/erb.rb b/scripts/erb.rb index ca603fd..1b95c1b 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -6,17 +6,17 @@ def generate_badge array array.each { |t| case t when 'linux' - badge = badge + "![](./images/linux.png)" + badge = badge + "![linux](./images/linux.png)" when 'windows' - badge = badge + "![](./images/windows.png)" + badge = badge + "![windows](./images/windows.png)" when 'macos' - badge = badge + "![](./images/apple.png)" + badge = badge + "![macos](./images/apple.png)" when 'firefox' - badge = badge + "![](./images/firefox.png)" + badge = badge + "![firefox](./images/firefox.png)" when 'safari' - badge = badge + "![](./images/safari.png)" + badge = badge + "![safari](./images/safari.png)" when 'chrome' - badge = badge + "![](./images/chrome.png)" + badge = badge + "![chrome](./images/chrome.png)" end } From 25c2778870b8a0119c7f6688f72a3c0929591984 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:19:22 +0900 Subject: [PATCH 19/42] y --- images/linux.png | Bin 1270 -> 991 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/images/linux.png b/images/linux.png index c87fb606c00bdd6f4da0d00e72635b060ad358dc..f25b65a1dfc1a03ad1d904d4d0518f2a9052a50f 100644 GIT binary patch delta 876 zcmV-y1C#vr3Eu~hfPVu?Nkl--Gy4W}@^E5+eIh_8<`o zQu-1^f;|XRbkFSG zb;g;|oQJ*leCIpgx%ZyE=Q6PR$6u`3Q+vET=hP-wat6Zyi+^-gh3H&B_|^K*ce9~+ zI~m5t!N2Z2+@F`_a@+U~@YrNvu&|=5h=8U<+KTk-ii24t!O<%5f5kBtxfp}7 zdM%tg^gw;}?z+aa?hZY+p828TZATSVT^tzsJxJpc2{8Lw;@_qv82=$a<`yT7H;wxW zG7k8rg2Q7I{(o_F(i-r%MH5>GTxgvEk9Sc+SY-*kExUAH^K?Ug8?HjqYJdebQ;Y}| zM^scCFylAX(-1&4F#*4xf}#rR;NZh#$RN1Vh->mJ{?AuBt!xKbN@cMNKDF$C!n`zi z{w8QeGhnFA;w3VmHbzPk3m>NhnEE5Zuup(KZy1KhVt+NU2?5k*=HFH+^oH6I+dTnj ze&jc~MIj7Bw{syi*>s&WF5Y-{E%Di)VkwRa&g2v*J^jU$m;$J6otiSpc%6bm!1uZv;?Z~9iK|=BmeK%=-djbI1@ACzv*c_RGsTD?et9cA(U7a z_HTSFu%BxVmH|f)clFM@`g;#PcThaB0}AMO5*B1ol;v}! z9A&%l#HE3g>;0w#ai{j^=WchoLrbgoedPNl1K$0WPxg|j>Cv)F5YGerndN|{Qqm|AwFY8~Hk58DqOECoR2Nyh z?a~+B=UmU3-JQww(vxw0~}Hcs<2ZTq38Wrm?yb z4ETc6fB)(E=2ZLL?&F`p}UROYgbNr`A?WG?MB>nS#dRuY*7S{_fUo zn3`Hh)HN7eHtycO`q-&6gexa1i=ZEh-v>E!B@+FTALZ7OhWhCXT|IicIFMEQ4xKy$z=FFDZMLPA4SV)zGO=sV3W zFy+F?-scb&8Y@OfjKNqMLnSEZj`QwW!^)#t%87SycuOT(TU$|CS&9Dseq8=#5b}i( zp2-7D2}|O14Q(pQ;XP3!;0=8kxawn-9o?rtMOVEGkAEvyke;3nq@+Tj2u8dxM8a5% z$+l)tDRQ+$7n}4W7unI4 zRoa94^SHgR9(PPH!@mD3m}D}!(XT2di-a*5+qC*1p0B#>pL`RW*^H^cC+hsnXk*V=5lrY2xb!cpC zGze>IY9K2iU|$)@BIT4AiF*2D$KQa!jIY~av*sfsBf}u(q*kn}0OqEFtIH*aqR~M1>9FNn9bHa@)PJgPO_!i-CIP{!2x~!DbL&JSr{peq+ z6HmY|b63<0G@9DOx!sfK_~;;l!Jx+02ugcT>%Pcz)}yiYgqU&vC3DNwGnp<3+(qa3 z2H4W((Y$U1)m2q+I-PN9ITM|*nCDbpc3Sc(7vF#WnZyUp@$Em{CN!-t#wt`PxkW?o#VV7)xlSY;x^pbfMj9Wyh?$wW$f|YCP8MOj zar13F|KK7X3AvCWBKdE+UXCy4*TQvk9Did~v>q;fvYs{PVK}=SZI3qLM&{E|Cqkjs z=Pf%RHn&*r=WNCmFnS*d5|JquQ5<$-!n`JeNbmemWK+H7eDY(cbb*#Vub{8%45`Az zFCI%1*T|xyg??LpGZmMFO_ARggaUqP`kqVlb+)6o?c-#?F^GQw X48FW8+RkLA00000NkvXXu0mjftR6kG From c8b08f8a732e3a4fa0766476a94d1e9d42045315 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:21:57 +0900 Subject: [PATCH 20/42] y --- images/linux.png | Bin 991 -> 1270 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/images/linux.png b/images/linux.png index f25b65a1dfc1a03ad1d904d4d0518f2a9052a50f..c87fb606c00bdd6f4da0d00e72635b060ad358dc 100644 GIT binary patch delta 1157 zcmV;01bX}52lfe&fPVyFNklN|{Qqm|AwFY8~Hk58DqOECoR2Nyh z?a~+B=UmU3-JQww(vxw0~}Hcs<2ZTq38Wrm?yb z4ETc6fB)(E=2ZLL?&F`p}UROYgbNr`A?WG?MB>nS#dRuY*7S{_fUo zn3`Hh)HN7eHtycO`q-&6gexa1i=ZEh-v>E!B@+FTALZ7OhWhCXT|IicIFMEQ4xKy$z=FFDZMLPA4SV)zGO=sV3W zFy+F?-scb&8Y@OfjKNqMLnSEZj`QwW!^)#t%87SycuOT(TU$|CS&9Dseq8=#5b}i( zp2-7D2}|O14Q(pQ;XP3!;0=8kxawn-9o?rtMOVEGkAEvyke;3nq@+Tj2u8dxM8a5% z$+l)tDRQ+$7n}4W7unI4 zRoa94^SHgR9(PPH!@mD3m}D}!(XT2di-a*5+qC*1p0B#>pL`RW*^H^cC+hsnXk*V=5lrY2xb!cpC zGze>IY9K2iU|$)@BIT4AiF*2D$KQa!jIY~av*sfsBf}u(q*kn}0OqEFtIH*aqR~M1>9FNn9bHa@)PJgPO_!i-CIP{!2x~!DbL&JSr{peq+ z6HmY|b63<0G@9DOx!sfK_~;;l!Jx+02ugcT>%Pcz)}yiYgqU&vC3DNwGnp<3+(qa3 z2H4W((Y$U1)m2q+I-PN9ITM|*nCDbpc3Sc(7vF#WnZyUp@$Em{CN!-t#wt`PxkW?o#VV7)xlSY;x^pbfMj9Wyh?$wW$f|YCP8MOj zar13F|KK7X3AvCWBKdE+UXCy4*TQvk9Did~v>q;fvYs{PVK}=SZI3qLM&{E|Cqkjs z=Pf%RHn&*r=WNCmFnS*d5|JquQ5<$-!n`JeNbmemWK+H7eDY(cbb*#Vub{8%45`Az zFCI%1*T|xyg??LpGZmMFO_ARggaUqP`kqVlb+)6o?c-#?F^GQw X48FW8+RkLA00000NkvXXu0mjftR6kG delta 876 zcmV-y1C#vr3Eu~hfPVu?Nkl--Gy4W}@^E5+eIh_8<`o zQu-1^f;|XRbkFSG zb;g;|oQJ*leCIpgx%ZyE=Q6PR$6u`3Q+vET=hP-wat6Zyi+^-gh3H&B_|^K*ce9~+ zI~m5t!N2Z2+@F`_a@+U~@YrNvu&|=5h=8U<+KTk-ii24t!O<%5f5kBtxfp}7 zdM%tg^gw;}?z+aa?hZY+p828TZATSVT^tzsJxJpc2{8Lw;@_qv82=$a<`yT7H;wxW zG7k8rg2Q7I{(o_F(i-r%MH5>GTxgvEk9Sc+SY-*kExUAH^K?Ug8?HjqYJdebQ;Y}| zM^scCFylAX(-1&4F#*4xf}#rR;NZh#$RN1Vh->mJ{?AuBt!xKbN@cMNKDF$C!n`zi z{w8QeGhnFA;w3VmHbzPk3m>NhnEE5Zuup(KZy1KhVt+NU2?5k*=HFH+^oH6I+dTnj ze&jc~MIj7Bw{syi*>s&WF5Y-{E%Di)VkwRa&g2v*J^jU$m;$J6otiSpc%6bm!1uZv;?Z~9iK|=BmeK%=-djbI1@ACzv*c_RGsTD?et9cA(U7a z_HTSFu%BxVmH|f)clFM@`g;#PcThaB0}AMO5*B1ol;v}! z9A&%l#HE3g>;0w#ai{j^=WchoLrbgoedPNl1K$0WPxg|j>Cv)F5YGernd Date: Wed, 17 Aug 2022 23:27:51 +0900 Subject: [PATCH 21/42] Add burp/zap --- README.md | 66 ++++++++++++++++++++++++------------------------ images/burp.png | Bin 0 -> 947 bytes images/zap.png | Bin 0 -> 1405 bytes scripts/erb.rb | 4 +++ 4 files changed, 37 insertions(+), 33 deletions(-) create mode 100644 images/burp.png create mode 100644 images/zap.png diff --git a/README.md b/README.md index ecd002f..b6c1a73 100644 --- a/README.md +++ b/README.md @@ -300,39 +300,39 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Burpsuite and ZAP Addons | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)|||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| -|[]|[param-miner](https://github.com/PortSwigger/param-miner)|||![](https://img.shields.io/github/stars/PortSwigger/param-miner)| -|[]|[HUNT](https://github.com/bugcrowd/HUNT)|||![](https://img.shields.io/github/stars/bugcrowd/HUNT)| -|[]|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅||![](https://img.shields.io/github/stars/bit4woo/knife)| -|[]|[Autorize](https://github.com/Quitten/Autorize)|||![](https://img.shields.io/github/stars/Quitten/Autorize)| -|[]|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)|||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| -|[]|[taborator](https://github.com/hackvertor/taborator)|||![](https://img.shields.io/github/stars/hackvertor/taborator)| -|[]|[BurpBounty](https://github.com/wagiro/BurpBounty)|||![](https://img.shields.io/github/stars/wagiro/BurpBounty)| -|[]|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)|||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| -|[]|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)|||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| -|[]|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)|||![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| -|[]|[safecopy](https://github.com/yashrs/safecopy)|||![](https://img.shields.io/github/stars/yashrs/safecopy)| -|[]|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!||![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| -|[]|[http-script-generator](https://github.com/h3xstream/http-script-generator)|||![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| -|[]|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)|||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| -|[]|[femida](https://github.com/wish-i-was/femida)|||![](https://img.shields.io/github/stars/wish-i-was/femida)| -|[]|[burp-exporter](https://github.com/artssec/burp-exporter)|||![](https://img.shields.io/github/stars/artssec/burp-exporter)| -|[]|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)|||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| -|[]|[zap-hud](https://github.com/zaproxy/zap-hud)|||![](https://img.shields.io/github/stars/zaproxy/zap-hud)| -|[]|[Stepper](https://github.com/CoreyD97/Stepper)|||![](https://img.shields.io/github/stars/CoreyD97/Stepper)| -|[]|[inql](https://github.com/doyensec/inql)|||![](https://img.shields.io/github/stars/doyensec/inql)| -|[]|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)|||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| -|[]|[burp-send-to](https://github.com/bytebutcher/burp-send-to)|||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| -|[]|[csp-auditor](https://github.com/GoSecure/csp-auditor)|||![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| -|[]|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)|||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| -|[]|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)|||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| -|[]|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)|||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| -|[]|[reflect](https://github.com/TypeError/reflect)|||![](https://img.shields.io/github/stars/TypeError/reflect)| -|[]|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)|||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| -|[]|[burp-piper](https://github.com/silentsignal/burp-piper)|||![](https://img.shields.io/github/stars/silentsignal/burp-piper)| -|[]|[community-scripts](https://github.com/zaproxy/community-scripts)|||![](https://img.shields.io/github/stars/zaproxy/community-scripts)| -|[]|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)|||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| -|[]|[auto-repeater](https://github.com/PortSwigger/auto-repeater)|||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| +|[]|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| +|[]|[param-miner](https://github.com/PortSwigger/param-miner)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/param-miner)| +|[]|[HUNT](https://github.com/bugcrowd/HUNT)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/bugcrowd/HUNT)| +|[]|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bit4woo/knife)| +|[]|[Autorize](https://github.com/Quitten/Autorize)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/Quitten/Autorize)| +|[]|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| +|[]|[taborator](https://github.com/hackvertor/taborator)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/hackvertor/taborator)| +|[]|[BurpBounty](https://github.com/wagiro/BurpBounty)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wagiro/BurpBounty)| +|[]|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| +|[]|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| +|[]|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| +|[]|[safecopy](https://github.com/yashrs/safecopy)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/yashrs/safecopy)| +|[]|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| +|[]|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| +|[]|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| +|[]|[femida](https://github.com/wish-i-was/femida)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wish-i-was/femida)| +|[]|[burp-exporter](https://github.com/artssec/burp-exporter)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/artssec/burp-exporter)| +|[]|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| +|[]|[zap-hud](https://github.com/zaproxy/zap-hud)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/zap-hud)| +|[]|[Stepper](https://github.com/CoreyD97/Stepper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/Stepper)| +|[]|[inql](https://github.com/doyensec/inql)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/doyensec/inql)| +|[]|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| +|[]|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| +|[]|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| +|[]|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| +|[]|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| +|[]|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| +|[]|[reflect](https://github.com/TypeError/reflect)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/TypeError/reflect)| +|[]|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| +|[]|[burp-piper](https://github.com/silentsignal/burp-piper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/silentsignal/burp-piper)| +|[]|[community-scripts](https://github.com/zaproxy/community-scripts)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/community-scripts)| +|[]|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| +|[]|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 diff --git a/images/burp.png b/images/burp.png new file mode 100644 index 0000000000000000000000000000000000000000..08d256bdc23a644f73dcffbcbf181a133e065d14 GIT binary patch literal 947 zcmV;k15EshP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET69Z5t%R7eeDWWW#Dd^|l1?46wQ zd3kvyBO@Xh`PLUQ{O1w<_v*vf=M#6Ho6x@I_(Y%)zi}DEh(m(4rmE_Yth~GhvV25% zI0MK623}EQVTLnzUmQ0rUt|vy#IT47MJ149Y+&F$bLPxn=!T=KL*|<(OIZG2Q}!#^ zT+Itv9K=Skz{|sP6k^lh%JzWMfV?zdp1xXAH zeBuy6B1urh1C_Ee`+9p8si|wYq3g4^vt`g%k!4_5U4)S=(beMO|Nis;BV%uO*ApH- zeraSyuFlR3ipt8s5d6Wwzz9zV5G6ZGW@ZN#*k)V0jBmlM;RC{ZbFfJ z`SI&BMqn~6@$n1jMv)f=9D1{x!rg^icd*g95SPB%GV8a)u;Wa#@djrTU zaP0;UxTnuv+-Caw`-_@}CPujgvzV2Yg~31>SgJfc2ebg@d6+DOu3CDqbk?3r3t^(5 z(i9FhZQt4Z^7XUpNvSzo;esSEKrUZ<^42zFEf@vP$upO?rKhK}J%40r_AD0ZXKRuigWjE!%+2mi73XEdbx0 V>naxrf8+oF002ovPDHLkV1lByh_L_w literal 0 HcmV?d00001 diff --git a/images/zap.png b/images/zap.png new file mode 100644 index 0000000000000000000000000000000000000000..4269509a967d8f2378c179d820e3bb30c6f53d36 GIT binary patch literal 1405 zcmV-@1%mpCP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR917@z|H1ONa40RR917ytkO0OB=utpET7=Sf6CR7eelRc%a_Wf;ERFV5kk z0~`?ssK~eRVbrkVhnp)2Sw;GTXwi@wKcv~LiL5Zv@q-`M58JdX7Xv{)nh51a{b5uS zhHC~c5oFGQaMGzD^q>dM`_X;B?>R^O0PnNwJkR@lT-W`4-1h@K-kzf&*9qqzKlI@d z(!)(=i%9=_2|pJU6zmxo7>JyhnAmXT`ZN%q6NQNN8v#+r;`}^~F$gP~@IX&EeSam( za!GA%Eoy3NK=r_o(9lq5JC6Z&2Moi2&hX4n>4V?w#>C)Hfq}~^et{fnYmbSENpEg$ zMt*+&vLW}XlarH3OwWR&tc3(D*EK_js%ua^3pe$ieVLe_pSw4M)=3}Nwr$%sG(A0? zJ~K13A~{b=NJzlP)gNH-{FhK95sD}xNR(ig6xf5Gh?RGpoJC9qpIN|Iz?+?&jrjQZ zK;vqay1F_<-5!Db-xO>tLXgc;rf(T?;o(6_5 zj_^n%R(3e6`yY}KwgcW%U*wcs;&oP~vj;dIL>xXvAd zowkV)M36-R5|xUi$l~^oTA9Z$0AYLeC&9bhQ2y?I`Y(j2sF1%jviXw`lV03g8!(YEegybfB?JGs93j|_=kXg9T5{Qd` z*5BdCug1S=Ww6_WK@q&7NJ>fyP8|OnqaFK+3_j1f1W1DRo)8+9ZV80OCUG+x{|B$z zjI_!wyzp`{%FD~S`H@ypQGpk?q+;emn|YW#m&q+A{t#`JfFQZ=XD}epolY(O45wOJ zk(QQrfA_MluC6ZJ`u!|)IzLWIe)xtMmVj&g3g;H?<{w>W6B9okLEGtOaC|(<>g(&t zNxCs>Ghv9bkKE5gY^wK`e>EY>+uttOr64mh`Cf<6X4(u5e{>$eh6n-u{rzw{oe$|G zB_%<6W)I}JY~0ax+|?-PG)lCzBF~NCv(^fLJDTcs>y)@SL#hNXIiiwRsU=4tZh0Tk zaS13ZD}zoX%kApbtC;xiAQnAtiex~exy->y&=~5d^9w*9>Nud%WSzsE25|T@774O5 z0Z&z)!7npWP?R7vG&BS>_{xrrjbXB>oSd@eGr6XD7vUPe6cE7W?@y?j*Q0W$Nlwe8 z(z6VXjF*tL_Z;?r+KR}?NQ{h(m_o_P$vAQBDCW99G*{rI^sNniQOuqGGq5~zrerFw z)nB%WiW%aE|fEssBy3o=jEM`cIbQT5ktUY$yCis3)u@ zz};jHhf~aW{SXrK-V|+N6bO{X$P8Uw(&zrXXk0o|i>Y5%OuzpFY5(qns6Mz100000 LNkvXXu0mjfCb5y+ literal 0 HcmV?d00001 diff --git a/scripts/erb.rb b/scripts/erb.rb index 1b95c1b..8cabed8 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -17,6 +17,10 @@ def generate_badge array badge = badge + "![safari](./images/safari.png)" when 'chrome' badge = badge + "![chrome](./images/chrome.png)" + when 'burpsuite' + badge = badge + "![burp](./images/burp.png)" + when 'zap' + badge = badge + "![zap](./images/zap.png)" end } From b561a4a9b52a9d8362e21585d43f2eaf47b33153 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:30:21 +0900 Subject: [PATCH 22/42] Update contents --- README.md | 10 +++++----- scripts/erb.rb | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index b6c1a73..f63d1ff 100644 --- a/README.md +++ b/README.md @@ -16,11 +16,11 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ## Table of Contents - [Weapons](#weapons) - - Tools - - [Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) - - [Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) - - [Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) -- [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md) + - [Tools](#tools) + - [Bookmarklets](#bookmarklets) + - [Browser Addons](#browser-addons) + - [Burp and ZAP Addons](#burpsuite-and-zap-addons) +- [Contribute](CONTRIBUTING.md) - [Thanks to contributor](#thanks-to-contributor) ## Weapons diff --git a/scripts/erb.rb b/scripts/erb.rb index 8cabed8..f6af8a1 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -45,11 +45,11 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ## Table of Contents - [Weapons](#weapons) - - Tools - - [Bookmarklets](https://github.com/hahwul/WebHackersWeapons/tree/master/Bookmarklets) - - [Browser Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Browser%20Extensions) - - [Burp and ZAP Extensions](https://github.com/hahwul/WebHackersWeapons/tree/master/Burp%20and%20ZAP%20Extensions) -- [Contribute](https://github.com/hahwul/WebHackersWeapons/blob/master/CONTRIBUTING.md) + - [Tools](#tools) + - [Bookmarklets](#bookmarklets) + - [Browser Addons](#browser-addons) + - [Burp and ZAP Addons](#burpsuite-and-zap-addons) +- [Contribute](CONTRIBUTING.md) - [Thanks to contributor](#thanks-to-contributor) ## Weapons From 682637da2e061221f2712455312d7465e8e81352 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:33:50 +0900 Subject: [PATCH 23/42] Update erb code --- scripts/erb.rb | 54 ++++++++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/scripts/erb.rb b/scripts/erb.rb index f6af8a1..b7e9565 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -79,35 +79,37 @@ browser_addons = head + "\n" tool_addons = head + "\n" Dir.entries("./weapons/").each do | name | - begin - data = YAML.load(File.open("./weapons/#{name}")) - name = data['name'] - popularity = "x" + if name != '.' && name != '..' + begin + data = YAML.load(File.open("./weapons/#{name}")) + name = data['name'] + popularity = "x" - if data['url'].length > 0 - name = "[#{name}](#{data['url']})" - end + if data['url'].length > 0 + name = "[#{name}](#{data['url']})" + end - if data['url'].include? "github.com" - split_result = data['url'].split "//github.com/" - popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" + if data['url'].include? "github.com" + split_result = data['url'].split "//github.com/" + popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" + end + badge = generate_badge(data['platform']) + line = "|#{data['types']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" + case data['category'] + when 'tool' + tools = tools + line + "\n" + when 'tool-addon' + tool_addons = tool_addons + line + "\n" + when 'browser-addon' + browser_addons = browser_addons + line + "\n" + when 'bookmarklet' + bookmarklets = bookmarklets + line + "\n" + else + puts name + end + rescue => e + puts e end - badge = generate_badge(data['platform']) - line = "|#{data['types']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" - case data['category'] - when 'tool' - tools = tools + line + "\n" - when 'tool-addon' - tool_addons = tool_addons + line + "\n" - when 'browser-addon' - browser_addons = browser_addons + line + "\n" - when 'bookmarklet' - bookmarklets = bookmarklets + line + "\n" - else - puts name - end - rescue => e - puts e end end From b0cf398988baadbf7caa1c40aff454b3978d2e20 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:34:13 +0900 Subject: [PATCH 24/42] Removed --- Bookmarklets/README.md | 13 -- Bookmarklets/data.json | 3 - Bookmarklets/template/foot.md | 2 - Bookmarklets/template/head.md | 9 -- Bookmarklets/type.lst | 1 - Browser Extensions/README.md | 70 ---------- Browser Extensions/data.json | 210 ---------------------------- Browser Extensions/template/foot.md | 46 ------ Browser Extensions/template/head.md | 9 -- Browser Extensions/type.lst | 5 - 10 files changed, 368 deletions(-) delete mode 100644 Bookmarklets/README.md delete mode 100644 Bookmarklets/data.json delete mode 100644 Bookmarklets/template/foot.md delete mode 100644 Bookmarklets/template/head.md delete mode 100644 Bookmarklets/type.lst delete mode 100644 Browser Extensions/README.md delete mode 100644 Browser Extensions/data.json delete mode 100644 Browser Extensions/template/foot.md delete mode 100644 Browser Extensions/template/head.md delete mode 100644 Browser Extensions/type.lst diff --git a/Bookmarklets/README.md b/Bookmarklets/README.md deleted file mode 100644 index 16f9b11..0000000 --- a/Bookmarklets/README.md +++ /dev/null @@ -1,13 +0,0 @@ -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-This is Cool Bookmarklets collection - -## Table of Contents -- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons) -- [Bookmarklets](#bookmarklets) -- [Contribute](#contribute-and-contributor) - -## Bookmarklets -| Type | Name | Description | Popularity | Language | -| ---------- | :---------- | :----------: | :----------: | :----------: | -## Contribute and Contributor -Add readme diff --git a/Bookmarklets/data.json b/Bookmarklets/data.json deleted file mode 100644 index 0db3279..0000000 --- a/Bookmarklets/data.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - -} diff --git a/Bookmarklets/template/foot.md b/Bookmarklets/template/foot.md deleted file mode 100644 index be723a8..0000000 --- a/Bookmarklets/template/foot.md +++ /dev/null @@ -1,2 +0,0 @@ -## Contribute and Contributor -Add readme diff --git a/Bookmarklets/template/head.md b/Bookmarklets/template/head.md deleted file mode 100644 index 99af160..0000000 --- a/Bookmarklets/template/head.md +++ /dev/null @@ -1,9 +0,0 @@ -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-This is Cool Bookmarklets collection - -## Table of Contents -- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons) -- [Bookmarklets](#bookmarklets) -- [Contribute](#contribute-and-contributor) - -## Bookmarklets diff --git a/Bookmarklets/type.lst b/Bookmarklets/type.lst deleted file mode 100644 index 39cdd0d..0000000 --- a/Bookmarklets/type.lst +++ /dev/null @@ -1 +0,0 @@ -- diff --git a/Browser Extensions/README.md b/Browser Extensions/README.md deleted file mode 100644 index 7ce7db7..0000000 --- a/Browser Extensions/README.md +++ /dev/null @@ -1,70 +0,0 @@ -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-This is Cool Extensions collection of Browser Extensions - -## Table of Contents -- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons) -- [Browser Extensions](#extensions) -- [Contribute](#contribute-and-contributor) - -## Extensions -| Type | Name | Description | Popularity | Language | -| ---------- | :---------- | :----------: | :----------: | :----------: | -| Chrome/Cookie | [Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie) | EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies | ![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie) | ![](https://img.shields.io/github/languages/top/ETCExtensions/Edit-This-Cookie) | -| Chrome/UA | [User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae) | quick and easy way to switch between user-agents.|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -| Chrome/postMessage | [postMessage-tracker](https://github.com/fransr/postMessage-tracker) | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon | ![](https://img.shields.io/github/stars/fransr/postMessage-tracker) | ![](https://img.shields.io/github/languages/top/fransr/postMessage-tracker) | -| Firefox and Chrome/DarkMode | [Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh) | Dark mode to any site|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -| Firefox and Chrome/Exposed | [DotGit](https://github.com/davtur19/DotGit) | An extension for checking if .git is exposed in visited websites | ![](https://img.shields.io/github/stars/davtur19/DotGit) | ![](https://img.shields.io/github/languages/top/davtur19/DotGit) | -| Firefox and Chrome/JWT | [jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io) | JWT En/Decode and Verify | ![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io) | ![](https://img.shields.io/github/languages/top/jsonwebtoken/jsonwebtoken.github.io) | -| Firefox and Chrome/Proxy | [MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/) | Proxy Switch in Firefox and Chrome|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -| Firefox and Chrome/Tools | [Hack-Tools](https://github.com/LasCC/Hack-Tools) | The all-in-one Red Team extension for Web Pentester 🛠 | ![](https://img.shields.io/github/stars/LasCC/Hack-Tools) | ![](https://img.shields.io/github/languages/top/LasCC/Hack-Tools) | -| Firefox/Cache | [clear-cache](https://github.com/TenSoja/clear-cache) | Add-on to clear browser cache with a single click or via the F9 key. | ![](https://img.shields.io/github/stars/TenSoja/clear-cache) | ![](https://img.shields.io/github/languages/top/TenSoja/clear-cache) | -| Firefox/Cookie | [cookie-quick-manager](https://github.com/ysard/cookie-quick-manager) | An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox. | ![](https://img.shields.io/github/stars/ysard/cookie-quick-manager) | ![](https://img.shields.io/github/languages/top/ysard/cookie-quick-manager) | -| Firefox/DomXSS | [eval_villain](https://github.com/swoops/eval_villain) | A Firefox Web Extension to improve the discovery of DOM XSS. | ![](https://img.shields.io/github/stars/swoops/eval_villain) | ![](https://img.shields.io/github/languages/top/swoops/eval_villain) | -| Safari/DarkMode | [Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180) | Dark mode to any site|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -| Safari/HISTORY | [Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422) | History of website|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) -## Contribute and Contributor -### Usage of add-tool -``` -./add-tool -Usage of ./add-tool: - -isFirst - if you add new type, it use - -url string - any url -``` - -### Three Procedures for the Contribute -- First, your tool append `data.json` using `add-tool -``` -$ ./add-tool -url https://github.com/sqlmapproject/sqlmap -Successfully Opened type.lst -[0] Army-Knife -[1] Discovery -[2] Fetch -[3] Scanner -[4] Utility -[+] What is type? -3 -Scanner -[+] What is method(e.g XSS, WVS, SSL, ETC..)? -SQL -Successfully Opened data.json - -``` -- Second, Give me PR or Add issue with data.json
-- Third, There's no third. - -### Add Burp Suite or ZAP Extensions -in `WebHackersWeapons/Burp and ZAP Extensions` directory -``` -$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus -``` - -### Distribute to Burp Suite or ZAP Extensions -``` -$ ../distribute-readme -=> show new README file in Burp Suite or ZAP Extensions -``` - -### Add/Distribute common tools -https://github.com/hahwul/WebHackersWeapons#contribute-and-contributor diff --git a/Browser Extensions/data.json b/Browser Extensions/data.json deleted file mode 100644 index af0c640..0000000 --- a/Browser Extensions/data.json +++ /dev/null @@ -1,210 +0,0 @@ -{ - "Dark Reader": { - "Data": "| Firefox and Chrome/DarkMode | [Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh) | Dark mode to any site|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "Dark mode to any site", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DarkMode", - "Type": "Firefox and Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Dark Reader for Safari": { - "Data": "| Safari/DarkMode | [Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180) | Dark mode to any site|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "Dark mode to any site", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DarkMode", - "Type": "Safari", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "DotGit": { - "Data": "| Firefox and Chrome/Exposed | [DotGit](https://github.com/davtur19/DotGit) | An extension for checking if .git is exposed in visited websites | ![](https://img.shields.io/github/stars/davtur19/DotGit) | ![](https://img.shields.io/github/languages/top/davtur19/DotGit) |", - "Description": "An extension for checking if .git is exposed in visited websites", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Exposed", - "Type": "Firefox and Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Edit-This-Cookie": { - "Data": "| Chrome/Cookie | [Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie) | EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies | ![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie) | ![](https://img.shields.io/github/languages/top/ETCExtensions/Edit-This-Cookie) |", - "Description": "EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Cookie", - "Type": "Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Hack-Tools": { - "Data": "| Firefox and Chrome/Tools | [Hack-Tools](https://github.com/LasCC/Hack-Tools) | The all-in-one Red Team extension for Web Pentester 🛠 | ![](https://img.shields.io/github/stars/LasCC/Hack-Tools) | ![](https://img.shields.io/github/languages/top/LasCC/Hack-Tools) |", - "Description": "The all-in-one Red Team extension for Web Pentester 🛠", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Tools", - "Type": "Firefox and Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "MM3 ProxySwitch": { - "Data": "| Firefox and Chrome/Proxy | [MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/) | Proxy Switch in Firefox and Chrome|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "Proxy Switch in Firefox and Chrome", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Proxy", - "Type": "Firefox and Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "User-Agent Switcher": { - "Data": "| Chrome/UA | [User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae) | quick and easy way to switch between user-agents.|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "quick and easy way to switch between user-agents.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "UA", - "Type": "Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Wayback Machine": { - "Data": "| Safari/HISTORY | [Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422) | History of website|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "History of website", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HISTORY", - "Type": "Safari", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "clear-cache": { - "Data": "| Firefox/Cache | [clear-cache](https://github.com/TenSoja/clear-cache) | Add-on to clear browser cache with a single click or via the F9 key. | ![](https://img.shields.io/github/stars/TenSoja/clear-cache) | ![](https://img.shields.io/github/languages/top/TenSoja/clear-cache) |", - "Description": "Add-on to clear browser cache with a single click or via the F9 key.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Cache", - "Type": "Firefox", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "cookie-quick-manager": { - "Data": "| Firefox/Cookie | [cookie-quick-manager](https://github.com/ysard/cookie-quick-manager) | An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox. | ![](https://img.shields.io/github/stars/ysard/cookie-quick-manager) | ![](https://img.shields.io/github/languages/top/ysard/cookie-quick-manager) |", - "Description": "An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Cookie", - "Type": "Firefox", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "eval_villain": { - "Data": "| Firefox/DomXSS | [eval_villain](https://github.com/swoops/eval_villain) | A Firefox Web Extension to improve the discovery of DOM XSS. | ![](https://img.shields.io/github/stars/swoops/eval_villain) | ![](https://img.shields.io/github/languages/top/swoops/eval_villain) |", - "Description": "A Firefox Web Extension to improve the discovery of DOM XSS.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DomXSS", - "Type": "Firefox", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "jsonwebtoken.github.io": { - "Type": "Firefox and Chrome", - "Data": "| Firefox and Chrome/JWT | [jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io) | JWT En/Decode and Verify | ![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io) | ![](https://img.shields.io/github/languages/top/jsonwebtoken/jsonwebtoken.github.io) |", - "Method": "JWT", - "Description": "JWT En/Decode and Verify", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "postMessage-tracker": { - "Data": "| Chrome/postMessage | [postMessage-tracker](https://github.com/fransr/postMessage-tracker) | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon | ![](https://img.shields.io/github/stars/fransr/postMessage-tracker) | ![](https://img.shields.io/github/languages/top/fransr/postMessage-tracker) |", - "Description": "A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "postMessage", - "Type": "Chrome", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - } -} \ No newline at end of file diff --git a/Browser Extensions/template/foot.md b/Browser Extensions/template/foot.md deleted file mode 100644 index 9d20f98..0000000 --- a/Browser Extensions/template/foot.md +++ /dev/null @@ -1,46 +0,0 @@ -## Contribute and Contributor -### Usage of add-tool -``` -./add-tool -Usage of ./add-tool: - -isFirst - if you add new type, it use - -url string - any url -``` - -### Three Procedures for the Contribute -- First, your tool append `data.json` using `add-tool -``` -$ ./add-tool -url https://github.com/sqlmapproject/sqlmap -Successfully Opened type.lst -[0] Army-Knife -[1] Discovery -[2] Fetch -[3] Scanner -[4] Utility -[+] What is type? -3 -Scanner -[+] What is method(e.g XSS, WVS, SSL, ETC..)? -SQL -Successfully Opened data.json - -``` -- Second, Give me PR or Add issue with data.json
-- Third, There's no third. - -### Add Burp Suite or ZAP Extensions -in `WebHackersWeapons/Burp and ZAP Extensions` directory -``` -$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus -``` - -### Distribute to Burp Suite or ZAP Extensions -``` -$ ../distribute-readme -=> show new README file in Burp Suite or ZAP Extensions -``` - -### Add/Distribute common tools -https://github.com/hahwul/WebHackersWeapons#contribute-and-contributor diff --git a/Browser Extensions/template/head.md b/Browser Extensions/template/head.md deleted file mode 100644 index db52724..0000000 --- a/Browser Extensions/template/head.md +++ /dev/null @@ -1,9 +0,0 @@ -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-This is Cool Extensions collection of Browser Extensions - -## Table of Contents -- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons) -- [Browser Extensions](#extensions) -- [Contribute](#contribute-and-contributor) - -## Extensions diff --git a/Browser Extensions/type.lst b/Browser Extensions/type.lst deleted file mode 100644 index 96d8ad3..0000000 --- a/Browser Extensions/type.lst +++ /dev/null @@ -1,5 +0,0 @@ -Firefox and Chrome -Firefox -Chrome -Safari -Edge From 36f1e45eb5641bd231bbad9aa2651291a7686a75 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:34:19 +0900 Subject: [PATCH 25/42] Removed --- Burp and ZAP Extensions/README.md | 90 ----------- Burp and ZAP Extensions/data.json | 189 ----------------------- Burp and ZAP Extensions/template/foot.md | 46 ------ Burp and ZAP Extensions/template/head.md | 9 -- Burp and ZAP Extensions/type.lst | 3 - 5 files changed, 337 deletions(-) delete mode 100644 Burp and ZAP Extensions/README.md delete mode 100644 Burp and ZAP Extensions/data.json delete mode 100644 Burp and ZAP Extensions/template/foot.md delete mode 100644 Burp and ZAP Extensions/template/head.md delete mode 100644 Burp and ZAP Extensions/type.lst diff --git a/Burp and ZAP Extensions/README.md b/Burp and ZAP Extensions/README.md deleted file mode 100644 index 1a183dd..0000000 --- a/Burp and ZAP Extensions/README.md +++ /dev/null @@ -1,90 +0,0 @@ -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-This is Cool Extensions collection of Burp suite and ZAP - -## Table of Contents -- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons) -- [Cool Extensions](#cool-extensions) -- [Contribute](#contribute-and-contributor) - -## Cool Extensions -| Type | Name | Description | Popularity | Language | -| ---------- | :---------- | :----------: | :----------: | :----------: | -| All/CODE | [http-script-generator](https://github.com/h3xstream/http-script-generator) | ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks) | ![](https://img.shields.io/github/stars/h3xstream/http-script-generator) | ![](https://img.shields.io/github/languages/top/h3xstream/http-script-generator) | -| All/PASV | [HUNT](https://github.com/bugcrowd/HUNT) | Data Driven web hacking Manual testing | ![](https://img.shields.io/github/stars/bugcrowd/HUNT) | ![](https://img.shields.io/github/languages/top/bugcrowd/HUNT) | -| All/PASV | [burp-retire-js](https://github.com/h3xstream/burp-retire-js) | Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries. | ![](https://img.shields.io/github/stars/h3xstream/burp-retire-js) | ![](https://img.shields.io/github/languages/top/h3xstream/burp-retire-js) | -| All/PASV | [csp-auditor](https://github.com/GoSecure/csp-auditor) | Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website | ![](https://img.shields.io/github/stars/GoSecure/csp-auditor) | ![](https://img.shields.io/github/languages/top/GoSecure/csp-auditor) | -| Burp/ACTIVE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | Testing HTTP Request Smuggling and Desync Attack | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) | -| Burp/ACTIVE | [param-miner](https://github.com/PortSwigger/param-miner) | Parameter mining on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/param-miner) | ![](https://img.shields.io/github/languages/top/PortSwigger/param-miner) | -| Burp/ACTIVE | [turbo-intruder](https://github.com/PortSwigger/turbo-intruder) | Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. | ![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder) | ![](https://img.shields.io/github/languages/top/PortSwigger/turbo-intruder) | -| Burp/AUTH | [AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix) | AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services. | ![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix) | ![](https://img.shields.io/github/languages/top/SecurityInnovation/AuthMatrix) | -| Burp/BYPASS | [BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) | A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteHTTPSmuggler) | -| Burp/CALLBACK | [taborator](https://github.com/hackvertor/taborator) | A Burp extension to show the Collaborator client in a tab | ![](https://img.shields.io/github/stars/hackvertor/taborator) | ![](https://img.shields.io/github/languages/top/hackvertor/taborator) | -| Burp/CODE | [burp-exporter](https://github.com/artssec/burp-exporter) | Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. | ![](https://img.shields.io/github/stars/artssec/burp-exporter) | ![](https://img.shields.io/github/languages/top/artssec/burp-exporter) | -| Burp/EXPORT | [burp-send-to](https://github.com/bytebutcher/burp-send-to) | Adds a customizable "Send to..."-context-menu to your BurpSuite. | ![](https://img.shields.io/github/stars/bytebutcher/burp-send-to) | ![](https://img.shields.io/github/languages/top/bytebutcher/burp-send-to) | -| Burp/GQL | [inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing | ![](https://img.shields.io/github/stars/doyensec/inql) | ![](https://img.shields.io/github/languages/top/doyensec/inql) | -| Burp/HISTORY | [BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus) | Burp Suite Logger++ | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteLoggerPlusPlus) | -| Burp/PASV | [Autorize](https://github.com/Quitten/Autorize) | Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests | ![](https://img.shields.io/github/stars/Quitten/Autorize) | ![](https://img.shields.io/github/languages/top/Quitten/Autorize) | -| Burp/PASV | [BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder) | Burp Extension for a passive scanning JS files for endpoint links. | ![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder) | ![](https://img.shields.io/github/languages/top/InitRoot/BurpJSLinkFinder) | -| Burp/PASV | [BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder) | Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response. | ![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder) | ![](https://img.shields.io/github/languages/top/m4ll0k/BurpSuite-Secret_Finder) | -| Burp/PASV | [auto-repeater](https://github.com/PortSwigger/auto-repeater) | Automated HTTP Request Repeating With Burp Suite | ![](https://img.shields.io/github/stars/PortSwigger/auto-repeater) | ![](https://img.shields.io/github/languages/top/PortSwigger/auto-repeater) | -| Burp/PASV | [collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere) | A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator | ![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere) | ![](https://img.shields.io/github/languages/top/PortSwigger/collaborator-everywhere) | -| Burp/PASV | [femida](https://github.com/wish-i-was/femida) | Automated blind-xss search for Burp Suite | ![](https://img.shields.io/github/stars/wish-i-was/femida) | ![](https://img.shields.io/github/languages/top/wish-i-was/femida) | -| Burp/PASV | [reflected-parameters](https://github.com/PortSwigger/reflected-parameters) | Find reflected parameter on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters) | ![](https://img.shields.io/github/languages/top/PortSwigger/reflected-parameters) | -| Burp/PIPE | [burp-piper](https://github.com/silentsignal/burp-piper) | Piper Burp Suite Extender plugin | ![](https://img.shields.io/github/stars/silentsignal/burp-piper) | ![](https://img.shields.io/github/languages/top/silentsignal/burp-piper) | -| Burp/REPEAT | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) | -| Burp/REPEAT | [Stepper](https://github.com/CoreyD97/Stepper) | A natural evolution of Burp Suite's Repeater tool | ![](https://img.shields.io/github/stars/CoreyD97/Stepper) | ![](https://img.shields.io/github/languages/top/CoreyD97/Stepper) | -| Burp/SCAN | [BurpBounty](https://github.com/wagiro/BurpBounty) | Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface. | ![](https://img.shields.io/github/stars/wagiro/BurpBounty) | ![](https://img.shields.io/github/languages/top/wagiro/BurpBounty) | -| Burp/THEME | [BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer) | Because just a dark theme wasn't enough! | ![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer) | ![](https://img.shields.io/github/languages/top/CoreyD97/BurpCustomizer) | -| Burp/UTIL | [knife](https://github.com/bit4woo/knife) | A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 | ![](https://img.shields.io/github/stars/bit4woo/knife) | ![](https://img.shields.io/github/languages/top/bit4woo/knife) | -| Burp/UTIL | [safecopy](https://github.com/yashrs/safecopy) | Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be added in the future. | ![](https://img.shields.io/github/stars/yashrs/safecopy) | ![](https://img.shields.io/github/languages/top/yashrs/safecopy) | -| ZAP/INTERFACE | [zap-hud](https://github.com/zaproxy/zap-hud) | The OWASP ZAP Heads Up Display (HUD) | ![](https://img.shields.io/github/stars/zaproxy/zap-hud) | ![](https://img.shields.io/github/languages/top/zaproxy/zap-hud) | -| ZAP/JWT | [owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon) | OWASP ZAP addon for finding vulnerabilities in JWT Implementations | ![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon) | ![](https://img.shields.io/github/languages/top/SasanLabs/owasp-zap-jwt-addon) | -| ZAP/PASV | [attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap) | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | ![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap) | ![](https://img.shields.io/github/languages/top/secdec/attack-surface-detector-zap) | -| ZAP/PASV | [reflect](https://github.com/TypeError/reflect) | OWASP ZAP add-on to help find reflected parameter vulnerabilities | ![](https://img.shields.io/github/stars/TypeError/reflect) | ![](https://img.shields.io/github/languages/top/TypeError/reflect) | -| ZAP/SCRIPT | [community-scripts](https://github.com/zaproxy/community-scripts) | A collection of ZAP scripts provided by the community - pull requests very welcome! | ![](https://img.shields.io/github/stars/zaproxy/community-scripts) | ![](https://img.shields.io/github/languages/top/zaproxy/community-scripts) | -## Contribute and Contributor -### Usage of add-tool -``` -./add-tool -Usage of ./add-tool: - -isFirst - if you add new type, it use - -url string - any url -``` - -### Three Procedures for the Contribute -- First, your tool append `data.json` using `add-tool -``` -$ ./add-tool -url https://github.com/sqlmapproject/sqlmap -Successfully Opened type.lst -[0] Army-Knife -[1] Discovery -[2] Fetch -[3] Scanner -[4] Utility -[+] What is type? -3 -Scanner -[+] What is method(e.g XSS, WVS, SSL, ETC..)? -SQL -Successfully Opened data.json - -``` -- Second, Give me PR or Add issue with data.json
-- Third, There's no third. - -### Add Burp Suite or ZAP Extensions -in `WebHackersWeapons/Burp and ZAP Extensions` directory -``` -$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus -``` - -### Distribute to Burp Suite or ZAP Extensions -``` -$ ../distribute-readme -=> show new README file in Burp Suite or ZAP Extensions -``` - -### Add/Distribute common tools -https://github.com/hahwul/WebHackersWeapons#contribute-and-contributor diff --git a/Burp and ZAP Extensions/data.json b/Burp and ZAP Extensions/data.json deleted file mode 100644 index cd7eb60..0000000 --- a/Burp and ZAP Extensions/data.json +++ /dev/null @@ -1,189 +0,0 @@ -{ - "AuthMatrix": { - "Data": "| Burp/AUTH | [AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix) | AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services. | ![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix) | ![](https://img.shields.io/github/languages/top/SecurityInnovation/AuthMatrix) |", - "Method": "AUTH", - "Type": "Burp" - }, - "Autorize": { - "Data": "| Burp/PASV | [Autorize](https://github.com/Quitten/Autorize) | Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests | ![](https://img.shields.io/github/stars/Quitten/Autorize) | ![](https://img.shields.io/github/languages/top/Quitten/Autorize) |", - "Method": "PASV", - "Type": "Burp" - }, - "BurpBounty": { - "Data": "| Burp/SCAN | [BurpBounty](https://github.com/wagiro/BurpBounty) | Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface. | ![](https://img.shields.io/github/stars/wagiro/BurpBounty) | ![](https://img.shields.io/github/languages/top/wagiro/BurpBounty) |", - "Method": "SCAN", - "Type": "Burp" - }, - "BurpCustomizer": { - "Data": "| Burp/THEME | [BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer) | Because just a dark theme wasn't enough! | ![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer) | ![](https://img.shields.io/github/languages/top/CoreyD97/BurpCustomizer) |", - "Description": "Because just a dark theme wasn't enough!", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "THEME", - "Type": "Burp", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "BurpJSLinkFinder": { - "Data": "| Burp/PASV | [BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder) | Burp Extension for a passive scanning JS files for endpoint links. | ![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder) | ![](https://img.shields.io/github/languages/top/InitRoot/BurpJSLinkFinder) |", - "Method": "PASV", - "Type": "Burp" - }, - "BurpSuite-Secret_Finder": { - "Data": "| Burp/PASV | [BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder) | Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response. | ![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder) | ![](https://img.shields.io/github/languages/top/m4ll0k/BurpSuite-Secret_Finder) |", - "Method": "PASV", - "Type": "Burp" - }, - "BurpSuiteHTTPSmuggler": { - "Data": "| Burp/BYPASS | [BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) | A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteHTTPSmuggler) |", - "Method": "BYPASS", - "Type": "Burp" - }, - "BurpSuiteLoggerPlusPlus": { - "Data": "| Burp/HISTORY | [BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus) | Burp Suite Logger++ | ![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus) | ![](https://img.shields.io/github/languages/top/nccgroup/BurpSuiteLoggerPlusPlus) |", - "Method": "HISTORY", - "Type": "Burp" - }, - "HUNT": { - "Data": "| All/PASV | [HUNT](https://github.com/bugcrowd/HUNT) | Data Driven web hacking Manual testing | ![](https://img.shields.io/github/stars/bugcrowd/HUNT) | ![](https://img.shields.io/github/languages/top/bugcrowd/HUNT) |", - "Method": "PASV", - "Type": "All" - }, - "IntruderPayloads": { - "Data": "| Burp/REPEAT | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) |", - "Method": "REPEAT", - "Type": "Burp" - }, - "Stepper": { - "Data": "| Burp/REPEAT | [Stepper](https://github.com/CoreyD97/Stepper) | A natural evolution of Burp Suite's Repeater tool | ![](https://img.shields.io/github/stars/CoreyD97/Stepper) | ![](https://img.shields.io/github/languages/top/CoreyD97/Stepper) |", - "Method": "REPEAT", - "Type": "Burp" - }, - "attack-surface-detector-zap": { - "Data": "| ZAP/PASV | [attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap) | The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters | ![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap) | ![](https://img.shields.io/github/languages/top/secdec/attack-surface-detector-zap) |", - "Method": "PASV", - "Type": "ZAP" - }, - "auto-repeater": { - "Data": "| Burp/PASV | [auto-repeater](https://github.com/PortSwigger/auto-repeater) | Automated HTTP Request Repeating With Burp Suite | ![](https://img.shields.io/github/stars/PortSwigger/auto-repeater) | ![](https://img.shields.io/github/languages/top/PortSwigger/auto-repeater) |", - "Method": "PASV", - "Type": "Burp" - }, - "burp-exporter": { - "Data": "| Burp/CODE | [burp-exporter](https://github.com/artssec/burp-exporter) | Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. | ![](https://img.shields.io/github/stars/artssec/burp-exporter) | ![](https://img.shields.io/github/languages/top/artssec/burp-exporter) |", - "Method": "CODE", - "Type": "Burp" - }, - "burp-piper": { - "Data": "| Burp/PIPE | [burp-piper](https://github.com/silentsignal/burp-piper) | Piper Burp Suite Extender plugin | ![](https://img.shields.io/github/stars/silentsignal/burp-piper) | ![](https://img.shields.io/github/languages/top/silentsignal/burp-piper) |", - "Method": "PIPE", - "Type": "Burp" - }, - "burp-retire-js": { - "Data": "| All/PASV | [burp-retire-js](https://github.com/h3xstream/burp-retire-js) | Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries. | ![](https://img.shields.io/github/stars/h3xstream/burp-retire-js) | ![](https://img.shields.io/github/languages/top/h3xstream/burp-retire-js) |", - "Method": "PASV", - "Type": "All" - }, - "burp-send-to": { - "Data": "| Burp/EXPORT | [burp-send-to](https://github.com/bytebutcher/burp-send-to) | Adds a customizable \"Send to...\"-context-menu to your BurpSuite. | ![](https://img.shields.io/github/stars/bytebutcher/burp-send-to) | ![](https://img.shields.io/github/languages/top/bytebutcher/burp-send-to) |", - "Method": "EXPORT", - "Type": "Burp" - }, - "collaborator-everywhere": { - "Data": "| Burp/PASV | [collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere) | A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator | ![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere) | ![](https://img.shields.io/github/languages/top/PortSwigger/collaborator-everywhere) |", - "Method": "PASV", - "Type": "Burp" - }, - "community-scripts": { - "Data": "| ZAP/SCRIPT | [community-scripts](https://github.com/zaproxy/community-scripts) | A collection of ZAP scripts provided by the community - pull requests very welcome! | ![](https://img.shields.io/github/stars/zaproxy/community-scripts) | ![](https://img.shields.io/github/languages/top/zaproxy/community-scripts) |", - "Method": "SCRIPT", - "Type": "ZAP" - }, - "csp-auditor": { - "Data": "| All/PASV | [csp-auditor](https://github.com/GoSecure/csp-auditor) | Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website | ![](https://img.shields.io/github/stars/GoSecure/csp-auditor) | ![](https://img.shields.io/github/languages/top/GoSecure/csp-auditor) |", - "Method": "PASV", - "Type": "All" - }, - "femida": { - "Data": "| Burp/PASV | [femida](https://github.com/wish-i-was/femida) | Automated blind-xss search for Burp Suite | ![](https://img.shields.io/github/stars/wish-i-was/femida) | ![](https://img.shields.io/github/languages/top/wish-i-was/femida) |", - "Method": "PASV", - "Type": "Burp" - }, - "http-request-smuggler": { - "Data": "| Burp/ACTIVE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | Testing HTTP Request Smuggling and Desync Attack | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) |", - "Method": "ACTIVE", - "Type": "Burp" - }, - "http-script-generator": { - "Data": "| All/CODE | [http-script-generator](https://github.com/h3xstream/http-script-generator) | ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks) | ![](https://img.shields.io/github/stars/h3xstream/http-script-generator) | ![](https://img.shields.io/github/languages/top/h3xstream/http-script-generator) |", - "Method": "CODE", - "Type": "All" - }, - "inql": { - "Data": "| Burp/GQL | [inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing | ![](https://img.shields.io/github/stars/doyensec/inql) | ![](https://img.shields.io/github/languages/top/doyensec/inql) |", - "Method": "GQL", - "Type": "Burp" - }, - "knife": { - "Type": "Burp", - "Data": "| Burp/UTIL | [knife](https://github.com/bit4woo/knife) | A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 | ![](https://img.shields.io/github/stars/bit4woo/knife) | ![](https://img.shields.io/github/languages/top/bit4woo/knife) |", - "Method": "UTIL", - "Description": "A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "owasp-zap-jwt-addon": { - "Data": "| ZAP/JWT | [owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon) | OWASP ZAP addon for finding vulnerabilities in JWT Implementations | ![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon) | ![](https://img.shields.io/github/languages/top/SasanLabs/owasp-zap-jwt-addon) |", - "Method": "JWT", - "Type": "ZAP" - }, - "param-miner": { - "Data": "| Burp/ACTIVE | [param-miner](https://github.com/PortSwigger/param-miner) | Parameter mining on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/param-miner) | ![](https://img.shields.io/github/languages/top/PortSwigger/param-miner) |", - "Method": "ACTIVE", - "Type": "Burp" - }, - "reflect": { - "Data": "| ZAP/PASV | [reflect](https://github.com/TypeError/reflect) | OWASP ZAP add-on to help find reflected parameter vulnerabilities | ![](https://img.shields.io/github/stars/TypeError/reflect) | ![](https://img.shields.io/github/languages/top/TypeError/reflect) |", - "Method": "PASV", - "Type": "ZAP" - }, - "reflected-parameters": { - "Data": "| Burp/PASV | [reflected-parameters](https://github.com/PortSwigger/reflected-parameters) | Find reflected parameter on Burpsuite | ![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters) | ![](https://img.shields.io/github/languages/top/PortSwigger/reflected-parameters) |", - "Method": "PASV", - "Type": "Burp" - }, - "safecopy": { - "Data": "| Burp/UTIL | [safecopy](https://github.com/yashrs/safecopy) | Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be added in the future. | ![](https://img.shields.io/github/stars/yashrs/safecopy) | ![](https://img.shields.io/github/languages/top/yashrs/safecopy) |", - "Method": "UTIL", - "Type": "Burp" - }, - "taborator": { - "Data": "| Burp/CALLBACK | [taborator](https://github.com/hackvertor/taborator) | A Burp extension to show the Collaborator client in a tab | ![](https://img.shields.io/github/stars/hackvertor/taborator) | ![](https://img.shields.io/github/languages/top/hackvertor/taborator) |", - "Method": "CALLBACK", - "Type": "Burp" - }, - "turbo-intruder": { - "Data": "| Burp/ACTIVE | [turbo-intruder](https://github.com/PortSwigger/turbo-intruder) | Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. | ![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder) | ![](https://img.shields.io/github/languages/top/PortSwigger/turbo-intruder) |", - "Method": "ACTIVE", - "Type": "Burp" - }, - "zap-hud": { - "Data": "| ZAP/INTERFACE | [zap-hud](https://github.com/zaproxy/zap-hud) | The OWASP ZAP Heads Up Display (HUD) | ![](https://img.shields.io/github/stars/zaproxy/zap-hud) | ![](https://img.shields.io/github/languages/top/zaproxy/zap-hud) |", - "Method": "INTERFACE", - "Type": "ZAP" - } -} \ No newline at end of file diff --git a/Burp and ZAP Extensions/template/foot.md b/Burp and ZAP Extensions/template/foot.md deleted file mode 100644 index 9d20f98..0000000 --- a/Burp and ZAP Extensions/template/foot.md +++ /dev/null @@ -1,46 +0,0 @@ -## Contribute and Contributor -### Usage of add-tool -``` -./add-tool -Usage of ./add-tool: - -isFirst - if you add new type, it use - -url string - any url -``` - -### Three Procedures for the Contribute -- First, your tool append `data.json` using `add-tool -``` -$ ./add-tool -url https://github.com/sqlmapproject/sqlmap -Successfully Opened type.lst -[0] Army-Knife -[1] Discovery -[2] Fetch -[3] Scanner -[4] Utility -[+] What is type? -3 -Scanner -[+] What is method(e.g XSS, WVS, SSL, ETC..)? -SQL -Successfully Opened data.json - -``` -- Second, Give me PR or Add issue with data.json
-- Third, There's no third. - -### Add Burp Suite or ZAP Extensions -in `WebHackersWeapons/Burp and ZAP Extensions` directory -``` -$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus -``` - -### Distribute to Burp Suite or ZAP Extensions -``` -$ ../distribute-readme -=> show new README file in Burp Suite or ZAP Extensions -``` - -### Add/Distribute common tools -https://github.com/hahwul/WebHackersWeapons#contribute-and-contributor diff --git a/Burp and ZAP Extensions/template/head.md b/Burp and ZAP Extensions/template/head.md deleted file mode 100644 index 38041a7..0000000 --- a/Burp and ZAP Extensions/template/head.md +++ /dev/null @@ -1,9 +0,0 @@ -A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-This is Cool Extensions collection of Burp suite and ZAP - -## Table of Contents -- [Web Hacker's Weapons Main](https://github.com/hahwul/WebHackersWeapons) -- [Cool Extensions](#cool-extensions) -- [Contribute](#contribute-and-contributor) - -## Cool Extensions diff --git a/Burp and ZAP Extensions/type.lst b/Burp and ZAP Extensions/type.lst deleted file mode 100644 index 8b8fbcb..0000000 --- a/Burp and ZAP Extensions/type.lst +++ /dev/null @@ -1,3 +0,0 @@ -All -Burp -ZAP From 67e55b95d6d9cb0e3de39e31f04f1beb65fd15ec Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:35:26 +0900 Subject: [PATCH 26/42] Remove data.json --- data.json | 4034 ----------------------------------------------------- 1 file changed, 4034 deletions(-) delete mode 100644 data.json diff --git a/data.json b/data.json deleted file mode 100644 index 5fdf16a..0000000 --- a/data.json +++ /dev/null @@ -1,4034 +0,0 @@ -{ - "230-OOB": { - "Data": "| Utility/PAYLOAD | [230-OOB](https://github.com/lc/230-OOB) | An Out-of-Band XXE server for retrieving file contents over FTP. | ![](https://img.shields.io/github/stars/lc/230-OOB) | ![](https://img.shields.io/github/languages/top/lc/230-OOB) |", - "Description": "An Out-of-Band XXE server for retrieving file contents over FTP.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "3klCon": { - "Data": "| Discovery/ALL | [3klCon](https://github.com/eslam3kl/3klCon) | Automation Recon tool which works with Large \u0026 Medium scopes. It performs more than 20 tasks and gets back all the results in separated files. | ![](https://img.shields.io/github/stars/eslam3kl/3klCon) | ![](https://img.shields.io/github/languages/top/eslam3kl/3klCon) |", - "Description": "Automation Recon tool which works with Large \u0026 Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "AWSBucketDump": { - "Data": "| Scanner/S3 | [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump) | Security Tool to Look For Interesting Files in S3 Buckets | ![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump) | ![](https://img.shields.io/github/languages/top/jordanpotti/AWSBucketDump) |", - "Description": "Security Tool to Look For Interesting Files in S3 Buckets", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "S3", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Amass": { - "Data": "| Discovery/DOMAIN | [Amass](https://github.com/OWASP/Amass) | In-depth Attack Surface Mapping and Asset Discovery | ![](https://img.shields.io/github/stars/OWASP/Amass) | ![](https://img.shields.io/github/languages/top/OWASP/Amass) |", - "Description": "In-depth Attack Surface Mapping and Asset Discovery ", - "Install": { - "Linux": "sudo snap install amass", - "MacOS": "brew tap caffix/amass; brew install amass", - "Windows": "" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "sudo snap refresh amass", - "MacOS": "brew upgrade amass", - "Windows": "" - } - }, - "Arjun": { - "Data": "| Discovery/HTTP | [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery suite. | ![](https://img.shields.io/github/stars/s0md3v/Arjun) | ![](https://img.shields.io/github/languages/top/s0md3v/Arjun) |", - "Description": "HTTP parameter discovery suite. ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/Arjun ; cd Arjun; pip3 install requests", - "MacOS": "git clone https://github.com/s0md3v/Arjun ; cd Arjun; pip3 install requests", - "Windows": "git clone https://github.com/s0md3v/Arjun ; cd Arjun; pip3 install requests" - }, - "Method": "HTTP", - "Type": "Discovery", - "Update": { - "Linux": "cd Arjun; git pull -v ", - "MacOS": "cd Arjun; git pull -v ", - "Windows": "cd Arjun; git pull -v " - } - }, - "Assetnote Wordlists": { - "Data": "| Utility/WORD | [wordlists](https://github.com/assetnote/wordlists) | Automated \u0026 Manual Wordlists provided by Assetnote | ![](https://img.shields.io/github/stars/assetnote/wordlists) | ![](https://img.shields.io/github/languages/top/assetnote/wordlists) |", - "Description": "Automated \u0026 Manual Wordlists provided by Assetnote", - "Install": { - "Linux": "git clone https://github.com/assetnote/wordlists", - "MacOS": "git clone https://github.com/assetnote/wordlists", - "Windows": "git clone https://github.com/assetnote/wordlists" - }, - "Method": "WORD", - "Type": "Utility", - "Update": { - "Linux": "cd wordlists ; git pull -v", - "MacOS": "cd wordlists ; git pull -v", - "Windows": "cd wordlists ; git pull -v" - } - }, - "Atlas": { - "Data": "| Utility/BRIDGE | [Atlas](https://github.com/m4ll0k/Atlas) | Quick SQLMap Tamper Suggester | ![](https://img.shields.io/github/stars/m4ll0k/Atlas) | ![](https://img.shields.io/github/languages/top/m4ll0k/Atlas) |", - "Description": "Quick SQLMap Tamper Suggester ", - "Install": { - "Linux": "git clone https://github.com/m4ll0k/Atlas ; cd Atlas; pip3 install pretty", - "MacOS": "git clone https://github.com/m4ll0k/Atlas ; cd Atlas; pip3 install pretty", - "Windows": "git clone https://github.com/m4ll0k/Atlas ; cd Atlas; pip3 install pretty" - }, - "Method": "BRIDGE", - "Type": "Utility", - "Update": { - "Linux": "cd Atlas; git pull -v", - "MacOS": "cd Atlas; git pull -v", - "Windows": "cd Atlas; git pull -v" - } - }, - "Blacklist3r": { - "Data": "| Utility/PAYLOAD | [Blacklist3r](https://github.com/NotSoSecure/Blacklist3r) | project-blacklist3r | ![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r) | ![](https://img.shields.io/github/languages/top/NotSoSecure/Blacklist3r) |", - "Description": "project-blacklist3r ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "BruteX": { - "Data": "| Scanner/FUZZ | [BruteX](https://github.com/1N3/BruteX) | Automatically brute force all services running on a target. | ![](https://img.shields.io/github/stars/1N3/BruteX) | ![](https://img.shields.io/github/languages/top/1N3/BruteX) |", - "Description": "Automatically brute force all services running on a target.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Bug-Bounty-Toolz": { - "Data": "| ToolBox/ALL | [Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz) | BBT - Bug Bounty Tools | ![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz) | ![](https://img.shields.io/github/languages/top/m4ll0k/Bug-Bounty-Toolz) |", - "Description": "BBT - Bug Bounty Tools ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ALL", - "Type": "ToolBox", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "BurpSuite": { - "Data": "| Army-Knife/PROXY | [BurpSuite](https://portswigger.net/burp) | the BurpSuite Project|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "the BurpSuite Project", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PROXY", - "Type": "Army-Knife", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "CSP Evaluator": { - "Data": "| Utility/CSP | [CSP Evaluator](https://csp-evaluator.withgoogle.com) | Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CSP", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "CT_subdomains": { - "Data": "| Utility/WORD | [CT_subdomains](https://github.com/internetwache/CT_subdomains) | An hourly updated list of subdomains gathered from certificate transparency logs | ![](https://img.shields.io/github/stars/internetwache/CT_subdomains) | ![](https://img.shields.io/github/languages/top/internetwache/CT_subdomains) |", - "Description": "An hourly updated list of subdomains gathered from certificate transparency logs ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WORD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Chaos Web": { - "Data": "| Discovery/DOMAIN | [Chaos Web](https://chaos.projectdiscovery.io) | actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)", - "Description": " actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Chromium-based-XSS-Taint-Tracking": { - "Data": "| Scanner/XSS | [Cyclops](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking) | Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink. | ![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking) | ![](https://img.shields.io/github/languages/top/v8blink/Chromium-based-XSS-Taint-Tracking) |", - "Description": "Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "CorsMe": { - "Data": "| Scanner/CORS | [CorsMe](https://github.com/Shivangx01b/CorsMe) | Cross Origin Resource Sharing MisConfiguration Scanner | ![](https://img.shields.io/github/stars/Shivangx01b/CorsMe) | ![](https://img.shields.io/github/languages/top/Shivangx01b/CorsMe) |", - "Description": "Cross Origin Resource Sharing MisConfiguration Scanner ", - "Install": { - "Linux": "go get -u -v github.com/shivangx01b/CorsMe", - "MacOS": "go get -u -v github.com/shivangx01b/CorsMe", - "Windows": "go get -u -v github.com/shivangx01b/CorsMe" - }, - "Method": "CORS", - "Type": "Scanner", - "Update": { - "Linux": "go get -u -v github.com/shivangx01b/CorsMe", - "MacOS": "go get -u -v github.com/shivangx01b/CorsMe", - "Windows": "go get -u -v github.com/shivangx01b/CorsMe" - } - }, - "Corsy": { - "Data": "| Scanner/CORS | [Corsy](https://github.com/s0md3v/Corsy) | CORS Misconfiguration Scanner | ![](https://img.shields.io/github/stars/s0md3v/Corsy) | ![](https://img.shields.io/github/languages/top/s0md3v/Corsy) |", - "Description": "CORS Misconfiguration Scanner ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/Corsy; cd Corsy ; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/s0md3v/Corsy; cd Corsy ; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/s0md3v/Corsy; cd Corsy ; pip3 install -r requirements.txt" - }, - "Method": "CORS", - "Type": "Scanner", - "Update": { - "Linux": "git pull -v ; pip install -r requirements.txt", - "MacOS": "git pull -v ; pip install -r requirements.txt", - "Windows": "git pull -v ; pip install -r requirements.txt" - } - }, - "CyberChef": { - "Data": "| ToolBox/ALL | [CyberChef](https://github.com/gchq/CyberChef) | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis | ![](https://img.shields.io/github/stars/gchq/CyberChef) | ![](https://img.shields.io/github/languages/top/gchq/CyberChef) |", - "Description": "The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ALL", - "Type": "ToolBox", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "DNSDumpster": { - "Data": "| Discovery/DNS | [DNSDumpster](https://dnsdumpster.com) | Online dns recon \u0026 research, find \u0026 lookup dns records|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " Online dns recon \u0026 research, find \u0026 lookup dns records|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "DOMPurify": { - "Data": "| Scanner/XSS | [DOMPurify](https://github.com/cure53/DOMPurify) | DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: | ![](https://img.shields.io/github/stars/cure53/DOMPurify) | ![](https://img.shields.io/github/languages/top/cure53/DOMPurify) |", - "Description": "DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "DSSS": { - "Data": "| Scanner/SQLi | [DSSS](https://github.com/stamparm/DSSS) | Damn Small SQLi Scanner | ![](https://img.shields.io/github/stars/stamparm/DSSS) | ![](https://img.shields.io/github/languages/top/stamparm/DSSS) |", - "Description": "Damn Small SQLi Scanner", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SQLi", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "DeepViolet": { - "Data": "| Scanner/SSL | [DeepViolet](https://github.com/spoofzu/DeepViolet) | Tool for introspection of SSL\\TLS sessions | ![](https://img.shields.io/github/stars/spoofzu/DeepViolet) | ![](https://img.shields.io/github/languages/top/spoofzu/DeepViolet) |", - "Description": "Tool for introspection of SSL\\TLS sessions", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SSL", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "DirDar": { - "Data": "| Discovery/FUZZ | [DirDar](https://github.com/M4DM0e/DirDar) | DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it | ![](https://img.shields.io/github/stars/M4DM0e/DirDar) | ![](https://img.shields.io/github/languages/top/M4DM0e/DirDar) |", - "Description": "DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Emissary": { - "Data": "| Utility/NOTIFY | [Emissary](https://github.com/BountyStrike/Emissary) | Send notifications on different channels such as Slack, Telegram, Discord etc. | ![](https://img.shields.io/github/stars/BountyStrike/Emissary) | ![](https://img.shields.io/github/languages/top/BountyStrike/Emissary) |", - "Description": "Send notifications on different channels such as Slack, Telegram, Discord etc.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "NOTIFY", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "FavFreak": { - "Data": "| Discovery/FAVICON | [FavFreak](https://github.com/devanshbatham/FavFreak) | Making Favicon.ico based Recon Great again ! | ![](https://img.shields.io/github/stars/devanshbatham/FavFreak) | ![](https://img.shields.io/github/languages/top/devanshbatham/FavFreak) |", - "Description": "Making Favicon.ico based Recon Great again ! ", - "Install": { - "Linux": "git clone https://github.com/devanshbatham/FavFreak ; cd FavFreak; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/devanshbatham/FavFreak ; cd FavFreak; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/devanshbatham/FavFreak ; cd FavFreak; pip3 install -r requirements.txt" - }, - "Method": "FAVICON", - "Type": "Discovery", - "Update": { - "Linux": "cd FavFreak; git pull -v ; pip install -r requirements.txt", - "MacOS": "cd FavFreak; git pull -v ; pip install -r requirements.txt", - "Windows": "cd FavFreak; git pull -v ; pip install -r requirements.txt" - } - }, - "Findsploit": { - "Data": "| Utility/PAYLOAD | [Findsploit](https://github.com/1N3/Findsploit) | Find exploits in local and online databases instantly | ![](https://img.shields.io/github/stars/1N3/Findsploit) | ![](https://img.shields.io/github/languages/top/1N3/Findsploit) |", - "Description": "Find exploits in local and online databases instantly", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Gf-Patterns": { - "Data": "| Utility/ENV | [Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns) | GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep | ![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns) | ![](https://img.shields.io/github/languages/top/1ndianl33t/Gf-Patterns) |", - "Description": "GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep ", - "Install": { - "Linux": "git clone https://github.com/1ndianl33t/Gf-Patterns", - "MacOS": "git clone https://github.com/1ndianl33t/Gf-Patterns", - "Windows": "git clone https://github.com/1ndianl33t/Gf-Patterns" - }, - "Method": "ENV", - "Type": "Utility", - "Update": { - "Linux": "cd Gf-Patterns; git pull -v", - "MacOS": "cd Gf-Patterns; git pull -v", - "Windows": "cd Gf-Patterns; git pull -v" - } - }, - "GitMiner": { - "Data": "| Discovery/GIT | [GitMiner](https://github.com/UnkL4b/GitMiner) | Tool for advanced mining for content on Github | ![](https://img.shields.io/github/stars/UnkL4b/GitMiner) | ![](https://img.shields.io/github/languages/top/UnkL4b/GitMiner) |", - "Description": "Tool for advanced mining for content on Github ", - "Install": { - "Linux": "git clone http://github.com/UnkL4b/GitMiner; cd GitMiner ; pip3 install -r requirements.txt", - "MacOS": "git clone http://github.com/UnkL4b/GitMiner; cd GitMiner ; pip3 install -r requirements.txt", - "Windows": "git clone http://github.com/UnkL4b/GitMiner; cd GitMiner ; pip3 install -r requirements.txt" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "cd GitMiner ; git pull -v ; pip install -r requirements.txt", - "MacOS": "cd GitMiner ; git pull -v ; pip install -r requirements.txt", - "Windows": "cd GitMiner ; git pull -v ; pip install -r requirements.txt" - } - }, - "Gopherus": { - "Data": "| Utility/PAYLOAD | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers | ![](https://img.shields.io/github/stars/tarunkant/Gopherus) | ![](https://img.shields.io/github/languages/top/tarunkant/Gopherus) |", - "Description": "This tool generates gopher link for exploiting SSRF and gaining RCE in various servers ", - "Install": { - "Linux": "git clone https://github.com/tarunkant/Gopherus ; cd Gopherus; ./install.sh", - "MacOS": "git clone https://github.com/tarunkant/Gopherus ; cd Gopherus; ./install.sh", - "Windows": "git clone https://github.com/tarunkant/Gopherus ; cd Gopherus; ./install.sh" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "cd Gopherus; git pull -v", - "MacOS": "cd Gopherus; git pull -v", - "Windows": "cd Gopherus; git pull -v" - } - }, - "GraphQLmap": { - "Data": "| Scanner/GQL | [GraphQLmap](https://github.com/swisskyrepo/GraphQLmap) | GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. | ![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap) | ![](https://img.shields.io/github/languages/top/swisskyrepo/GraphQLmap) |", - "Description": "GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. ", - "Install": { - "Linux": "git clone https://github.com/swisskyrepo/GraphQLmap ; cd GraphQLmap; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/swisskyrepo/GraphQLmap ; cd GraphQLmap; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/swisskyrepo/GraphQLmap ; cd GraphQLmap; pip3 install -r requirements.txt" - }, - "Method": "GQL", - "Type": "Scanner", - "Update": { - "Linux": "cd GraphQLmap; git pull -v ; pip install -r requirements.txt", - "MacOS": "cd GraphQLmap; git pull -v ; pip install -r requirements.txt", - "Windows": "cd GraphQLmap; git pull -v ; pip install -r requirements.txt" - } - }, - "HRS": { - "Data": "| Scanner/SMUGGLE | [HRS](https://github.com/SafeBreach-Labs/HRS) | HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. | ![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS) | ![](https://img.shields.io/github/languages/top/SafeBreach-Labs/HRS) |", - "Description": "HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "HydraRecon": { - "Data": "| Discovery/ALL | [HydraRecon](https://github.com/aufzayed/HydraRecon) | All In One, Fast, Easy Recon Tool | ![](https://img.shields.io/github/stars/aufzayed/HydraRecon) | ![](https://img.shields.io/github/languages/top/aufzayed/HydraRecon) |", - "Description": "All In One, Fast, Easy Recon Tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "IntruderPayloads": { - "Data": "| Utility/PAYLOAD | [IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | ![](https://img.shields.io/github/stars/1N3/IntruderPayloads) | ![](https://img.shields.io/github/languages/top/1N3/IntruderPayloads) |", - "Description": "A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "JSFScan.sh": { - "Data": "| Discovery/JS | [JSFScan.sh](https://github.com/KathanP19/JSFScan.sh) | Automation for javascript recon in bug bounty. | ![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh) | ![](https://img.shields.io/github/languages/top/KathanP19/JSFScan.sh) |", - "Description": "Automation for javascript recon in bug bounty. ", - "Install": { - "Linux": "git clone https://github.com/KathanP19/JSFScan.sh ; cd JSFScan.sh; chmod +x install.sh ; ./install.sh", - "MacOS": "git clone https://github.com/KathanP19/JSFScan.sh ; cd JSFScan.sh; chmod +x install.sh ; ./install.sh", - "Windows": "" - }, - "Method": "JS", - "Type": "Discovery", - "Update": { - "Linux": "cd JSFScan.sh; git pull -v", - "MacOS": "cd JSFScan.sh; git pull -v", - "Windows": "" - } - }, - "LFISuite": { - "Data": "| Scanner/LFI | [LFISuite](https://github.com/D35m0nd142/LFISuite) | Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner | ![](https://img.shields.io/github/stars/D35m0nd142/LFISuite) | ![](https://img.shields.io/github/languages/top/D35m0nd142/LFISuite) |", - "Description": "Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ", - "Install": { - "Linux": "git clone https://github.com/D35m0nd142/LFISuite", - "MacOS": "git clone https://github.com/D35m0nd142/LFISuite", - "Windows": "git clone https://github.com/D35m0nd142/LFISuite" - }, - "Method": "LFI", - "Type": "Scanner", - "Update": { - "Linux": "cd LFISuite; git pull -v", - "MacOS": "cd LFISuite; git pull -v", - "Windows": "cd LFISuite; git pull -v" - } - }, - "LinkFinder": { - "Data": "| Discovery/JS | [LinkFinder](https://github.com/GerbenJavado/LinkFinder) | A python script that finds endpoints in JavaScript files | ![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder) | ![](https://img.shields.io/github/languages/top/GerbenJavado/LinkFinder) |", - "Description": "A python script that finds endpoints in JavaScript files ", - "Install": { - "Linux": "git clone https://github.com/GerbenJavado/LinkFinder ; cd LinkFinder; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/GerbenJavado/LinkFinder ; cd LinkFinder; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/GerbenJavado/LinkFinder ; cd LinkFinder; pip3 install -r requirements.txt" - }, - "Method": "JS", - "Type": "Discovery", - "Update": { - "Linux": "cd LinkFinder; git pull -v ; pip3 install -r requirements.txt; python setup.py install", - "MacOS": "cd LinkFinder; git pull -v ; pip3 install -r requirements.txt; python setup.py install", - "Windows": "cd LinkFinder; git pull -v ; pip3 install -r requirements.txt; python setup.py install" - } - }, - "NoSQLMap": { - "Data": "| Scanner/NOSQL | [NoSQLMap](https://github.com/codingo/NoSQLMap) | Automated NoSQL database enumeration and web application exploitation tool. | ![](https://img.shields.io/github/stars/codingo/NoSQLMap) | ![](https://img.shields.io/github/languages/top/codingo/NoSQLMap) |", - "Description": "Automated NoSQL database enumeration and web application exploitation tool. ", - "Install": { - "Linux": "git clone https://github.com/codingo/NoSQLMap ; cd NoSQLMap; python setup.py install", - "MacOS": "git clone https://github.com/codingo/NoSQLMap ; cd NoSQLMap; python setup.py install", - "Windows": "git clone https://github.com/codingo/NoSQLMap ; cd NoSQLMap; python setup.py install" - }, - "Method": "NOSQL", - "Type": "Scanner", - "Update": { - "Linux": "cd NoSQLMap; git pull -v", - "MacOS": "cd NoSQLMap; git pull -v", - "Windows": "cd NoSQLMap; git pull -v" - } - }, - "OneForAll": { - "Data": "| Discovery/ALL | [OneForAll](https://github.com/shmilylty/OneForAll) | OneForAll是一款功能强大的子域收集工具 | ![](https://img.shields.io/github/stars/shmilylty/OneForAll) | ![](https://img.shields.io/github/languages/top/shmilylty/OneForAll) |", - "Description": "OneForAll是一款功能强大的子域收集工具 ", - "Install": { - "Linux": "git clone https://github.com/shmilylty/OneForAll ; cd OneForAll; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/shmilylty/OneForAll ; cd OneForAll; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/shmilylty/OneForAll ; cd OneForAll; pip3 install -r requirements.txt" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "cd OneForAll; git pull -v; pip3 install -r requirements.txt", - "MacOS": "cd OneForAll; git pull -v; pip3 install -r requirements.txt", - "Windows": "cd OneForAll; git pull -v; pip3 install -r requirements.txt" - } - }, - "OpenRedireX": { - "Data": "| Scanner/REDIRECT | [OpenRedireX](https://github.com/devanshbatham/OpenRedireX) | A Fuzzer for OpenRedirect issues | ![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX) | ![](https://img.shields.io/github/languages/top/devanshbatham/OpenRedireX) |", - "Description": "A Fuzzer for OpenRedirect issues", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "REDIRECT", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Osmedeus": { - "Data": "| Scanner/RECON | [Osmedeus](https://github.com/j3ssie/Osmedeus) | Fully automated offensive security framework for reconnaissance and vulnerability scanning | ![](https://img.shields.io/github/stars/j3ssie/Osmedeus) | ![](https://img.shields.io/github/languages/top/j3ssie/Osmedeus) |", - "Description": "Fully automated offensive security framework for reconnaissance and vulnerability scanning ", - "Install": { - "Linux": "git clone https://github.com/j3ssie/Osmedeus ; cd Osmedeus; pip3 install -r requirements.txt; ./install.sh", - "MacOS": "git clone https://github.com/j3ssie/Osmedeus ; cd Osmedeus; pip3 install -r requirements.txt; ./install.sh", - "Windows": "git clone https://github.com/j3ssie/Osmedeus ; cd Osmedeus; pip3 install -r requirements.txt; ./install.sh" - }, - "Method": "RECON", - "Type": "Scanner", - "Update": { - "Linux": "cd Osmedeus; git pull -v; pip3 install -r requirements.txt", - "MacOS": "cd Osmedeus; git pull -v; pip3 install -r requirements.txt", - "Windows": "cd Osmedeus; git pull -v; pip3 install -r requirements.txt" - } - }, - "PPScan": { - "Data": "| Scanner/FUZZ | [PPScan](https://github.com/msrkp/PPScan) | Client Side Prototype Pollution Scanner | ![](https://img.shields.io/github/stars/msrkp/PPScan) | ![](https://img.shields.io/github/languages/top/msrkp/PPScan) |", - "Description": "Client Side Prototype Pollution Scanner", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "ParamSpider": { - "Data": "| Discovery/PARAM | [ParamSpider](https://github.com/devanshbatham/ParamSpider) | Mining parameters from dark corners of Web Archives | ![](https://img.shields.io/github/stars/devanshbatham/ParamSpider) | ![](https://img.shields.io/github/languages/top/devanshbatham/ParamSpider) |", - "Description": "Mining parameters from dark corners of Web Archives ", - "Install": { - "Linux": "git clone https://github.com/devanshbatham/ParamSpider ; cd ParamSpider; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/devanshbatham/ParamSpider ; cd ParamSpider; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/devanshbatham/ParamSpider ; cd ParamSpider; pip3 install -r requirements.txt" - }, - "Method": "PARAM", - "Type": "Discovery", - "Update": { - "Linux": "cd ParamSpider; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd ParamSpider; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd ParamSpider; git pull -v ; pip3 install -r requirements.txt" - } - }, - "Parth": { - "Data": "| Discovery/PARAM | [Parth](https://github.com/s0md3v/Parth) | Heuristic Vulnerable Parameter Scanner | ![](https://img.shields.io/github/stars/s0md3v/Parth) | ![](https://img.shields.io/github/languages/top/s0md3v/Parth) |", - "Description": "Heuristic Vulnerable Parameter Scanner ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/Parth", - "MacOS": "git clone https://github.com/s0md3v/Parth", - "Windows": "git clone https://github.com/s0md3v/Parth" - }, - "Method": "PARAM", - "Type": "Discovery", - "Update": { - "Linux": "cd Parth; git pull -v", - "MacOS": "cd Parth; git pull -v", - "Windows": "cd Parth; git pull -v" - } - }, - "PayloadsAllTheThings": { - "Data": "| Utility/PAYLOAD | [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | ![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings) | ![](https://img.shields.io/github/languages/top/swisskyrepo/PayloadsAllTheThings) |", - "Description": "A list of useful payloads and bypass for Web Application Security and Pentest/CTF ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Phoenix": { - "Data": "| Utility/ETC | [Phoenix](https://www.hahwul.com/p/phoenix.html) | hahwul's online tools|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " hahwul's online tools|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ETC", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Photon": { - "Data": "| Discovery/URL | [Photon](https://github.com/s0md3v/Photon) | Incredibly fast crawler designed for OSINT. | ![](https://img.shields.io/github/stars/s0md3v/Photon) | ![](https://img.shields.io/github/languages/top/s0md3v/Photon) |", - "Description": "Incredibly fast crawler designed for OSINT. ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/Photon ; cd Photon; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/s0md3v/Photon ; cd Photon; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/s0md3v/Photon ; cd Photon; pip3 install -r requirements.txt" - }, - "Method": "CRAWL", - "Type": "Discovery", - "Update": { - "Linux": "cd Photon; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd Photon; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd Photon; git pull -v ; pip3 install -r requirements.txt" - } - }, - "PoC-in-GitHub": { - "Data": "| Utility/PAYLOAD | [PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) | 📡 PoC auto collect from GitHub. Be careful malware. | ![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub) | ![](https://img.shields.io/github/languages/top/nomi-sec/PoC-in-GitHub) |", - "Description": "📡 PoC auto collect from GitHub. Be careful malware.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "RustScan": { - "Data": "| Discovery/PORT | [RustScan](https://github.com/brandonskerritt/RustScan) | Faster Nmap Scanning with Rust | ![](https://img.shields.io/github/stars/brandonskerritt/RustScan) | ![](https://img.shields.io/github/languages/top/brandonskerritt/RustScan) |", - "Description": "Faster Nmap Scanning with Rust ", - "Install": { - "Linux": "cargo install rustsca", - "MacOS": "brew install rustscan", - "Windows": "cargo install rustsca" - }, - "Method": "PORT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "brew upgrade rustscan", - "Windows": "" - } - }, - "S3Scanner": { - "Data": "| Scanner/S3 | [S3Scanner](https://github.com/sa7mon/S3Scanner) | Scan for open AWS S3 buckets and dump the contents | ![](https://img.shields.io/github/stars/sa7mon/S3Scanner) | ![](https://img.shields.io/github/languages/top/sa7mon/S3Scanner) |", - "Description": "Scan for open AWS S3 buckets and dump the contents ", - "Install": { - "Linux": "git clone https://github.com/sa7mon/S3Scanner ; cd S3Scanner; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/sa7mon/S3Scanner ; cd S3Scanner; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/sa7mon/S3Scanner ; cd S3Scanner; pip3 install -r requirements.txt" - }, - "Method": "S3", - "Type": "Scanner", - "Update": { - "Linux": "cd S3Scanner; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd S3Scanner; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd S3Scanner; git pull -v ; pip3 install -r requirements.txt" - } - }, - "SQL Ninja": { - "Data": "| Scanner/SQLi | [SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)|![](https://img.shields.io/static/v1?label=\u0026message=it's%20not%20github\u0026color=gray)", - "Description": "SQL Injection scanner", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SQLi", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "SQLNinja": { - "Data": "| Scanner/SQL | [SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja) | SQL Injection scanner|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " SQL Injection scanner|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SQL", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "SSRFmap": { - "Data": "| Scanner/SSRF | [SSRFmap](https://github.com/swisskyrepo/SSRFmap) | Automatic SSRF fuzzer and exploitation tool | ![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap) | ![](https://img.shields.io/github/languages/top/swisskyrepo/SSRFmap) |", - "Description": "Automatic SSRF fuzzer and exploitation tool ", - "Install": { - "Linux": "git clone https://github.com/swisskyrepo/SSRFmap ; cd SSRFmap; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/swisskyrepo/SSRFmap ; cd SSRFmap; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/swisskyrepo/SSRFmap ; cd SSRFmap; pip3 install -r requirements.txt" - }, - "Method": "SSRF", - "Type": "Scanner", - "Update": { - "Linux": "cd SSRFmap; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd SSRFmap; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd SSRFmap; git pull -v ; pip3 install -r requirements.txt" - } - }, - "STEWS": { - "Data": "| Discovery/WEBSOCK | [STEWS](https://github.com/PalindromeLabs/STEWS) | A Security Tool for Enumerating WebSockets | ![](https://img.shields.io/github/stars/PalindromeLabs/STEWS) | ![](https://img.shields.io/github/languages/top/PalindromeLabs/STEWS) |", - "Description": "A Security Tool for Enumerating WebSockets", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WEBSOCK", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "SecLists": { - "Data": "| Utility/WORD | [SecLists](https://github.com/danielmiessler/SecLists) | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | ![](https://img.shields.io/github/stars/danielmiessler/SecLists) | ![](https://img.shields.io/github/languages/top/danielmiessler/SecLists) |", - "Description": "SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. ", - "Install": { - "Linux": "git clone https://github.com/danielmiessler/SecLists", - "MacOS": "git clone https://github.com/danielmiessler/SecLists", - "Windows": "git clone https://github.com/danielmiessler/SecLists" - }, - "Method": "WORD", - "Type": "Utility", - "Update": { - "Linux": "cd SecLists; git pull -v", - "MacOS": "cd SecLists; git pull -v", - "Windows": "cd SecLists; git pull -v" - } - }, - "SecretFinder": { - "Data": "| Discovery/JS | [SecretFinder](https://github.com/m4ll0k/SecretFinder) | SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files | ![](https://img.shields.io/github/stars/m4ll0k/SecretFinder) | ![](https://img.shields.io/github/languages/top/m4ll0k/SecretFinder) |", - "Description": "SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files ", - "Install": { - "Linux": "git clone https://github.com/m4ll0k/SecretFinder ; cd SecretFinder ; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/m4ll0k/SecretFinder ; cd SecretFinder ; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/m4ll0k/SecretFinder ; cd SecretFinder ; pip3 install -r requirements.txt" - }, - "Method": "JS", - "Type": "Discovery", - "Update": { - "Linux": "cd SecretFinder ; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd SecretFinder ; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd SecretFinder ; git pull -v ; pip3 install -r requirements.txt" - } - }, - "SecurityTrails": { - "Data": "| Discovery/DNS | [SecurityTrails](https://securitytrails.com) | Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "SequenceDiagram": { - "Data": "| Utility/FLOW | [SequenceDiagram](https://sequencediagram.org) | Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FLOW", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Shodan": { - "Data": "| Discovery/PORT | [Shodan](https://www.shodan.io/) | World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) | ![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray)|", - "Description": " World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=\u0026message=it%27s%20not%20github\u0026color=gray) ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PORT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Silver": { - "Data": "| Discovery/VULN | [Silver](https://github.com/s0md3v/Silver) | Mass scan IPs for vulnerable services | ![](https://img.shields.io/github/stars/s0md3v/Silver) | ![](https://img.shields.io/github/languages/top/s0md3v/Silver) |", - "Description": "Mass scan IPs for vulnerable services ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/Silver ; cd Silver; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/s0md3v/Silver ; cd Silver; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/s0md3v/Silver ; cd Silver; pip3 install -r requirements.txt" - }, - "Method": "VULN", - "Type": "Discovery", - "Update": { - "Linux": "cd Silver; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd Silver; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd Silver; git pull -v ; pip3 install -r requirements.txt" - } - }, - "Sn1per": { - "Data": "| Scanner/RECON | [Sn1per](https://github.com/1N3/Sn1per) | Automated pentest framework for offensive security experts | ![](https://img.shields.io/github/stars/1N3/Sn1per) | ![](https://img.shields.io/github/languages/top/1N3/Sn1per) |", - "Description": "Automated pentest framework for offensive security experts ", - "Install": { - "Linux": "git clone https://github.com/1N3/Sn1per ; cd Sn1per; ./install.sh", - "MacOS": "git clone https://github.com/1N3/Sn1per ; cd Sn1per; ./install.sh", - "Windows": "git clone https://github.com/1N3/Sn1per ; cd Sn1per; ./install.sh" - }, - "Method": "RECON", - "Type": "Scanner", - "Update": { - "Linux": "cd Sn1per; git pull -v", - "MacOS": "cd Sn1per; git pull -v", - "Windows": "cd Sn1per; git pull -v" - } - }, - "Striker": { - "Data": "| Scanner/WVS | [Striker](https://github.com/s0md3v/Striker) | Striker is an offensive information and vulnerability scanner. | ![](https://img.shields.io/github/stars/s0md3v/Striker) | ![](https://img.shields.io/github/languages/top/s0md3v/Striker) |", - "Description": "Striker is an offensive information and vulnerability scanner. ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/Striker; cd Striker; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/s0md3v/Striker; cd Striker; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/s0md3v/Striker; cd Striker; pip3 install -r requirements.txt" - }, - "Method": "WVS", - "Type": "Scanner", - "Update": { - "Linux": "cd Striker; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd Striker; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd Striker; git pull -v ; pip3 install -r requirements.txt" - } - }, - "SubOver": { - "Data": "| Discovery/TKOV | [SubOver](https://github.com/Ice3man543/SubOver) | A Powerful Subdomain Takeover Tool | ![](https://img.shields.io/github/stars/Ice3man543/SubOver) | ![](https://img.shields.io/github/languages/top/Ice3man543/SubOver) |", - "Description": "A Powerful Subdomain Takeover Tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "TKOV", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "Sublist3r": { - "Data": "| Discovery/DOMAIN | [Sublist3r](https://github.com/aboul3la/Sublist3r) | Fast subdomains enumeration tool for penetration testers | ![](https://img.shields.io/github/stars/aboul3la/Sublist3r) | ![](https://img.shields.io/github/languages/top/aboul3la/Sublist3r) |", - "Description": "Fast subdomains enumeration tool for penetration testers ", - "Install": { - "Linux": "git clone https://github.com/aboul3la/Sublist3r ; cd Sublist3r ; pip3 instal -r requirements.txt", - "MacOS": "git clone https://github.com/aboul3la/Sublist3r ; cd Sublist3r ; pip3 instal -r requirements.txt", - "Windows": "git clone https://github.com/aboul3la/Sublist3r ; cd Sublist3r ; pip3 instal -r requirements.txt" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "cd Sublist3r ; git pull -v ; pip3 instal -r requirements.txt", - "MacOS": "cd Sublist3r ; git pull -v ; pip3 instal -r requirements.txt", - "Windows": "cd Sublist3r ; git pull -v ; pip3 instal -r requirements.txt" - } - }, - "Taipan": { - "Data": "| Scanner/WVS | [Taipan](https://github.com/enkomio/Taipan) | Web application vulnerability scanner | ![](https://img.shields.io/github/stars/enkomio/Taipan) | ![](https://img.shields.io/github/languages/top/enkomio/Taipan) |", - "Description": "Web application vulnerability scanner", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WVS", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "TukTuk": { - "Data": "| Utility/OAST | [TukTuk](https://github.com/ArturSS7/TukTuk) | Tool for catching and logging different types of requests. | ![](https://img.shields.io/github/stars/ArturSS7/TukTuk) | ![](https://img.shields.io/github/languages/top/ArturSS7/TukTuk) |", - "Description": "Tool for catching and logging different types of requests. ", - "Install": { - "Linux": "git clone https://github.com/ArturSS7/TukTuk ; cd TukTuk; ./install.sh", - "MacOS": "git clone https://github.com/ArturSS7/TukTuk ; cd TukTuk; ./install.sh", - "Windows": "git clone https://github.com/ArturSS7/TukTuk ; cd TukTuk; ./install.sh" - }, - "Method": "OAST", - "Type": "Utility", - "Update": { - "Linux": "cd TukTuk; git pull -v ", - "MacOS": "cd TukTuk; git pull -v ", - "Windows": "cd TukTuk; git pull -v " - } - }, - "VHostScan": { - "Data": "| Scanner/FUZZ | [VHostScan](https://github.com/codingo/VHostScan) | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. | ![](https://img.shields.io/github/stars/codingo/VHostScan) | ![](https://img.shields.io/github/languages/top/codingo/VHostScan) |", - "Description": "A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. ", - "Install": { - "Linux": "git clone https://github.com/codingo/VHostScan ; cd VHostScan ; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/codingo/VHostScan ; cd VHostScan ; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/codingo/VHostScan ; cd VHostScan ; pip3 install -r requirements.txt" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "cd VHostScan ; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd VHostScan ; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd VHostScan ; git pull -v ; pip3 install -r requirements.txt" - } - }, - "Web-Cache-Vulnerability-Scanner": { - "Data": "| Scanner/CACHE | [Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner) | Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). | ![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner) | ![](https://img.shields.io/github/languages/top/Hackmanit/Web-Cache-Vulnerability-Scanner) |", - "Description": "Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CACHE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "XSRFProbe": { - "Data": "| Scanner/CSRF | [XSRFProbe](https://github.com/0xInfection/XSRFProbe) | The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. | ![](https://img.shields.io/github/stars/0xInfection/XSRFProbe) | ![](https://img.shields.io/github/languages/top/0xInfection/XSRFProbe) |", - "Description": "The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CSRF", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "XSStrike": { - "Data": "| Scanner/XSS | [XSStrike](https://github.com/s0md3v/XSStrike) | Most advanced XSS scanner. | ![](https://img.shields.io/github/stars/s0md3v/XSStrike) | ![](https://img.shields.io/github/languages/top/s0md3v/XSStrike) |", - "Description": "Most advanced XSS scanner. ", - "Install": { - "Linux": "git clone https://github.com/s0md3v/XSStrike ; cd XSStrike; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/s0md3v/XSStrike ; cd XSStrike; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/s0md3v/XSStrike ; cd XSStrike; pip3 install -r requirements.txt" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "cd XSStrike; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd XSStrike; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd XSStrike; git pull -v ; pip3 install -r requirements.txt" - } - }, - "XSpear": { - "Data": "| Scanner/XSS | [XSpear](https://github.com/hahwul/XSpear) | Powerfull XSS Scanning and Parameter analysis tool\u0026gem | ![](https://img.shields.io/github/stars/hahwul/XSpear) | ![](https://img.shields.io/github/languages/top/hahwul/XSpear) |", - "Description": "Powerfull XSS Scanning and Parameter analysis tool\u0026gem ", - "Install": { - "Linux": "gem install XSpear", - "MacOS": "gem install XSpear", - "Windows": "gem install XSpear" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "gem update XSpear", - "MacOS": "gem update XSpear", - "Windows": "gem update XSpear" - } - }, - "XXEinjector": { - "Data": "| Utility/PAYLOAD | [XXEinjector](https://github.com/enjoiz/XXEinjector) | Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods. | ![](https://img.shields.io/github/stars/enjoiz/XXEinjector) | ![](https://img.shields.io/github/languages/top/enjoiz/XXEinjector) |", - "Description": "Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "a2sv": { - "Data": "| Scanner/SSL | [a2sv](https://github.com/hahwul/a2sv) | Auto Scanning to SSL Vulnerability | ![](https://img.shields.io/github/stars/hahwul/a2sv) | ![](https://img.shields.io/github/languages/top/hahwul/a2sv) |", - "Description": "Auto Scanning to SSL Vulnerability ", - "Install": { - "Linux": "git clone https://github.com/hahwul/a2sv; cd a2sv; pip2 install -r requirements.txt", - "MacOS": "git clone https://github.com/hahwul/a2sv; cd a2sv; pip2 install -r requirements.txt", - "Windows": "git clone https://github.com/hahwul/a2sv; cd a2sv; pip2 install -r requirements.txt" - }, - "Method": "SSL", - "Type": "Scanner", - "Update": { - "Linux": "cd a2sv; git pull -v", - "MacOS": "cd a2sv; git pull -v", - "Windows": "cd a2sv; git pull -v" - } - }, - "altdns": { - "Data": "| Discovery/DOMAIN | [altdns](https://github.com/infosec-au/altdns) | Generates permutations, alterations and mutations of subdomains and then resolves them | ![](https://img.shields.io/github/stars/infosec-au/altdns) | ![](https://img.shields.io/github/languages/top/infosec-au/altdns) |", - "Description": "Generates permutations, alterations and mutations of subdomains and then resolves them ", - "Install": { - "Linux": "git clone https://github.com/infosec-au/altdns ; cd altdns; python setup.py install", - "MacOS": "git clone https://github.com/infosec-au/altdns ; cd altdns; python setup.py install", - "Windows": "git clone https://github.com/infosec-au/altdns ; cd altdns; python setup.py install" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "cd altdns ; git pull -v", - "MacOS": "cd altdns ; git pull -v", - "Windows": "cd altdns ; git pull -v" - } - }, - "anew": { - "Data": "| Utility/ANY | [anew](https://github.com/tomnomnom/anew) | A tool for adding new lines to files, skipping duplicates | ![](https://img.shields.io/github/stars/tomnomnom/anew) | ![](https://img.shields.io/github/languages/top/tomnomnom/anew) |", - "Description": "A tool for adding new lines to files, skipping duplicates", - "Install": { - "Linux": "go get -u github.com/tomnomnom/anew", - "MacOS": "go get -u github.com/tomnomnom/anew", - "Windows": "go get -u github.com/tomnomnom/anew" - }, - "Method": "ANY", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/tomnomnom/anew", - "MacOS": "go get -u github.com/tomnomnom/anew", - "Windows": "go get -u github.com/tomnomnom/anew" - } - }, - "apkleaks": { - "Data": "| Discovery/APK | [apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints \u0026 secrets. | ![](https://img.shields.io/github/stars/dwisiswant0/apkleaks) | ![](https://img.shields.io/github/languages/top/dwisiswant0/apkleaks) |", - "Description": "Scanning APK file for URIs, endpoints \u0026 secrets. ", - "Install": { - "Linux": "git clone https://github.com/dwisiswant0/apkleaks ; cd apkleaks ; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/dwisiswant0/apkleaks ; cd apkleaks ; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/dwisiswant0/apkleaks ; cd apkleaks ; pip3 install -r requirements.txt" - }, - "Method": "APK", - "Type": "Discovery", - "Update": { - "Linux": "cd apkleaks ; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd apkleaks ; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd apkleaks ; git pull -v ; pip3 install -r requirements.txt" - } - }, - "aquatone": { - "Data": "| Discovery/ALL | [aquatone](https://github.com/michenriksen/aquatone) | A Tool for Domain Flyovers | ![](https://img.shields.io/github/stars/michenriksen/aquatone) | ![](https://img.shields.io/github/languages/top/michenriksen/aquatone) |", - "Description": "A Tool for Domain Flyovers ", - "Install": { - "Linux": "go get -u github.com/michenriksen/aquatone", - "MacOS": "go get -u github.com/michenriksen/aquatone", - "Windows": "go get -u github.com/michenriksen/aquatone" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "go get -u github.com/michenriksen/aquatone", - "MacOS": "go get -u github.com/michenriksen/aquatone", - "Windows": "go get -u github.com/michenriksen/aquatone" - } - }, - "arachni": { - "Data": "| Scanner/WVS | [arachni](https://github.com/Arachni/arachni) | Web Application Security Scanner Framework | ![](https://img.shields.io/github/stars/Arachni/arachni) | ![](https://img.shields.io/github/languages/top/Arachni/arachni) |", - "Description": "Web Application Security Scanner Framework ", - "Install": { - "Linux": "mkdir arachni; cd arachni; wget https://github.com/Arachni/arachni/releases/download/v1.5.1/arachni-1.5.1-0.5.12-linux-x86_64.tar.gz; tar -xvf arachni-1.5.1-0.5.12-linux-x86_64.tar.gz", - "MacOS": "mkdir arachni; cd arachni; wget https://github.com/Arachni/arachni/releases/download/v1.5.1/arachni-1.5.1-0.5.12-linux-x86_64.tar.gz; tar -xvf arachni-1.5.1-0.5.12-linux-x86_64.tar.gz", - "Windows": "" - }, - "Method": "WVS", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "assetfinder": { - "Data": "| Discovery/DOMAIN | [assetfinder](https://github.com/tomnomnom/assetfinder) | Find domains and subdomains related to a given domain | ![](https://img.shields.io/github/stars/tomnomnom/assetfinder) | ![](https://img.shields.io/github/languages/top/tomnomnom/assetfinder) |", - "Description": "Find domains and subdomains related to a given domain ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/assetfinder", - "MacOS": "go get -u github.com/tomnomnom/assetfinder", - "Windows": "go get -u github.com/tomnomnom/assetfinder" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "go get -u github.com/tomnomnom/assetfinder", - "MacOS": "go get -u github.com/tomnomnom/assetfinder", - "Windows": "go get -u github.com/tomnomnom/assetfinder" - } - }, - "autochrome": { - "Data": "| Utility/SETUP | [autochrome](https://github.com/nccgroup/autochrome) | This tool downloads, installs, and configures a shiny new copy of Chromium. | ![](https://img.shields.io/github/stars/nccgroup/autochrome) | ![](https://img.shields.io/github/languages/top/nccgroup/autochrome) |", - "Description": "This tool downloads, installs, and configures a shiny new copy of Chromium.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SETUP", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "axiom": { - "Data": "| Utility/PENTEST | [axiom](https://github.com/pry0cc/axiom) | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! | ![](https://img.shields.io/github/stars/pry0cc/axiom) | ![](https://img.shields.io/github/languages/top/pry0cc/axiom) |", - "Description": "A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ", - "Install": { - "Linux": "bash \u003c(curl -s https://raw.githubusercontent.com/pry0cc/axiom/master/interact/axiom-configure)", - "MacOS": "bash \u003c(curl -s https://raw.githubusercontent.com/pry0cc/axiom/master/interact/axiom-configure)", - "Windows": "" - }, - "Method": "PENTEST", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "bat": { - "Data": "| Utility/ANY | [bat](https://github.com/sharkdp/bat) | A cat(1) clone with wings. | ![](https://img.shields.io/github/stars/sharkdp/bat) | ![](https://img.shields.io/github/languages/top/sharkdp/bat) |", - "Description": "A cat(1) clone with wings.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ANY", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "boast": { - "Data": "| Utility/OAST | [boast](https://github.com/marcoagner/boast) | The BOAST Outpost for AppSec Testing (v0.1.0) | ![](https://img.shields.io/github/stars/marcoagner/boast) | ![](https://img.shields.io/github/languages/top/marcoagner/boast) |", - "Description": "The BOAST Outpost for AppSec Testing (v0.1.0)", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "OAST", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "bountyplz": { - "Data": "| Utility/TEMPLATE | [bountyplz](https://github.com/fransr/bountyplz) | Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) | ![](https://img.shields.io/github/stars/fransr/bountyplz) | ![](https://img.shields.io/github/languages/top/fransr/bountyplz) |", - "Description": "Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) ", - "Install": { - "Linux": "", - "MacOS": "git clone https://github.com/fransr/bountyplz; brew install jq; brew install gnu-sed; brew install coreutils", - "Windows": "" - }, - "Method": "TEMPLATE", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "cd bountyplz; git pull -v", - "Windows": "" - } - }, - "burl": { - "Data": "| Utility/URL | [burl](https://github.com/tomnomnom/burl) | A Broken-URL Checker | ![](https://img.shields.io/github/stars/tomnomnom/burl) | ![](https://img.shields.io/github/languages/top/tomnomnom/burl) |", - "Description": "A Broken-URL Checker ", - "Install": { - "Linux": "go get github.com/tomnomnom/burl", - "MacOS": "go get github.com/tomnomnom/burl", - "Windows": "go get github.com/tomnomnom/burl" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "go get github.com/tomnomnom/burl", - "MacOS": "go get github.com/tomnomnom/burl", - "Windows": "go get github.com/tomnomnom/burl" - } - }, - "c-jwt-cracker": { - "Data": "| Utility/JWT | [c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) | JWT brute force cracker written in C | ![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker) | ![](https://img.shields.io/github/languages/top/brendan-rius/c-jwt-cracker) |", - "Description": "JWT brute force cracker written in C ", - "Install": { - "Linux": "git clone https://github.com/brendan-rius/c-jwt-cracker ; cd c-jwt-cracker ; make", - "MacOS": "git clone https://github.com/brendan-rius/c-jwt-cracker ; cd c-jwt-cracker ; make", - "Windows": "git clone https://github.com/brendan-rius/c-jwt-cracker ; cd c-jwt-cracker ; make" - }, - "Method": "JWT", - "Type": "Utility", - "Update": { - "Linux": "cd c-jwt-cracker ; git pull -v ; make", - "MacOS": "cd c-jwt-cracker ; git pull -v ; make", - "Windows": "cd c-jwt-cracker ; git pull -v ; make" - } - }, - "can-i-take-over-xyz": { - "Data": "| Discovery/TKOV | [can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz) | \"Can I take over XYZ?\" — a list of services and how to claim (sub)domains with dangling DNS records. | ![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz) | ![](https://img.shields.io/github/languages/top/EdOverflow/can-i-take-over-xyz) |", - "Description": "\"Can I take over XYZ?\" — a list of services and how to claim (sub)domains with dangling DNS records.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "TKOV", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "cariddi": { - "Data": "| Discovery/URL | [cariddi](https://github.com/edoardottt/cariddi) | Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... | ![](https://img.shields.io/github/stars/edoardottt/cariddi) | ![](https://img.shields.io/github/languages/top/edoardottt/cariddi) |", - "Description": "Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "cc.py": { - "Data": "| Discovery/URL | [cc.py](https://github.com/si9int/cc.py) | Extracting URLs of a specific target based on the results of \"commoncrawl.org\" | ![](https://img.shields.io/github/stars/si9int/cc.py) | ![](https://img.shields.io/github/languages/top/si9int/cc.py) |", - "Description": "Extracting URLs of a specific target based on the results of \"commoncrawl.org\" ", - "Install": { - "Linux": "git clone https://github.com/si9int/cc.py", - "MacOS": "git clone https://github.com/si9int/cc.py", - "Windows": "git clone https://github.com/si9int/cc.py" - }, - "Method": "CRAWL", - "Type": "Discovery", - "Update": { - "Linux": "cd cc.py ; git pull -v", - "MacOS": "cd cc.py ; git pull -v", - "Windows": "cd cc.py ; git pull -v" - } - }, - "cf-check": { - "Data": "| Utility/URL | [cf-check](https://github.com/dwisiswant0/cf-check) | Cloudflare Checker written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/cf-check) | ![](https://img.shields.io/github/languages/top/dwisiswant0/cf-check) |", - "Description": "Cloudflare Checker written in Go ", - "Install": { - "Linux": "go get -u github.com/dwisiswant0/cf-check", - "MacOS": "go get -u github.com/dwisiswant0/cf-check", - "Windows": "go get -u github.com/dwisiswant0/cf-check" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/dwisiswant0/cf-check", - "MacOS": "go get -u github.com/dwisiswant0/cf-check", - "Windows": "go get -u github.com/dwisiswant0/cf-check" - } - }, - "chaos-client": { - "Data": "| Discovery/DOMAIN | [chaos-client](https://github.com/projectdiscovery/chaos-client) | Go client to communicate with Chaos DNS API. | ![](https://img.shields.io/github/stars/projectdiscovery/chaos-client) | ![](https://img.shields.io/github/languages/top/projectdiscovery/chaos-client) |", - "Description": "Go client to communicate with Chaos DNS API. ", - "Install": { - "Linux": "GO111MODULE=on go get -u github.com/projectdiscovery/chaos-client/cmd/chaos", - "MacOS": "GO111MODULE=on go get -u github.com/projectdiscovery/chaos-client/cmd/chaos", - "Windows": "go get -u github.com/projectdiscovery/chaos-client/cmd/chaos" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -u github.com/projectdiscovery/chaos-client/cmd/chaos", - "MacOS": "GO111MODULE=on go get -u github.com/projectdiscovery/chaos-client/cmd/chaos", - "Windows": "go get -u github.com/projectdiscovery/chaos-client/cmd/chaos" - } - }, - "commix": { - "Data": "| Scanner/RCE | [commix](https://github.com/commixproject/commix) | Automated All-in-One OS Command Injection Exploitation Tool. | ![](https://img.shields.io/github/stars/commixproject/commix) | ![](https://img.shields.io/github/languages/top/commixproject/commix) |", - "Description": "Automated All-in-One OS Command Injection Exploitation Tool.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "RCE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "confused": { - "Data": "| Scanner/CONFUSE | [confused](https://github.com/visma-prodsec/confused) | Tool to check for dependency confusion vulnerabilities in multiple package management systems | ![](https://img.shields.io/github/stars/visma-prodsec/confused) | ![](https://img.shields.io/github/languages/top/visma-prodsec/confused) |", - "Description": "Tool to check for dependency confusion vulnerabilities in multiple package management systems", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CONFUSE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "corsair_scan": { - "Data": "| Scanner/CORS | [corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan) | Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS). | ![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan) | ![](https://img.shields.io/github/languages/top/Santandersecurityresearch/corsair_scan) |", - "Description": "Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CORS", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "crawlergo": { - "Data": "| Discovery/URL | [crawlergo](https://github.com/Qianlitp/crawlergo) | A powerful browser crawler for web vulnerability scanners | ![](https://img.shields.io/github/stars/Qianlitp/crawlergo) | ![](https://img.shields.io/github/languages/top/Qianlitp/crawlergo) |", - "Description": "A powerful browser crawler for web vulnerability scanners", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "crlfuzz": { - "Data": "| Scanner/CRLF | [crlfuzz](https://github.com/dwisiswant0/crlfuzz) | A fast tool to scan CRLF vulnerability written in Go | ![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz) | ![](https://img.shields.io/github/languages/top/dwisiswant0/crlfuzz) |", - "Description": "A fast tool to scan CRLF vulnerability written in Go ", - "Install": { - "Linux": "GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz", - "MacOS": "GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz", - "Windows": "go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz" - }, - "Method": "CRLF", - "Type": "Scanner", - "Update": { - "Linux": "GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz", - "MacOS": "GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz", - "Windows": "go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz" - } - }, - "curl": { - "Data": "| Utility/HTTP | [curl](https://github.com/curl/curl) | A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features | ![](https://img.shields.io/github/stars/curl/curl) | ![](https://img.shields.io/github/languages/top/curl/curl) |", - "Description": "A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HTTP", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "dalfox": { - "Data": "| Scanner/XSS | [dalfox](https://github.com/hahwul/dalfox) | 🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang | ![](https://img.shields.io/github/stars/hahwul/dalfox) | ![](https://img.shields.io/github/languages/top/hahwul/dalfox) |", - "Description": "🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang ", - "Install": { - "Linux": "go get -u github.com/hahwul/dalfox", - "MacOS": "brew install dalfox", - "Windows": "go get -u github.com/hahwul/dalfox" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "go get -u github.com/hahwul/dalfox", - "MacOS": "brew upgrade dalfox", - "Windows": "go get -u github.com/hahwul/dalfox" - } - }, - "dirsearch": { - "Data": "| Discovery/FUZZ | [dirsearch](https://github.com/maurosoria/dirsearch) | Web path scanner | ![](https://img.shields.io/github/stars/maurosoria/dirsearch) | ![](https://img.shields.io/github/languages/top/maurosoria/dirsearch) |", - "Description": "Web path scanner ", - "Install": { - "Linux": "git clone https://github.com/maurosoria/dirsearch", - "MacOS": "git clone https://github.com/maurosoria/dirsearch", - "Windows": "git clone https://github.com/maurosoria/dirsearch" - }, - "Method": "FUZZ", - "Type": "Discovery", - "Update": { - "Linux": "cd dirsearch ; git pull -v", - "MacOS": "cd dirsearch ; git pull -v", - "Windows": "cd dirsearch ; git pull -v" - } - }, - "ditto": { - "Data": "| Discovery/DOMAIN | [ditto](https://github.com/evilsocket/ditto) | A tool for IDN homograph attacks and detection. | ![](https://img.shields.io/github/stars/evilsocket/ditto) | ![](https://img.shields.io/github/languages/top/evilsocket/ditto) |", - "Description": "A tool for IDN homograph attacks and detection.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "dmut": { - "Data": "| Discovery/DOMAIN | [dmut](https://github.com/bp0lr/dmut) | A tool to perform permutations, mutations and alteration of subdomains in golang. | ![](https://img.shields.io/github/stars/bp0lr/dmut) | ![](https://img.shields.io/github/languages/top/bp0lr/dmut) |", - "Description": "A tool to perform permutations, mutations and alteration of subdomains in golang.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "dnsobserver": { - "Data": "| Utility/OAST | [dnsobserver](https://github.com/allyomalley/dnsobserver) | A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. | ![](https://img.shields.io/github/stars/allyomalley/dnsobserver) | ![](https://img.shields.io/github/languages/top/allyomalley/dnsobserver) |", - "Description": "A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "OAST", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "dnsprobe": { - "Data": "| Discovery/DNS | [dnsprobe](https://github.com/projectdiscovery/dnsprobe) | DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsprobe) |", - "Description": "DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. ", - "Install": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsprobe", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsprobe", - "Windows": "go get -u -v github.com/projectdiscovery/dnsprobe" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsprobe", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsprobe", - "Windows": "go get -u -v github.com/projectdiscovery/dnsprobe" - } - }, - "dnsvalidator": { - "Data": "| Discovery/DNS | [dnsvalidator](https://github.com/vortexau/dnsvalidator) | Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. | ![](https://img.shields.io/github/stars/vortexau/dnsvalidator) | ![](https://img.shields.io/github/languages/top/vortexau/dnsvalidator) |", - "Description": "Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "dnsx": { - "Data": "| Discovery/DNS | [dnsx](https://github.com/projectdiscovery/dnsx) | dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers. | ![](https://img.shields.io/github/stars/projectdiscovery/dnsx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/dnsx) |", - "Description": "dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "docem": { - "Data": "| Utility/PAYLOAD | [docem](https://github.com/whitel1st/docem) | Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) | ![](https://img.shields.io/github/stars/whitel1st/docem) | ![](https://img.shields.io/github/languages/top/whitel1st/docem) |", - "Description": "Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "domdig": { - "Data": "| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications | ![](https://img.shields.io/github/stars/fcavallarin/domdig) | ![](https://img.shields.io/github/languages/top/fcavallarin/domdig) |", - "Description": "DOM XSS scanner for Single Page Applications ", - "Install": { - "Linux": "git clone https://github.com/fcavallarin/domdig ; cd domdig ; npm i", - "MacOS": "git clone https://github.com/fcavallarin/domdig ; cd domdig ; npm i", - "Windows": "git clone https://github.com/fcavallarin/domdig ; cd domdig ; npm i" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "cd domdig ; npm i", - "MacOS": "cd domdig ; npm i", - "Windows": "cd domdig ; npm i" - } - }, - "dontgo403": { - "Data": "| Discovery/FUZZ | [dontgo403](https://github.com/devploit/dontgo403) | Tool to bypass 40X response codes. | ![](https://img.shields.io/github/stars/devploit/dontgo403) | ![](https://img.shields.io/github/languages/top/devploit/dontgo403) |", - "Description": "Tool to bypass 40X response codes.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "dotdotpwn": { - "Data": "| Scanner/LFI | [dotdotpwn](https://github.com/wireghoul/dotdotpwn) | DotDotPwn - The Directory Traversal Fuzzer | ![](https://img.shields.io/github/stars/wireghoul/dotdotpwn) | ![](https://img.shields.io/github/languages/top/wireghoul/dotdotpwn) |", - "Description": "DotDotPwn - The Directory Traversal Fuzzer ", - "Install": { - "Linux": "git clone https://github.com/wireghoul/dotdotpwn ; ", - "MacOS": "git clone https://github.com/wireghoul/dotdotpwn", - "Windows": "git clone https://github.com/wireghoul/dotdotpwn" - }, - "Method": "LFI", - "Type": "Scanner", - "Update": { - "Linux": "cd dotdotpwn ; git pull -v", - "MacOS": "cd dotdotpwn ; git pull -v", - "Windows": "cd dotdotpwn ; git pull -v" - } - }, - "ezXSS": { - "Data": "| Scanner/XSS | [ezXSS](https://github.com/ssl/ezXSS) | ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. | ![](https://img.shields.io/github/stars/ssl/ezXSS) | ![](https://img.shields.io/github/languages/top/ssl/ezXSS) |", - "Description": "ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. ", - "Install": { - "Linux": "git clone https://github.com/ssl/ezXSS", - "MacOS": "git clone https://github.com/ssl/ezXSS", - "Windows": "git clone https://github.com/ssl/ezXSS" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "cd ezXSS ; git pull -v", - "MacOS": "cd ezXSS ; git pull -v", - "Windows": "cd ezXSS ; git pull -v" - } - }, - "feroxbuster": { - "Data": "| Discovery/FUZZ | [feroxbuster](https://github.com/epi052/feroxbuster) | A fast, simple, recursive content discovery tool written in Rust. | ![](https://img.shields.io/github/stars/epi052/feroxbuster) | ![](https://img.shields.io/github/languages/top/epi052/feroxbuster) |", - "Description": "A fast, simple, recursive content discovery tool written in Rust.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "ffuf": { - "Data": "| Scanner/FUZZ | [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer written in Go | ![](https://img.shields.io/github/stars/ffuf/ffuf) | ![](https://img.shields.io/github/languages/top/ffuf/ffuf) |", - "Description": "Fast web fuzzer written in Go ", - "Install": { - "Linux": "go get -u github.com/ffuf/ffuf", - "MacOS": "go get -u github.com/ffuf/ffuf", - "Windows": "go get -u github.com/ffuf/ffuf" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "go get -u github.com/ffuf/ffuf", - "MacOS": "go get -u github.com/ffuf/ffuf", - "Windows": "go get -u github.com/ffuf/ffuf" - } - }, - "fhc": { - "Data": "| Fetch/HTTP | [fhc](https://github.com/Edu4rdSHL/fhc) | Fast HTTP Checker. | ![](https://img.shields.io/github/stars/Edu4rdSHL/fhc) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/fhc) |", - "Description": "Fast HTTP Checker.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HTTP", - "Type": "Fetch", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "findom-xss": { - "Data": "| Scanner/XSS | [findom-xss](https://github.com/dwisiswant0/findom-xss) | A fast DOM based XSS vulnerability scanner with simplicity. | ![](https://img.shields.io/github/stars/dwisiswant0/findom-xss) | ![](https://img.shields.io/github/languages/top/dwisiswant0/findom-xss) |", - "Description": "A fast DOM based XSS vulnerability scanner with simplicity. ", - "Install": { - "Linux": "git clone https://github.com/dwisiswant0/findom-xss.git --recurse-submodules", - "MacOS": "git clone https://github.com/dwisiswant0/findom-xss.git --recurse-submodules", - "Windows": "git clone https://github.com/dwisiswant0/findom-xss.git --recurse-submodules" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "cd findom-xss ; git pull -v", - "MacOS": "cd findom-xss ; git pull -v", - "Windows": "cd findom-xss ; git pull -v" - } - }, - "findomain": { - "Data": "| Discovery/DOMAIN | [findomain](https://github.com/Edu4rdSHL/findomain) | The fastest and cross-platform subdomain enumerator, do not waste your time. | ![](https://img.shields.io/github/stars/Edu4rdSHL/findomain) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/findomain) |", - "Description": "The fastest and cross-platform subdomain enumerator, do not waste your time. ", - "Install": { - "Linux": "mkdir findomain; cd findomain; wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux ; chmod +x findomain-linux", - "MacOS": "brew install findomain", - "Windows": "mkdir findomain; cd findomain; wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-windows.exe" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "cd findomain; wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux ; chmod +x findomain-linux", - "MacOS": "brew upgrade findomain", - "Windows": "cd findomain; wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-windows.exe" - } - }, - "fockcache": { - "Data": "| Scanner/CACHE-POISON | [fockcache](https://github.com/tismayil/fockcache) | FockCache - Minimalized Test Cache Poisoning | ![](https://img.shields.io/github/stars/tismayil/fockcache) | ![](https://img.shields.io/github/languages/top/tismayil/fockcache) |", - "Description": "FockCache - Minimalized Test Cache Poisoning", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CACHE-POISON", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "fuzzparam": { - "Data": "| Discovery/PARAM | [fuzzparam](https://github.com/0xsapra/fuzzparam) | A fast go based param miner to fuzz possible parameters a URL can have. | ![](https://img.shields.io/github/stars/0xsapra/fuzzparam) | ![](https://img.shields.io/github/languages/top/0xsapra/fuzzparam) |", - "Description": "A fast go based param miner to fuzz possible parameters a URL can have.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PARAM", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "fzf": { - "Data": "| Utility/ANY | [fzf](https://github.com/junegunn/fzf) | A command-line fuzzy finder | ![](https://img.shields.io/github/stars/junegunn/fzf) | ![](https://img.shields.io/github/languages/top/junegunn/fzf) |", - "Description": "A command-line fuzzy finder", - "Install": { - "Linux": "git clone --depth 1 https://github.com/junegunn/fzf.git ; cd fzf ; ./install", - "MacOS": "brew install fzf", - "Windows": "choco install fzf" - }, - "Method": "ANY", - "Type": "Utility", - "Update": { - "Linux": "cd fzf ; git pull -v ; ./install", - "MacOS": "brew upgrade fzf", - "Windows": "choco update fzf" - } - }, - "gau": { - "Data": "| Discovery/URL | [gau](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. | ![](https://img.shields.io/github/stars/lc/gau) | ![](https://img.shields.io/github/languages/top/lc/gau) |", - "Description": "Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.", - "Install": { - "Linux": "GO111MODULE=on go get -u -v github.com/lc/gau", - "MacOS": "GO111MODULE=on go get -u -v github.com/lc/gau", - "Windows": "go get -u -v github.com/lc/gau" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -u -v github.com/lc/gau", - "MacOS": "GO111MODULE=on go get -u -v github.com/lc/gau", - "Windows": "go get -u -v github.com/lc/gau" - } - }, - "gauplus": { - "Data": "| Discovery/URL | [gauplus](https://github.com/bp0lr/gauplus) | A modified version of gau for personal usage. Support workers, proxies and some extra things. | ![](https://img.shields.io/github/stars/bp0lr/gauplus) | ![](https://img.shields.io/github/languages/top/bp0lr/gauplus) |", - "Description": "A modified version of gau for personal usage. Support workers, proxies and some extra things.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gee": { - "Data": "| Utility/ANY | [gee](https://github.com/hahwul/gee) | 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go | ![](https://img.shields.io/github/stars/hahwul/gee) | ![](https://img.shields.io/github/languages/top/hahwul/gee) |", - "Description": "🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ANY", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "getJS": { - "Data": "| Fetch/JS | [getJS](https://github.com/003random/getJS) | A tool to fastly get all javascript sources/files | ![](https://img.shields.io/github/stars/003random/getJS) | ![](https://img.shields.io/github/languages/top/003random/getJS) |", - "Description": "A tool to fastly get all javascript sources/files", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "JS", - "Type": "Fetch", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gf": { - "Data": "| Utility/GREP | [gf](https://github.com/tomnomnom/gf) | A wrapper around grep, to help you grep for things | ![](https://img.shields.io/github/stars/tomnomnom/gf) | ![](https://img.shields.io/github/languages/top/tomnomnom/gf) |", - "Description": "A wrapper around grep, to help you grep for things ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/gf; cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf", - "MacOS": "go get -u github.com/tomnomnom/gf; cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gf", - "Windows": "go get -u github.com/tomnomnom/gf" - }, - "Method": "GREP", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/tomnomnom/gf", - "MacOS": "go get -u github.com/tomnomnom/gf", - "Windows": "go get -u github.com/tomnomnom/gf" - } - }, - "gitGraber": { - "Data": "| Discovery/GIT | [gitGraber](https://github.com/hisxo/gitGraber) | gitGraber | ![](https://img.shields.io/github/stars/hisxo/gitGraber) | ![](https://img.shields.io/github/languages/top/hisxo/gitGraber) |", - "Description": "gitGraber ", - "Install": { - "Linux": "git clone https://github.com/hisxo/gitGraber ; cd gitGraber; pip3 install -r requirements.txt", - "MacOS": "git clone https://github.com/hisxo/gitGraber ; cd gitGraber; pip3 install -r requirements.txt", - "Windows": "git clone https://github.com/hisxo/gitGraber ; cd gitGraber; pip3 install -r requirements.txt" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "cd gitGraber; git pull -v ; pip3 install -r requirements.txt", - "MacOS": "cd gitGraber; git pull -v ; pip3 install -r requirements.txt", - "Windows": "cd gitGraber; git pull -v ; pip3 install -r requirements.txt" - } - }, - "github-endpoints": { - "Data": "| Discovery/GIT | [github-endpoints](https://github.com/gwen001/github-endpoints) | Find endpoints on GitHub. | ![](https://img.shields.io/github/stars/gwen001/github-endpoints) | ![](https://img.shields.io/github/languages/top/gwen001/github-endpoints) |", - "Description": "Find endpoints on GitHub.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "github-regexp": { - "Data": "| Discovery/GIT | [github-regexp](https://github.com/gwen001/github-regexp) | Basically a regexp over a GitHub search. | ![](https://img.shields.io/github/stars/gwen001/github-regexp) | ![](https://img.shields.io/github/languages/top/gwen001/github-regexp) |", - "Description": "Basically a regexp over a GitHub search.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "github-search": { - "Data": "| Discovery/GIT | [github-search](https://github.com/gwen001/github-search) | Tools to perform basic search on GitHub. | ![](https://img.shields.io/github/stars/gwen001/github-search) | ![](https://img.shields.io/github/languages/top/gwen001/github-search) |", - "Description": "Tools to perform basic search on GitHub. ", - "Install": { - "Linux": "git clone https://github.com/gwen001/github-search", - "MacOS": "git clone https://github.com/gwen001/github-search", - "Windows": "git clone https://github.com/gwen001/github-search" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "cd github-search ; git pull -v", - "MacOS": "cd github-search ; git pull -v", - "Windows": "cd github-search ; git pull -v" - } - }, - "github-subdomains": { - "Data": "| Discovery/GIT | [github-subdomains](https://github.com/gwen001/github-subdomains) | Find subdomains on GitHub | ![](https://img.shields.io/github/stars/gwen001/github-subdomains) | ![](https://img.shields.io/github/languages/top/gwen001/github-subdomains) |", - "Description": "Find subdomains on GitHub", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gitleaks": { - "Data": "| Discovery/GIT | [gitleaks](https://github.com/zricethezav/gitleaks) | Scan git repos (or files) for secrets using regex and entropy 🔑 | ![](https://img.shields.io/github/stars/zricethezav/gitleaks) | ![](https://img.shields.io/github/languages/top/zricethezav/gitleaks) |", - "Description": "Scan git repos (or files) for secrets using regex and entropy 🔑", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gitls": { - "Data": "| Utility/GIT | [gitls](https://github.com/hahwul/gitls) | Listing git repository from URL/User/Org | ![](https://img.shields.io/github/stars/hahwul/gitls) | ![](https://img.shields.io/github/languages/top/hahwul/gitls) |", - "Description": "Listing git repository from URL/User/Org", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "GIT", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gitrob": { - "Data": "| Discovery/GIT | [gitrob](https://github.com/michenriksen/gitrob) | Reconnaissance tool for GitHub organizations | ![](https://img.shields.io/github/stars/michenriksen/gitrob) | ![](https://img.shields.io/github/languages/top/michenriksen/gitrob) |", - "Description": "Reconnaissance tool for GitHub organizations ", - "Install": { - "Linux": "go get github.com/michenriksen/gitrob", - "MacOS": "go get github.com/michenriksen/gitrob", - "Windows": "go get github.com/michenriksen/gitrob" - }, - "Method": "GIT", - "Type": "Discovery", - "Update": { - "Linux": "go get github.com/michenriksen/gitrob", - "MacOS": "go get github.com/michenriksen/gitrob", - "Windows": "go get github.com/michenriksen/gitrob" - } - }, - "go-dork": { - "Data": "| Discovery/URL | [go-dork](https://github.com/dwisiswant0/go-dork) | The fastest dork scanner written in Go. | ![](https://img.shields.io/github/stars/dwisiswant0/go-dork) | ![](https://img.shields.io/github/languages/top/dwisiswant0/go-dork) |", - "Description": "The fastest dork scanner written in Go. ", - "Install": { - "Linux": "GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/...", - "MacOS": "GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/...", - "Windows": "go get -v github.com/dwisiswant0/go-dork/..." - }, - "Method": "CRAWL", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/...", - "MacOS": "GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/...", - "Windows": "go get -v github.com/dwisiswant0/go-dork/..." - } - }, - "gobuster": { - "Data": "| Discovery/FUZZ | [gobuster](https://github.com/OJ/gobuster) | Directory/File, DNS and VHost busting tool written in Go | ![](https://img.shields.io/github/stars/OJ/gobuster) | ![](https://img.shields.io/github/languages/top/OJ/gobuster) |", - "Description": "Directory/File, DNS and VHost busting tool written in Go ", - "Install": { - "Linux": "go get github.com/OJ/gobuster", - "MacOS": "go get github.com/OJ/gobuster", - "Windows": "go get github.com/OJ/gobuster" - }, - "Method": "FUZZ", - "Type": "Discovery", - "Update": { - "Linux": "go get github.com/OJ/gobuster", - "MacOS": "go get github.com/OJ/gobuster", - "Windows": "go get github.com/OJ/gobuster" - } - }, - "gospider": { - "Data": "| Discovery/URL | [gospider](https://github.com/jaeles-project/gospider) | Gospider - Fast web spider written in Go | ![](https://img.shields.io/github/stars/jaeles-project/gospider) | ![](https://img.shields.io/github/languages/top/jaeles-project/gospider) |", - "Description": "Gospider - Fast web spider written in Go ", - "Install": { - "Linux": "go get -u github.com/jaeles-project/gospider", - "MacOS": "go get -u github.com/jaeles-project/gospider", - "Windows": "go get -u github.com/jaeles-project/gospider" - }, - "Method": "CRAWL", - "Type": "Discovery", - "Update": { - "Linux": "go get -u github.com/jaeles-project/gospider", - "MacOS": "go get -u github.com/jaeles-project/gospider", - "Windows": "go get -u github.com/jaeles-project/gospider" - } - }, - "gotator": { - "Data": "| Utility/WORDLIST | [gotator](https://github.com/Josue87/gotator) | Gotator is a tool to generate DNS wordlists through permutations. | ![](https://img.shields.io/github/stars/Josue87/gotator) | ![](https://img.shields.io/github/languages/top/Josue87/gotator) |", - "Description": "Gotator is a tool to generate DNS wordlists through permutations.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WORDLIST", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gotestwaf": { - "Data": "| Utility/WAF | [gotestwaf](https://github.com/wallarm/gotestwaf) | An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses | ![](https://img.shields.io/github/stars/wallarm/gotestwaf) | ![](https://img.shields.io/github/languages/top/wallarm/gotestwaf) |", - "Description": "An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WAF", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gowitness": { - "Data": "| Utility/SHOT | [gowitness](https://github.com/sensepost/gowitness) | 🔍 gowitness - a golang, web screenshot utility using Chrome Headless | ![](https://img.shields.io/github/stars/sensepost/gowitness) | ![](https://img.shields.io/github/languages/top/sensepost/gowitness) |", - "Description": "🔍 gowitness - a golang, web screenshot utility using Chrome Headless ", - "Install": { - "Linux": "go get -u github.com/sensepost/gowitness", - "MacOS": "go get -u github.com/sensepost/gowitness", - "Windows": "go get -u github.com/sensepost/gowitness" - }, - "Method": "SHOT", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/sensepost/gowitness", - "MacOS": "go get -u github.com/sensepost/gowitness", - "Windows": "go get -u github.com/sensepost/gowitness" - } - }, - "graphql-voyager": { - "Data": "| Discovery/GQL | [graphql-voyager](https://github.com/APIs-guru/graphql-voyager) | 🛰️ Represent any GraphQL API as an interactive graph | ![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager) | ![](https://img.shields.io/github/languages/top/APIs-guru/graphql-voyager) |", - "Description": "🛰️ Represent any GraphQL API as an interactive graph ", - "Install": { - "Linux": "git clone https://github.com/APIs-guru/graphql-voyager", - "MacOS": "git clone https://github.com/APIs-guru/graphql-voyager", - "Windows": "git clone https://github.com/APIs-guru/graphql-voyager" - }, - "Method": "GQL", - "Type": "Discovery", - "Update": { - "Linux": "cd graphql-voyager ; git pull -v", - "MacOS": "cd graphql-voyager ; git pull -v", - "Windows": "cd graphql-voyager ; git pull -v" - } - }, - "grc": { - "Data": "| Utility/ANY | [grc](https://github.com/garabik/grc) | generic colouriser | ![](https://img.shields.io/github/stars/garabik/grc) | ![](https://img.shields.io/github/languages/top/garabik/grc) |", - "Description": "generic colouriser", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ANY", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "grex": { - "Data": "| Utility/URL | [grex](https://github.com/pemistahl/grex) | A command-line tool and library for generating regular expressions from user-provided test cases | ![](https://img.shields.io/github/stars/pemistahl/grex) | ![](https://img.shields.io/github/languages/top/pemistahl/grex) |", - "Description": "A command-line tool and library for generating regular expressions from user-provided test cases", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "gron": { - "Data": "| Utility/JSON | [gron](https://github.com/tomnomnom/gron) | Make JSON greppable! | ![](https://img.shields.io/github/stars/tomnomnom/gron) | ![](https://img.shields.io/github/languages/top/tomnomnom/gron) |", - "Description": "Make JSON greppable! ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/gron", - "MacOS": "go get -u github.com/tomnomnom/gron", - "Windows": "go get -u github.com/tomnomnom/gron" - }, - "Method": "JSON", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/tomnomnom/gron", - "MacOS": "go get -u github.com/tomnomnom/gron", - "Windows": "go get -u github.com/tomnomnom/gron" - } - }, - "h2csmuggler": { - "Data": "| Scanner/SMUGGLE | [h2csmuggler](https://github.com/assetnote/h2csmuggler) | HTTP Request Smuggling Detection Tool | ![](https://img.shields.io/github/stars/assetnote/h2csmuggler) | ![](https://img.shields.io/github/languages/top/assetnote/h2csmuggler) |", - "Description": "HTTP Request Smuggling Detection Tool", - "Install": { - "Linux": "git clone https://github.com/BishopFox/h2csmuggler; cd h2csmuggler; pip3 install h2", - "MacOS": "git clone https://github.com/BishopFox/h2csmuggler; cd h2csmuggler; pip3 install h2", - "Windows": "git clone https://github.com/BishopFox/h2csmuggler; cd h2csmuggler; pip3 install h2" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "cd h2csmuggler ; git pull -v", - "MacOS": "cd h2csmuggler ; git pull -v", - "Windows": "cd h2csmuggler ; git pull -v" - } - }, - "hacks": { - "Data": "| ToolBox/ALL | [hacks](https://github.com/tomnomnom/hacks) | A collection of hacks and one-off scripts | ![](https://img.shields.io/github/stars/tomnomnom/hacks) | ![](https://img.shields.io/github/languages/top/tomnomnom/hacks) |", - "Description": "A collection of hacks and one-off scripts ", - "Install": { - "Linux": "git clone https://github.com/tomnomnom/hacks;", - "MacOS": "git clone https://github.com/tomnomnom/hacks;", - "Windows": "git clone https://github.com/tomnomnom/hacks;" - }, - "Method": "ALL", - "Type": "ToolBox", - "Update": { - "Linux": "cd hacks ; git pull -v", - "MacOS": "cd hacks ; git pull -v", - "Windows": "cd hacks ; git pull -v" - } - }, - "hakcheckurl": { - "Data": "| Utility/URL | [hakcheckurl](https://github.com/hakluke/hakcheckurl) | Takes a list of URLs and returns their HTTP response codes | ![](https://img.shields.io/github/stars/hakluke/hakcheckurl) | ![](https://img.shields.io/github/languages/top/hakluke/hakcheckurl) |", - "Description": "Takes a list of URLs and returns their HTTP response codes", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "hakrawler": { - "Data": "| Discovery/URL | [hakrawler](https://github.com/hakluke/hakrawler) | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application | ![](https://img.shields.io/github/stars/hakluke/hakrawler) | ![](https://img.shields.io/github/languages/top/hakluke/hakrawler) |", - "Description": "Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application ", - "Install": { - "Linux": "go get github.com/hakluke/hakrawler", - "MacOS": "go get github.com/hakluke/hakrawler", - "Windows": "go get github.com/hakluke/hakrawler" - }, - "Method": "CRAWL", - "Type": "Discovery", - "Update": { - "Linux": "go get github.com/hakluke/hakrawler", - "MacOS": "go get github.com/hakluke/hakrawler", - "Windows": "go get github.com/hakluke/hakrawler" - } - }, - "hakrevdns": { - "Data": "| Discovery/DNS | [hakrevdns](https://github.com/hakluke/hakrevdns) | Small, fast tool for performing reverse DNS lookups en masse. | ![](https://img.shields.io/github/stars/hakluke/hakrevdns) | ![](https://img.shields.io/github/languages/top/hakluke/hakrevdns) |", - "Description": "Small, fast tool for performing reverse DNS lookups en masse. ", - "Install": { - "Linux": "go get github.com/hakluke/hakrevdns", - "MacOS": "go get github.com/hakluke/hakrevdns", - "Windows": "go get github.com/hakluke/hakrevdns" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "go get github.com/hakluke/hakrevdns", - "MacOS": "go get github.com/hakluke/hakrevdns", - "Windows": "go get github.com/hakluke/hakrevdns" - } - }, - "haktrails": { - "Data": "| Discovery/DNS | [haktrails](https://github.com/hakluke/haktrails) | Golang client for querying SecurityTrails API data | ![](https://img.shields.io/github/stars/hakluke/haktrails) | ![](https://img.shields.io/github/languages/top/hakluke/haktrails) |", - "Description": "Golang client for querying SecurityTrails API data", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "hashcat": { - "Data": "| Utility/CRACK | [hashcat](https://github.com/hashcat/hashcat/) | World's fastest and most advanced password recovery utility | ![](https://img.shields.io/github/stars/hashcat/hashcat/) | ![](https://img.shields.io/github/languages/top/hashcat/hashcat/) |", - "Description": "World's fastest and most advanced password recovery utility ", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CRACK", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "headi": { - "Data": "| Discovery/HTTP | [headi](https://github.com/mlcsec/headi) | Customisable and automated HTTP header injection | ![](https://img.shields.io/github/stars/mlcsec/headi) | ![](https://img.shields.io/github/languages/top/mlcsec/headi) |", - "Description": "Customisable and automated HTTP header injection", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HTTP", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "hetty": { - "Data": "| Army-Knife/PROXY | [hetty](https://github.com/dstotijn/hetty) | Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. | ![](https://img.shields.io/github/stars/dstotijn/hetty) | ![](https://img.shields.io/github/languages/top/dstotijn/hetty) |", - "Description": "Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.", - "Install": { - "Linux": "GO111MODULE=auto go get -u -v github.com/dstotijn/hetty/cmd/hetty", - "MacOS": "GO111MODULE=auto go get -u -v github.com/dstotijn/hetty/cmd/hetty", - "Windows": "go get -u -v github.com/dstotijn/hetty/cmd/hetty" - }, - "Method": "PROXY", - "Type": "Army-Knife", - "Update": { - "Linux": "GO111MODULE=auto go get -u -v github.com/dstotijn/hetty/cmd/hetty", - "MacOS": "GO111MODULE=auto go get -u -v github.com/dstotijn/hetty/cmd/hetty", - "Windows": "go get -u -v github.com/dstotijn/hetty/cmd/hetty" - } - }, - "hinject": { - "Data": "| Utility/PAYLOAD | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker | ![](https://img.shields.io/github/stars/dwisiswant0/hinject) | ![](https://img.shields.io/github/languages/top/dwisiswant0/hinject) |", - "Description": "Host Header Injection Checker ", - "Install": { - "Linux": "go get -u github.com/dwisiswant0/hinject", - "MacOS": "go get -u github.com/dwisiswant0/hinject", - "Windows": "go get -u github.com/dwisiswant0/hinject" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/dwisiswant0/hinject", - "MacOS": "go get -u github.com/dwisiswant0/hinject", - "Windows": "go get -u github.com/dwisiswant0/hinject" - } - }, - "htcat": { - "Data": "| Fetch/HTTP | [htcat](https://github.com/htcat/htcat) | Parallel and Pipelined HTTP GET Utility | ![](https://img.shields.io/github/stars/htcat/htcat) | ![](https://img.shields.io/github/languages/top/htcat/htcat) |", - "Description": "Parallel and Pipelined HTTP GET Utility ", - "Install": { - "Linux": "go get github.com/htcat/htcat/cmd/htcat", - "MacOS": "go get github.com/htcat/htcat/cmd/htcat", - "Windows": "go get github.com/htcat/htcat/cmd/htcat" - }, - "Method": "HTTP", - "Type": "Fetch", - "Update": { - "Linux": "go get github.com/htcat/htcat/cmd/htcat", - "MacOS": "go get github.com/htcat/htcat/cmd/htcat", - "Windows": "go get github.com/htcat/htcat/cmd/htcat" - } - }, - "http-request-smuggler": { - "Data": "| Scanner/SMUGGLE | [http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler) | This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs. | ![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler) | ![](https://img.shields.io/github/languages/top/PortSwigger/http-request-smuggler) |", - "Description": "This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "http-request-smuggling": { - "Data": "| Scanner/SMUGGLE | [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) | HTTP Request Smuggling Detection Tool | ![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling) | ![](https://img.shields.io/github/languages/top/anshumanpattnaik/http-request-smuggling) |", - "Description": "HTTP Request Smuggling Detection Tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "http2smugl": { - "Data": "| Scanner/SMUGGLE | [http2smugl](https://github.com/neex/http2smugl) | This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -\u003e HTTP/1.1 conversion by the frontend server. | ![](https://img.shields.io/github/stars/neex/http2smugl) | ![](https://img.shields.io/github/languages/top/neex/http2smugl) |", - "Description": "This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -\u003e HTTP/1.1 conversion by the frontend server.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "httpie": { - "Data": "| Utility/HTTP | [httpie](https://github.com/httpie/httpie) | As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins \u0026 more. https://twitter.com/httpie | ![](https://img.shields.io/github/stars/httpie/httpie) | ![](https://img.shields.io/github/languages/top/httpie/httpie) |", - "Description": "As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins \u0026 more. https://twitter.com/httpie", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HTTP", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "httprobe": { - "Data": "| Fetch/HTTP | [httprobe](https://github.com/tomnomnom/httprobe) | Take a list of domains and probe for working HTTP and HTTPS servers | ![](https://img.shields.io/github/stars/tomnomnom/httprobe) | ![](https://img.shields.io/github/languages/top/tomnomnom/httprobe) |", - "Description": "Take a list of domains and probe for working HTTP and HTTPS servers ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/httprobe", - "MacOS": "go get -u github.com/tomnomnom/httprobe", - "Windows": "go get -u github.com/tomnomnom/httprobe" - }, - "Method": "HTTP", - "Type": "Fetch", - "Update": { - "Linux": "go get -u github.com/tomnomnom/httprobe", - "MacOS": "go get -u github.com/tomnomnom/httprobe", - "Windows": "go get -u github.com/tomnomnom/httprobe" - } - }, - "httptoolkit": { - "Data": "| Army-Knife/PROXY | [httptoolkit](https://github.com/httptoolkit/httptoolkit) | HTTP Toolkit is a beautiful \u0026 open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux \u0026 Mac | ![](https://img.shields.io/github/stars/httptoolkit/httptoolkit) | ![](https://img.shields.io/github/languages/top/httptoolkit/httptoolkit) |", - "Description": "HTTP Toolkit is a beautiful \u0026 open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux \u0026 Mac", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PROXY", - "Type": "Army-Knife", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "httpx": { - "Data": "| Fetch/HTTP | [httpx](https://github.com/projectdiscovery/httpx) | httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. | ![](https://img.shields.io/github/stars/projectdiscovery/httpx) | ![](https://img.shields.io/github/languages/top/projectdiscovery/httpx) |", - "Description": "httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. ", - "Install": { - "Linux": "GO111MODULE=auto go get -u -v github.com/projectdiscovery/httpx/cmd/httpx", - "MacOS": "GO111MODULE=auto go get -u -v github.com/projectdiscovery/httpx/cmd/httpx", - "Windows": "go get -u -v github.com/projectdiscovery/httpx/cmd/httpx" - }, - "Method": "HTTP", - "Type": "Fetch", - "Update": { - "Linux": "GO111MODULE=auto go get -u -v github.com/projectdiscovery/httpx/cmd/httpx", - "MacOS": "GO111MODULE=auto go get -u -v github.com/projectdiscovery/httpx/cmd/httpx", - "Windows": "go get -u -v github.com/projectdiscovery/httpx/cmd/httpx" - } - }, - "hurl": { - "Data": "| Utility/HTTP | [hurl](https://github.com/Orange-OpenSource/hurl) | Hurl, run and test HTTP requests. | ![](https://img.shields.io/github/stars/Orange-OpenSource/hurl) | ![](https://img.shields.io/github/languages/top/Orange-OpenSource/hurl) |", - "Description": "Hurl, run and test HTTP requests.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HTTP", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "inql": { - "Data": "| Discovery/GQL | [inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing | ![](https://img.shields.io/github/stars/doyensec/inql) | ![](https://img.shields.io/github/languages/top/doyensec/inql) |", - "Description": "InQL - A Burp Extension for GraphQL Security Testing ", - "Install": { - "Linux": "git clone https://github.com/doyensec/inql ; cd inql ; pip3 install -r requirements.txt ; python setup.py install", - "MacOS": "git clone https://github.com/doyensec/inql ; cd inql ; pip3 install -r requirements.txt ; python setup.py install", - "Windows": "git clone https://github.com/doyensec/inql ; cd inql ; pip3 install -r requirements.txt ; python setup.py install" - }, - "Method": "GQL", - "Type": "Discovery", - "Update": { - "Linux": "cd inql ; git pull -v ; pip3 install -r requirements.txt ; python setup.py install", - "MacOS": "cd inql ; git pull -v ; pip3 install -r requirements.txt ; python setup.py install", - "Windows": "cd inql ; git pull -v ; pip3 install -r requirements.txt ; python setup.py install" - } - }, - "interactsh": { - "Data": "| Utility/OAST | [interactsh](https://github.com/projectdiscovery/interactsh) | An OOB interaction gathering server and client library | ![](https://img.shields.io/github/stars/projectdiscovery/interactsh) | ![](https://img.shields.io/github/languages/top/projectdiscovery/interactsh) |", - "Description": "An OOB interaction gathering server and client library", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "OAST", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "intrigue-core": { - "Data": "| Discovery/ALL | [intrigue-core](https://github.com/intrigueio/intrigue-core) | Discover Your Attack Surface | ![](https://img.shields.io/github/stars/intrigueio/intrigue-core) | ![](https://img.shields.io/github/languages/top/intrigueio/intrigue-core) |", - "Description": "Discover Your Attack Surface ", - "Install": { - "Linux": "git clone https://github.com/intrigueio/intrigue-core ; cd intrigue-core ; bundle install", - "MacOS": "git clone https://github.com/intrigueio/intrigue-core ; cd intrigue-core ; bundle install", - "Windows": "git clone https://github.com/intrigueio/intrigue-core ; cd intrigue-core ; bundle install" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "cd intrigue-core ; git pull -v ; bundle install", - "MacOS": "cd intrigue-core ; git pull -v ; bundle install", - "Windows": "cd intrigue-core ; git pull -v ; bundle install" - } - }, - "jaeles": { - "Data": "| Army-Knife/SCAN | [jaeles](https://github.com/jaeles-project/jaeles) | The Swiss Army knife for automated Web Application Testing | ![](https://img.shields.io/github/stars/jaeles-project/jaeles) | ![](https://img.shields.io/github/languages/top/jaeles-project/jaeles) |", - "Description": "The Swiss Army knife for automated Web Application Testing ", - "Install": { - "Linux": "GO111MODULE=on go get github.com/jaeles-project/jaeles", - "MacOS": "GO111MODULE=on go get github.com/jaeles-project/jaeles", - "Windows": "go get github.com/jaeles-project/jaeles" - }, - "Method": "JAELES", - "Type": "Army-Knife", - "Update": { - "Linux": "GO111MODULE=on go get github.com/jaeles-project/jaeles", - "MacOS": "GO111MODULE=on go get github.com/jaeles-project/jaeles", - "Windows": "go get github.com/jaeles-project/jaeles" - } - }, - "jsfuck": { - "Data": "| Utility/PAYLOAD | [jsfuck](https://github.com/aemkei/jsfuck) | Write any JavaScript with 6 Characters | ![](https://img.shields.io/github/stars/aemkei/jsfuck) | ![](https://img.shields.io/github/languages/top/aemkei/jsfuck) |", - "Description": "Write any JavaScript with 6 Characters", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "jsprime": { - "Data": "| Scanner/JS | [jsprime](https://github.com/dpnishant/jsprime) | a javascript static security analysis tool | ![](https://img.shields.io/github/stars/dpnishant/jsprime) | ![](https://img.shields.io/github/languages/top/dpnishant/jsprime) |", - "Description": "a javascript static security analysis tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "JS", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "jwt-cracker": { - "Data": "| Utility/JWT | [jwt-cracker](https://github.com/lmammino/jwt-cracker) | Simple HS256 JWT token brute force cracker | ![](https://img.shields.io/github/stars/lmammino/jwt-cracker) | ![](https://img.shields.io/github/languages/top/lmammino/jwt-cracker) |", - "Description": "Simple HS256 JWT token brute force cracker ", - "Install": { - "Linux": "npm install --global jwt-cracker", - "MacOS": "npm install --global jwt-cracker", - "Windows": "npm install --global jwt-cracker" - }, - "Method": "JWT", - "Type": "Utility", - "Update": { - "Linux": "npm install --global jwt-cracker", - "MacOS": "npm install --global jwt-cracker", - "Windows": "npm install --global jwt-cracker" - } - }, - "jwt-hack": { - "Data": "| Utility/JWT | [jwt-hack](https://github.com/hahwul/jwt-hack) | 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce) | ![](https://img.shields.io/github/stars/hahwul/jwt-hack) | ![](https://img.shields.io/github/languages/top/hahwul/jwt-hack) |", - "Description": "🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)", - "Install": { - "Linux": "go get -u github.com/hahwul/jwt-hack", - "MacOS": "go get -u github.com/hahwul/jwt-hack", - "Windows": "go get -u github.com/hahwul/jwt-hack" - }, - "Method": "JWT", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/hahwul/jwt-hack", - "MacOS": "go get -u github.com/hahwul/jwt-hack", - "Windows": "go get -u github.com/hahwul/jwt-hack" - } - }, - "kiterunner": { - "Data": "| Discovery/API | [kiterunner](https://github.com/assetnote/kiterunner) | Contextual Content Discovery Tool | ![](https://img.shields.io/github/stars/assetnote/kiterunner) | ![](https://img.shields.io/github/languages/top/assetnote/kiterunner) |", - "Description": "Contextual Content Discovery Tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "API", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "knock": { - "Data": "| Discovery/DOMAIN | [knock](https://github.com/guelfoweb/knock) | Knock Subdomain Scan | ![](https://img.shields.io/github/stars/guelfoweb/knock) | ![](https://img.shields.io/github/languages/top/guelfoweb/knock) |", - "Description": "Knock Subdomain Scan ", - "Install": { - "Linux": "git clone https://github.com/guelfoweb/knock ; cd knock ; pip3 install -r requirements.txt ; python setup.py install", - "MacOS": "git clone https://github.com/guelfoweb/knock ; cd knock ; pip3 install -r requirements.txt ; python setup.py install", - "Windows": "git clone https://github.com/guelfoweb/knock ; cd knock ; pip3 install -r requirements.txt ; python setup.py install" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "cd knock ; git pull -v ; pip3 install -r requirements.txt ; python setup.py install", - "MacOS": "cd knock ; git pull -v ; pip3 install -r requirements.txt ; python setup.py install", - "Windows": "cd knock ; git pull -v ; pip3 install -r requirements.txt ; python setup.py install" - } - }, - "lazyrecon": { - "Data": "| Discovery/ALL | [lazyrecon](https://github.com/nahamsec/lazyrecon) | This script is intended to automate your reconnaissance process in an organized fashion | ![](https://img.shields.io/github/stars/nahamsec/lazyrecon) | ![](https://img.shields.io/github/languages/top/nahamsec/lazyrecon) |", - "Description": "This script is intended to automate your reconnaissance process in an organized fashion ", - "Install": { - "Linux": "git clone https://github.com/nahamsec/lazyrecon", - "MacOS": "git clone https://github.com/nahamsec/lazyrecon", - "Windows": "git clone https://github.com/nahamsec/lazyrecon" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "cd lazyrecon ; git pull -v", - "MacOS": "cd lazyrecon ; git pull -v", - "Windows": "cd lazyrecon ; git pull -v" - } - }, - "longtongue": { - "Data": "| Utility/WORD | [longtongue](https://github.com/edoardottt/longtongue) | Customized Password/Passphrase List inputting Target Info | ![](https://img.shields.io/github/stars/edoardottt/longtongue) | ![](https://img.shields.io/github/languages/top/edoardottt/longtongue) |", - "Description": "Customized Password/Passphrase List inputting Target Info", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WORD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "masscan": { - "Data": "| Discovery/PORT | [masscan](https://github.com/robertdavidgraham/masscan) | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | ![](https://img.shields.io/github/stars/robertdavidgraham/masscan) | ![](https://img.shields.io/github/languages/top/robertdavidgraham/masscan) |", - "Description": "TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. ", - "Install": { - "Linux": "git clone https://github.com/robertdavidgraham/masscan ; cd masscan ; apt-get install git gcc make libpcap-dev; make", - "MacOS": "git clone https://github.com/robertdavidgraham/masscan ; cd masscan ; make", - "Windows": "git clone https://github.com/robertdavidgraham/masscan ; cd masscan ; make " - }, - "Method": "PORT", - "Type": "Discovery", - "Update": { - "Linux": "cd masscan ; git pull -v ; make", - "MacOS": "cd masscan ; git pull -v ; make", - "Windows": "cd masscan ; git pull -v ; make" - } - }, - "medusa": { - "Data": "| Discovery/FUZZ | [medusa](https://github.com/riza/medusa) | Fastest recursive HTTP fuzzer, like a Ferrari. | ![](https://img.shields.io/github/stars/riza/medusa) | ![](https://img.shields.io/github/languages/top/riza/medusa) |", - "Description": "Fastest recursive HTTP fuzzer, like a Ferrari. ", - "Install": { - "Linux": "go get -u github.com/riza/medusa", - "MacOS": "go get -u github.com/riza/medusa", - "Windows": "go get -u github.com/riza/medusa" - }, - "Method": "FUZZ", - "Type": "Discovery", - "Update": { - "Linux": "go get -u github.com/riza/medusa", - "MacOS": "go get -u github.com/riza/medusa", - "Windows": "go get -u github.com/riza/medusa" - } - }, - "meg": { - "Data": "| Fetch/HTTP | [meg](https://github.com/tomnomnom/meg) | Fetch many paths for many hosts - without killing the hosts | ![](https://img.shields.io/github/stars/tomnomnom/meg) | ![](https://img.shields.io/github/languages/top/tomnomnom/meg) |", - "Description": "Fetch many paths for many hosts - without killing the hosts ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/meg", - "MacOS": "go get -u github.com/tomnomnom/meg", - "Windows": "go get -u github.com/tomnomnom/meg" - }, - "Method": "HTTP", - "Type": "Fetch", - "Update": { - "Linux": "go get -u github.com/tomnomnom/meg", - "MacOS": "go get -u github.com/tomnomnom/meg", - "Windows": "go get -u github.com/tomnomnom/meg" - } - }, - "megplus": { - "Data": "| Scanner/RECON | [megplus](https://github.com/EdOverflow/megplus) | Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] | ![](https://img.shields.io/github/stars/EdOverflow/megplus) | ![](https://img.shields.io/github/languages/top/EdOverflow/megplus) |", - "Description": "Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] ", - "Install": { - "Linux": "git clone https://github.com/EdOverflow/megplus", - "MacOS": "git clone https://github.com/EdOverflow/megplus", - "Windows": "git clone https://github.com/EdOverflow/megplus" - }, - "Method": "RECON", - "Type": "Scanner", - "Update": { - "Linux": "cd megplus ; git pull -v", - "MacOS": "cd megplus ; git pull -v", - "Windows": "cd megplus ; git pull -v" - } - }, - "naabu": { - "Data": "| Discovery/PORT | [naabu](https://github.com/projectdiscovery/naabu) | A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | ![](https://img.shields.io/github/stars/projectdiscovery/naabu) | ![](https://img.shields.io/github/languages/top/projectdiscovery/naabu) |", - "Description": "A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests ", - "Install": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu", - "Windows": "go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu" - }, - "Method": "PORT", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu", - "Windows": "go get -u -v github.com/projectdiscovery/naabu/v2/cmd/naabu" - } - }, - "nikto": { - "Data": "| Scanner/WVS | [nikto](https://github.com/sullo/nikto) | Nikto web server scanner | ![](https://img.shields.io/github/stars/sullo/nikto) | ![](https://img.shields.io/github/languages/top/sullo/nikto) |", - "Description": "Nikto web server scanner ", - "Install": { - "Linux": "git clone https://github.com/sullo/nikto", - "MacOS": "git clone https://github.com/sullo/nikto", - "Windows": "git clone https://github.com/sullo/nikto" - }, - "Method": "WVS", - "Type": "Scanner", - "Update": { - "Linux": "cd nikto ; git pull -v", - "MacOS": "cd nikto ; git pull -v", - "Windows": "cd nikto ; git pull -v" - } - }, - "nmap": { - "Data": "| Discovery/PORT | [nmap](https://github.com/nmap/nmap) | Nmap - the Network Mapper. Github mirror of official SVN repository. | ![](https://img.shields.io/github/stars/nmap/nmap) | ![](https://img.shields.io/github/languages/top/nmap/nmap) |", - "Description": "Nmap - the Network Mapper. Github mirror of official SVN repository. ", - "Install": { - "Linux": "sudo apt install nmap", - "MacOS": "brew install nmap", - "Windows": "" - }, - "Method": "PORT", - "Type": "Discovery", - "Update": { - "Linux": "sudo apt upgrade nmap", - "MacOS": "brew upgrade nmap", - "Windows": "" - } - }, - "nosqli": { - "Data": "| Scanner/NOSQL | [nosqli](https://github.com/Charlie-belmer/nosqli) | NoSql Injection CLI tool | ![](https://img.shields.io/github/stars/Charlie-belmer/nosqli) | ![](https://img.shields.io/github/languages/top/Charlie-belmer/nosqli) |", - "Description": "NoSql Injection CLI tool", - "Install": { - "Linux": "go get -u github.com/Charlie-belmer/nosqli", - "MacOS": "go get -u github.com/Charlie-belmer/nosqli", - "Windows": "go get -u github.com/Charlie-belmer/nosqli" - }, - "Method": "NOSQL", - "Type": "Scanner", - "Update": { - "Linux": "go get -u github.com/Charlie-belmer/nosqli", - "MacOS": "go get -u github.com/Charlie-belmer/nosqli", - "Windows": "go get -u github.com/Charlie-belmer/nosqli" - } - }, - "nuclei": { - "Data": "| Army-Knife/SCAN | [nuclei](https://github.com/projectdiscovery/nuclei) | Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. | ![](https://img.shields.io/github/stars/projectdiscovery/nuclei) | ![](https://img.shields.io/github/languages/top/projectdiscovery/nuclei) |", - "Description": "Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. ", - "Install": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei", - "Windows": "go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei" - }, - "Method": "SCAN", - "Type": "Army-Knife", - "Update": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei", - "Windows": "go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei" - } - }, - "ob_hacky_slack": { - "Data": "| Utility/NOTIFY | [ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack) | Hacky Slack - a bash script that sends beautiful messages to Slack | ![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack) | ![](https://img.shields.io/github/languages/top/openbridge/ob_hacky_slack) |", - "Description": "Hacky Slack - a bash script that sends beautiful messages to Slack", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "NOTIFY", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "oxml_xxe": { - "Data": "| Utility/PAYLOAD | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes | ![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe) | ![](https://img.shields.io/github/languages/top/BuffaloWill/oxml_xxe) |", - "Description": "A tool for embedding XXE/XML exploits into different filetypes ", - "Install": { - "Linux": "git clone https://github.com/BuffaloWill/oxml_xxe ; cd oxml_xxe ; bundle install", - "MacOS": "git clone https://github.com/BuffaloWill/oxml_xxe ; cd oxml_xxe ; bundle install", - "Windows": "git clone https://github.com/BuffaloWill/oxml_xxe ; cd oxml_xxe ; bundle install" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "cd oxml_xxe ; git pull -v ; bundle install", - "MacOS": "cd oxml_xxe ; git pull -v ; bundle install", - "Windows": "cd oxml_xxe ; git pull -v ; bundle install" - } - }, - "pagodo": { - "Data": "| Discovery/GH | [pagodo](https://github.com/opsdisk/pagodo) | pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching | ![](https://img.shields.io/github/stars/opsdisk/pagodo) | ![](https://img.shields.io/github/languages/top/opsdisk/pagodo) |", - "Description": "pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "GH", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "parameth": { - "Data": "| Discovery/PARAM | [parameth](https://github.com/maK-/parameth) | This tool can be used to brute discover GET and POST parameters | ![](https://img.shields.io/github/stars/maK-/parameth) | ![](https://img.shields.io/github/languages/top/maK-/parameth) |", - "Description": "This tool can be used to brute discover GET and POST parameters", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PARAM", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "pentest-tools": { - "Data": "| ToolBox/ALL | [pentest-tools](https://github.com/gwen001/pentest-tools) | Custom pentesting tools | ![](https://img.shields.io/github/stars/gwen001/pentest-tools) | ![](https://img.shields.io/github/languages/top/gwen001/pentest-tools) |", - "Description": "Custom pentesting tools ", - "Install": { - "Linux": "git clone https://github.com/gwen001/pentest-tools", - "MacOS": "git clone https://github.com/gwen001/pentest-tools", - "Windows": "git clone https://github.com/gwen001/pentest-tools" - }, - "Method": "ALL", - "Type": "ToolBox", - "Update": { - "Linux": "cd pentest-tools ; git pull -v", - "MacOS": "cd pentest-tools ; git pull -v", - "Windows": "cd pentest-tools ; git pull -v" - } - }, - "pet": { - "Data": "| Utility/ANY | [pet](https://github.com/knqyf263/pet) | Simple command-line snippet manager, written in Go. | ![](https://img.shields.io/github/stars/knqyf263/pet) | ![](https://img.shields.io/github/languages/top/knqyf263/pet) |", - "Description": "Simple command-line snippet manager, written in Go.", - "Install": { - "Linux": "git clone https://github.com/knqyf263/pet.git ; cd pet ; make install", - "MacOS": "brew install knqyf263/pet/pet", - "Windows": "" - }, - "Method": "ANY", - "Type": "Utility", - "Update": { - "Linux": "cd pet ; git pull -v ; make install", - "MacOS": "brew upgrade knqyf263/pet/pet", - "Windows": "" - } - }, - "plution": { - "Data": "| Scanner/FUZZ | [plution](https://github.com/raverrr/plution) | Prototype pollution scanner using headless chrome | ![](https://img.shields.io/github/stars/raverrr/plution) | ![](https://img.shields.io/github/languages/top/raverrr/plution) |", - "Description": "Prototype pollution scanner using headless chrome", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "postMessage-tracker": { - "Data": "| Utility/B-ADDON | [postMessage-tracker](https://github.com/fransr/postMessage-tracker) | A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon | ![](https://img.shields.io/github/stars/fransr/postMessage-tracker) | ![](https://img.shields.io/github/languages/top/fransr/postMessage-tracker) |", - "Description": "A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon ", - "Install": { - "Linux": "git clone https://github.com/fransr/postMessage-tracker", - "MacOS": "git clone https://github.com/fransr/postMessage-tracker", - "Windows": "git clone https://github.com/fransr/postMessage-tracker" - }, - "Method": "B-ADDON", - "Type": "Utility", - "Update": { - "Linux": "cd postMessage-tracker ; git pull -v", - "MacOS": "cd postMessage-tracker ; git pull -v", - "Windows": "cd postMessage-tracker ; git pull -v" - } - }, - "ppfuzz": { - "Data": "| Scanner/FUZZ | [ppfuzz](https://github.com/dwisiswant0/ppfuzz) | A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀 | ![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz) | ![](https://img.shields.io/github/languages/top/dwisiswant0/ppfuzz) |", - "Description": "A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "ppmap": { - "Data": "| Scanner/FUZZ | [ppmap](https://github.com/kleiton0x00/ppmap) | A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. | ![](https://img.shields.io/github/stars/kleiton0x00/ppmap) | ![](https://img.shields.io/github/languages/top/kleiton0x00/ppmap) |", - "Description": "A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "proxify": { - "Data": "| Army-Knife/PROXY | [proxify](https://github.com/projectdiscovery/proxify) | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay | ![](https://img.shields.io/github/stars/projectdiscovery/proxify) | ![](https://img.shields.io/github/languages/top/projectdiscovery/proxify) |", - "Description": "Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PROXY", - "Type": "Army-Knife", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "puredns": { - "Data": "| Discovery/DNS | [puredns](https://github.com/d3mondev/puredns) | Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. | ![](https://img.shields.io/github/stars/d3mondev/puredns) | ![](https://img.shields.io/github/languages/top/d3mondev/puredns) |", - "Description": "Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "pwncat": { - "Data": "| Utility/PENTEST | [pwncat](https://github.com/cytopia/pwncat) | pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) | ![](https://img.shields.io/github/stars/cytopia/pwncat) | ![](https://img.shields.io/github/languages/top/cytopia/pwncat) |", - "Description": "pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) ", - "Install": { - "Linux": "pip3 install pwncat", - "MacOS": "brew install pwncat", - "Windows": "" - }, - "Method": "PENTEST", - "Type": "Utility", - "Update": { - "Linux": "pip3 update pwncat", - "MacOS": "brew upgrade pwncat", - "Windows": "" - } - }, - "qsreplace": { - "Data": "| Utility/URL | [qsreplace](https://github.com/tomnomnom/qsreplace) | Accept URLs on stdin, replace all query string values with a user-supplied value | ![](https://img.shields.io/github/stars/tomnomnom/qsreplace) | ![](https://img.shields.io/github/languages/top/tomnomnom/qsreplace) |", - "Description": "Accept URLs on stdin, replace all query string values with a user-supplied value ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/qsreplace", - "MacOS": "go get -u github.com/tomnomnom/qsreplace", - "Windows": "go get -u github.com/tomnomnom/qsreplace" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/tomnomnom/qsreplace", - "MacOS": "go get -u github.com/tomnomnom/qsreplace", - "Windows": "go get -u github.com/tomnomnom/qsreplace" - } - }, - "quickjack": { - "Data": "| Utility/PAYLOAD | [quickjack](https://github.com/samyk/quickjack) | Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks. | ![](https://img.shields.io/github/stars/samyk/quickjack) | ![](https://img.shields.io/github/languages/top/samyk/quickjack) |", - "Description": "Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "rapidscan": { - "Data": "| Scanner/WVS | [rapidscan](https://github.com/skavngr/rapidscan) | The Multi-Tool Web Vulnerability Scanner. | ![](https://img.shields.io/github/stars/skavngr/rapidscan) | ![](https://img.shields.io/github/languages/top/skavngr/rapidscan) |", - "Description": "The Multi-Tool Web Vulnerability Scanner. ", - "Install": { - "Linux": "git clone https://github.com/skavngr/rapidscan", - "MacOS": "git clone https://github.com/skavngr/rapidscan", - "Windows": "git clone https://github.com/skavngr/rapidscan" - }, - "Method": "WVS", - "Type": "Scanner", - "Update": { - "Linux": "cd rapidscan ; git pull -v", - "MacOS": "cd rapidscan ; git pull -v", - "Windows": "cd rapidscan ; git pull -v" - } - }, - "recon_profile": { - "Data": "| Utility/ENV | [recon_profile](https://github.com/nahamsec/recon_profile) | Recon profile (bash profile) for bugbounty | ![](https://img.shields.io/github/stars/nahamsec/recon_profile) | ![](https://img.shields.io/github/languages/top/nahamsec/recon_profile) |", - "Description": "Recon profile (bash profile) for bugbounty ", - "Install": { - "Linux": "git cleon https://github.com/nahamsec/recon_profile", - "MacOS": "git cleon https://github.com/nahamsec/recon_profile", - "Windows": "git cleon https://github.com/nahamsec/recon_profile" - }, - "Method": "ENV", - "Type": "Utility", - "Update": { - "Linux": "cd recon_profile ; git pull -v", - "MacOS": "cd recon_profile ; git pull -v", - "Windows": "cd recon_profile ; git pull -v" - } - }, - "reconftw": { - "Data": "| Discovery/ALL | [reconftw](https://github.com/six2dez/reconftw) | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities | ![](https://img.shields.io/github/stars/six2dez/reconftw) | ![](https://img.shields.io/github/languages/top/six2dez/reconftw) |", - "Description": "reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "rengine": { - "Data": "| Discovery/ALL | [rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. | ![](https://img.shields.io/github/stars/yogeshojha/rengine) | ![](https://img.shields.io/github/languages/top/yogeshojha/rengine) |", - "Description": "reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. ", - "Install": { - "Linux": "git clone https://github.com/yogeshojha/rengine ; cd rengine ; make build", - "MacOS": "git clone https://github.com/yogeshojha/rengine ; cd rengine ; make build", - "Windows": "git clone https://github.com/yogeshojha/rengine ; cd rengine ; make build" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "cd rengine ; git pull -v ; make build", - "MacOS": "cd rengine ; git pull -v ; make build", - "Windows": "cd rengine ; git pull -v ; make build" - } - }, - "rusolver": { - "Data": "| Discovery/DNS | [rusolver](https://github.com/Edu4rdSHL/rusolver) | Fast and accurate DNS resolver. | ![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver) | ![](https://img.shields.io/github/languages/top/Edu4rdSHL/rusolver) |", - "Description": "Fast and accurate DNS resolver.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "s3reverse": { - "Data": "| Utility/S3 | [s3reverse](https://github.com/hahwul/s3reverse) | The format of various s3 buckets is convert in one format. for bugbounty and security testing. | ![](https://img.shields.io/github/stars/hahwul/s3reverse) | ![](https://img.shields.io/github/languages/top/hahwul/s3reverse) |", - "Description": "The format of various s3 buckets is convert in one format. for bugbounty and security testing. ", - "Install": { - "Linux": "go get -u github.com/hahwul/s3reverse", - "MacOS": "go get -u github.com/hahwul/s3reverse", - "Windows": "go get -u github.com/hahwul/s3reverse" - }, - "Method": "S3", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/hahwul/s3reverse", - "MacOS": "go get -u github.com/hahwul/s3reverse", - "Windows": "go get -u github.com/hahwul/s3reverse" - } - }, - "scilla": { - "Data": "| Discovery/ALL | [scilla](https://github.com/edoardottt/scilla) | 🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration | ![](https://img.shields.io/github/stars/edoardottt/scilla) | ![](https://img.shields.io/github/languages/top/edoardottt/scilla) |", - "Description": "🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration", - "Install": { - "Linux": "go get-u github.com/edoardottt/scilla", - "MacOS": "go get-u github.com/edoardottt/scilla", - "Windows": "go get-u github.com/edoardottt/scilla" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "go get-u github.com/edoardottt/scilla", - "MacOS": "go get-u github.com/edoardottt/scilla", - "Windows": "go get-u github.com/edoardottt/scilla" - } - }, - "security-crawl-maze": { - "Data": "| Discovery/URL | [security-crawl-maze](https://github.com/google/security-crawl-maze) | Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document. | ![](https://img.shields.io/github/stars/google/security-crawl-maze) | ![](https://img.shields.io/github/languages/top/google/security-crawl-maze) |", - "Description": "Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "security-research-pocs": { - "Data": "| Utility/PAYLOAD | [security-research-pocs](https://github.com/google/security-research-pocs) | Proof-of-concept codes created as part of security research done by Google Security Team. | ![](https://img.shields.io/github/stars/google/security-research-pocs) | ![](https://img.shields.io/github/languages/top/google/security-research-pocs) |", - "Description": "Proof-of-concept codes created as part of security research done by Google Security Team.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "shuffledns": { - "Data": "| Discovery/DNS | [shuffledns](https://github.com/projectdiscovery/shuffledns) | shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. | ![](https://img.shields.io/github/stars/projectdiscovery/shuffledns) | ![](https://img.shields.io/github/languages/top/projectdiscovery/shuffledns) |", - "Description": "shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. ", - "Install": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns", - "Windows": "go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns", - "Windows": "go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns" - } - }, - "singularity": { - "Data": "| ToolBox/DNS Rebind | [singularity](https://github.com/nccgroup/singularity) | A DNS rebinding attack framework. | ![](https://img.shields.io/github/stars/nccgroup/singularity) | ![](https://img.shields.io/github/languages/top/nccgroup/singularity) |", - "Description": "A DNS rebinding attack framework.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS Rebind", - "Type": "ToolBox", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "slackcat": { - "Data": "| Utility/NOTIFY | [slackcat](https://github.com/bcicen/slackcat) | CLI utility to post files and command output to slack | ![](https://img.shields.io/github/stars/bcicen/slackcat) | ![](https://img.shields.io/github/languages/top/bcicen/slackcat) |", - "Description": "CLI utility to post files and command output to slack", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "NOTIFY", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "smuggler": { - "Data": "| Scanner/SMUGGLE | [smuggler](https://github.com/defparam/smuggler) | Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 | ![](https://img.shields.io/github/stars/defparam/smuggler) | ![](https://img.shields.io/github/languages/top/defparam/smuggler) |", - "Description": "Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 ", - "Install": { - "Linux": "git clone https://github.com/defparam/smuggler", - "MacOS": "git clone https://github.com/defparam/smuggler", - "Windows": "git clone https://github.com/defparam/smuggler" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "cd smuggler ; git pull -v", - "MacOS": "cd smuggler ; git pull -v", - "Windows": "cd smuggler ; git pull -v" - } - }, - "sn0int": { - "Data": "| Discovery/ALL | [sn0int](https://github.com/kpcyrd/sn0int) | Semi-automatic OSINT framework and package manager | ![](https://img.shields.io/github/stars/kpcyrd/sn0int) | ![](https://img.shields.io/github/languages/top/kpcyrd/sn0int) |", - "Description": "Semi-automatic OSINT framework and package manager", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "ALL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "spiderfoot": { - "Data": "| Discovery/OSINT | [spiderfoot](https://github.com/smicallef/spiderfoot) | SpiderFoot automates OSINT collection so that you can focus on analysis. | ![](https://img.shields.io/github/stars/smicallef/spiderfoot) | ![](https://img.shields.io/github/languages/top/smicallef/spiderfoot) |", - "Description": "SpiderFoot automates OSINT collection so that you can focus on analysis.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "OSINT", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "sqliv": { - "Data": "| Scanner/SQLi | [sqliv](https://github.com/the-robot/sqliv) | massive SQL injection vulnerability scanner | ![](https://img.shields.io/github/stars/the-robot/sqliv) | ![](https://img.shields.io/github/languages/top/the-robot/sqliv) |", - "Description": "massive SQL injection vulnerability scanner", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SQLi", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "sqlmap": { - "Data": "| Scanner/SQLi | [sqlmap](https://github.com/sqlmapproject/sqlmap) | Automatic SQL injection and database takeover tool | ![](https://img.shields.io/github/stars/sqlmapproject/sqlmap) | ![](https://img.shields.io/github/languages/top/sqlmapproject/sqlmap) |", - "Description": "Automatic SQL injection and database takeover tool", - "Install": { - "Linux": "sudo apt install sqlmap", - "MacOS": "brew install sqlmap", - "Windows": "" - }, - "Method": "SQLi", - "Type": "Scanner", - "Update": { - "Linux": "sudo apt upgrade sqlmap", - "MacOS": "brew upgrade sqlmap", - "Windows": "" - } - }, - "ssrf-sheriff": { - "Data": "| Scanner/SSRF | [ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff) | A simple SSRF-testing sheriff written in Go | ![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff) | ![](https://img.shields.io/github/languages/top/teknogeek/ssrf-sheriff) |", - "Description": "A simple SSRF-testing sheriff written in Go ", - "Install": { - "Linux": "go get github.com/teknogeek/ssrf-sheriff", - "MacOS": "go get github.com/teknogeek/ssrf-sheriff", - "Windows": "go get github.com/teknogeek/ssrf-sheriff" - }, - "Method": "SSRF", - "Type": "Scanner", - "Update": { - "Linux": "go get github.com/teknogeek/ssrf-sheriff", - "MacOS": "go get github.com/teknogeek/ssrf-sheriff", - "Windows": "go get github.com/teknogeek/ssrf-sheriff" - } - }, - "subfinder": { - "Data": "| Discovery/DOMAIN | [subfinder](https://github.com/projectdiscovery/subfinder) | Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. | ![](https://img.shields.io/github/stars/projectdiscovery/subfinder) | ![](https://img.shields.io/github/languages/top/projectdiscovery/subfinder) |", - "Description": "Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. ", - "Install": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder", - "Windows": "go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder" - }, - "Method": "DOMAIN", - "Type": "Discovery", - "Update": { - "Linux": "GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder", - "MacOS": "GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder", - "Windows": "go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder" - } - }, - "subgen": { - "Data": "| Discovery/DNS | [subgen](https://github.com/pry0cc/subgen) | A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! | ![](https://img.shields.io/github/stars/pry0cc/subgen) | ![](https://img.shields.io/github/languages/top/pry0cc/subgen) |", - "Description": "A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "subjack": { - "Data": "| Discovery/TKOV | [subjack](https://github.com/haccer/subjack) | Subdomain Takeover tool written in Go | ![](https://img.shields.io/github/stars/haccer/subjack) | ![](https://img.shields.io/github/languages/top/haccer/subjack) |", - "Description": "Subdomain Takeover tool written in Go ", - "Install": { - "Linux": "go get github.com/haccer/subjack", - "MacOS": "go get github.com/haccer/subjack", - "Windows": "go get github.com/haccer/subjack" - }, - "Method": "TKOV", - "Type": "Discovery", - "Update": { - "Linux": "go get github.com/haccer/subjack", - "MacOS": "go get github.com/haccer/subjack", - "Windows": "go get github.com/haccer/subjack" - } - }, - "subjs": { - "Data": "| Discovery/JS | [subjs](https://github.com/lc/subjs) | Fetches javascript file from a list of URLS or subdomains. | ![](https://img.shields.io/github/stars/lc/subjs) | ![](https://img.shields.io/github/languages/top/lc/subjs) |", - "Description": "Fetches javascript file from a list of URLS or subdomains.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "JS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "subs_all": { - "Data": "| Utility/WORD | [subs_all](https://github.com/emadshanab/subs_all) | Subdomain Enumeration Wordlist. 8956437 unique words. Updated. | ![](https://img.shields.io/github/stars/emadshanab/subs_all) | ![](https://img.shields.io/github/languages/top/emadshanab/subs_all) |", - "Description": "Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ", - "Install": { - "Linux": "git clone https://github.com/emadshanab/subs_all", - "MacOS": "git clone https://github.com/emadshanab/subs_all", - "Windows": "git clone https://github.com/emadshanab/subs_all" - }, - "Method": "WORD", - "Type": "Utility", - "Update": { - "Linux": "cd subs_all; git pull -v", - "MacOS": "cd subs_all; git pull -v", - "Windows": "cd subs_all; git pull -v" - } - }, - "subzy": { - "Data": "| Discovery/TKOV | [subzy](https://github.com/LukaSikic/subzy) | Subdomain takeover vulnerability checker | ![](https://img.shields.io/github/stars/LukaSikic/subzy) | ![](https://img.shields.io/github/languages/top/LukaSikic/subzy) |", - "Description": "Subdomain takeover vulnerability checker", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "TKOV", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "template-generator": { - "Data": "| Utility/TEMPLATE | [template-generator](https://github.com/fransr/template-generator) | A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. | ![](https://img.shields.io/github/stars/fransr/template-generator) | ![](https://img.shields.io/github/languages/top/fransr/template-generator) |", - "Description": "A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. ", - "Install": { - "Linux": "git clone https://github.com/fransr/template-generator", - "MacOS": "git clone https://github.com/fransr/template-generator", - "Windows": "git clone https://github.com/fransr/template-generator" - }, - "Method": "TEMPLATE", - "Type": "Utility", - "Update": { - "Linux": "cd template-generator ; git pull -v", - "MacOS": "cd template-generator ; git pull -v", - "Windows": "cd template-generator ; git pull -v" - } - }, - "testssl.sh": { - "Data": "| Scanner/SSL | [testssl.sh](https://github.com/drwetter/testssl.sh) | Testing TLS/SSL encryption anywhere on any port | ![](https://img.shields.io/github/stars/drwetter/testssl.sh) | ![](https://img.shields.io/github/languages/top/drwetter/testssl.sh) |", - "Description": "Testing TLS/SSL encryption anywhere on any port ", - "Install": { - "Linux": "git clone https://github.com/drwetter/testssl.sh", - "MacOS": "git clone https://github.com/drwetter/testssl.sh", - "Windows": "git clone https://github.com/drwetter/testssl.sh" - }, - "Method": "SSL", - "Type": "Scanner", - "Update": { - "Linux": "cd testssl.sh ; git pull -v", - "MacOS": "cd testssl.sh ; git pull -v", - "Windows": "cd testssl.sh ; git pull -v" - } - }, - "thc-hydra": { - "Data": "| Scanner/FUZZ | [thc-hydra](https://github.com/vanhauser-thc/thc-hydra) | hydra | ![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra) | ![](https://img.shields.io/github/languages/top/vanhauser-thc/thc-hydra) |", - "Description": "hydra ", - "Install": { - "Linux": "git clone https://github.com/vanhauser-thc/thc-hydra ; cd thc-hydra; ./configure ; make ; make install", - "MacOS": "git clone https://github.com/vanhauser-thc/thc-hydra ; cd thc-hydra; ./configure ; make ; make install", - "Windows": "git clone https://github.com/vanhauser-thc/thc-hydra ; cd thc-hydra; ./configure ; make ; make install" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "cd thc-hydra; git pull -v ; ./configure ; make ; make install", - "MacOS": "cd thc-hydra; git pull -v ; ./configure ; make ; make install", - "Windows": "cd thc-hydra; git pull -v ; ./configure ; make ; make install" - } - }, - "tiscripts": { - "Data": "| Utility/Scripts | [tiscripts](https://github.com/defparam/tiscripts) | Turbo Intruder Scripts | ![](https://img.shields.io/github/stars/defparam/tiscripts) | ![](https://img.shields.io/github/languages/top/defparam/tiscripts) |", - "Description": "Turbo Intruder Scripts", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "Scripts", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "tplmap": { - "Data": "| Scanner/SSTI | [tplmap](https://github.com/epinna/tplmap) | Server-Side Template Injection and Code Injection Detection and Exploitation Tool | ![](https://img.shields.io/github/stars/epinna/tplmap) | ![](https://img.shields.io/github/languages/top/epinna/tplmap) |", - "Description": "Server-Side Template Injection and Code Injection Detection and Exploitation Tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SSTI", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "uncover": { - "Data": "| Discovery/HOST | [uncover](https://github.com/projectdiscovery/uncover) | Quickly discover exposed hosts on the internet using multiple search engine. | ![](https://img.shields.io/github/stars/projectdiscovery/uncover) | ![](https://img.shields.io/github/languages/top/projectdiscovery/uncover) |", - "Description": "Quickly discover exposed hosts on the internet using multiple search engine.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "HOST", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "unfurl": { - "Data": "| Utility/URL | [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin | ![](https://img.shields.io/github/stars/tomnomnom/unfurl) | ![](https://img.shields.io/github/languages/top/tomnomnom/unfurl) |", - "Description": "Pull out bits of URLs provided on stdin ", - "Install": { - "Linux": "go get -u github.com/tomnomnom/unfurl", - "MacOS": "go get -u github.com/tomnomnom/unfurl", - "Windows": "go get -u github.com/tomnomnom/unfurl" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/tomnomnom/unfurl", - "MacOS": "go get -u github.com/tomnomnom/unfurl", - "Windows": "go get -u github.com/tomnomnom/unfurl" - } - }, - "urlgrab": { - "Data": "| Discovery/URL | [urlgrab](https://github.com/IAmStoxe/urlgrab) | A golang utility to spider through a website searching for additional links. | ![](https://img.shields.io/github/stars/IAmStoxe/urlgrab) | ![](https://img.shields.io/github/languages/top/IAmStoxe/urlgrab) |", - "Description": "A golang utility to spider through a website searching for additional links. ", - "Install": { - "Linux": "go get -u github.com/iamstoxe/urlgrab", - "MacOS": "go get -u github.com/iamstoxe/urlgrab", - "Windows": "go get -u github.com/iamstoxe/urlgrab" - }, - "Method": "CRAWL", - "Type": "Discovery", - "Update": { - "Linux": "go get -u github.com/iamstoxe/urlgrab", - "MacOS": "go get -u github.com/iamstoxe/urlgrab", - "Windows": "go get -u github.com/iamstoxe/urlgrab" - } - }, - "urlhunter": { - "Data": "| Discovery/URL | [urlhunter](https://github.com/utkusen/urlhunter) | a recon tool that allows searching on URLs that are exposed via shortener services | ![](https://img.shields.io/github/stars/utkusen/urlhunter) | ![](https://img.shields.io/github/languages/top/utkusen/urlhunter) |", - "Description": "a recon tool that allows searching on URLs that are exposed via shortener services", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "urlprobe": { - "Data": "| Utility/URL | [urlprobe](https://github.com/1ndianl33t/urlprobe) | Urls status code \u0026 content length checker | ![](https://img.shields.io/github/stars/1ndianl33t/urlprobe) | ![](https://img.shields.io/github/languages/top/1ndianl33t/urlprobe) |", - "Description": "Urls status code \u0026 content length checker ", - "Install": { - "Linux": "go get -u github.com/1ndianl33t/urlprobe", - "MacOS": "go get -u github.com/1ndianl33t/urlprobe", - "Windows": "go get -u github.com/1ndianl33t/urlprobe" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "go get -u github.com/1ndianl33t/urlprobe", - "MacOS": "go get -u github.com/1ndianl33t/urlprobe", - "Windows": "go get -u github.com/1ndianl33t/urlprobe" - } - }, - "uro": { - "Data": "| Utility/URL | [uro](https://github.com/s0md3v/uro) | declutters url lists for crawling/pentesting | ![](https://img.shields.io/github/stars/s0md3v/uro) | ![](https://img.shields.io/github/languages/top/s0md3v/uro) |", - "Description": "declutters url lists for crawling/pentesting", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "URL", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "waybackurls": { - "Data": "| Discovery/URL | [waybackurls](https://github.com/tomnomnom/waybackurls) | Fetch all the URLs that the Wayback Machine knows about for a domain | ![](https://img.shields.io/github/stars/tomnomnom/waybackurls) | ![](https://img.shields.io/github/languages/top/tomnomnom/waybackurls) |", - "Description": "Fetch all the URLs that the Wayback Machine knows about for a domain ", - "Install": { - "Linux": "go get github.com/tomnomnom/waybackurls", - "MacOS": "go get github.com/tomnomnom/waybackurls", - "Windows": "go get github.com/tomnomnom/waybackurls" - }, - "Method": "URL", - "Type": "Discovery", - "Update": { - "Linux": "go get github.com/tomnomnom/waybackurls", - "MacOS": "go get github.com/tomnomnom/waybackurls", - "Windows": "go get github.com/tomnomnom/waybackurls" - } - }, - "weaponised-XSS-payloads": { - "Data": "| Utility/PAYLOAD | [weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads) | XSS payloads designed to turn alert(1) into P1 | ![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads) | ![](https://img.shields.io/github/languages/top/hakluke/weaponised-XSS-payloads) |", - "Description": "XSS payloads designed to turn alert(1) into P1", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "web_cache_poison": { - "Data": "| Scanner/CACHE-POISON | [web_cache_poison](https://github.com/fngoo/web_cache_poison) | web cache poison - Top 1 web hacking technique of 2019 | ![](https://img.shields.io/github/stars/fngoo/web_cache_poison) | ![](https://img.shields.io/github/languages/top/fngoo/web_cache_poison) |", - "Description": "web cache poison - Top 1 web hacking technique of 2019", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "CACHE-POISON", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "websocket-connection-smuggler": { - "Data": "| Scanner/SMUGGLE | [websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler) | websocket-connection-smuggler | ![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/websocket-connection-smuggler) |", - "Description": "websocket-connection-smuggler", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "wfuzz": { - "Data": "| Scanner/FUZZ | [wfuzz](https://github.com/xmendez/wfuzz) | Web application fuzzer | ![](https://img.shields.io/github/stars/xmendez/wfuzz) | ![](https://img.shields.io/github/languages/top/xmendez/wfuzz) |", - "Description": "Web application fuzzer ", - "Install": { - "Linux": "pip3 install wfuzz", - "MacOS": "pip3 install wfuzz", - "Windows": "pip3 install wfuzz" - }, - "Method": "FUZZ", - "Type": "Scanner", - "Update": { - "Linux": "pip3 install wfuzz", - "MacOS": "pip3 install wfuzz", - "Windows": "pip3 install wfuzz" - } - }, - "wprecon": { - "Data": "| Scanner/WP | [wprecon](https://github.com/blackcrw/wprecon) | Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. | ![](https://img.shields.io/github/stars/blackcrw/wprecon) | ![](https://img.shields.io/github/languages/top/blackcrw/wprecon) |", - "Description": "Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WP", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "wpscan": { - "Data": "| Scanner/WP | [wpscan](https://github.com/wpscanteam/wpscan) | WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. | ![](https://img.shields.io/github/stars/wpscanteam/wpscan) | ![](https://img.shields.io/github/languages/top/wpscanteam/wpscan) |", - "Description": "WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. ", - "Install": { - "Linux": "gem install wpscan", - "MacOS": "gem install wpscan", - "Windows": "gem install wpscan" - }, - "Method": "WP", - "Type": "Scanner", - "Update": { - "Linux": "gem install wpscan", - "MacOS": "gem install wpscan", - "Windows": "gem install wpscan" - } - }, - "ws-smuggler": { - "Data": "| Scanner/SMUGGLE | [ws-smuggler](https://github.com/hahwul/ws-smuggler) | WebSocket Connection Smuggler | ![](https://img.shields.io/github/stars/hahwul/ws-smuggler) | ![](https://img.shields.io/github/languages/top/hahwul/ws-smuggler) |", - "Description": "WebSocket Connection Smuggler", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "SMUGGLE", - "Type": "Scanner", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "wssip": { - "Data": "| Discovery/WEBSOCK | [wssip](https://github.com/nccgroup/wssip) | Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. | ![](https://img.shields.io/github/stars/nccgroup/wssip) | ![](https://img.shields.io/github/languages/top/nccgroup/wssip) |", - "Description": "Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "WEBSOCK", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "wuzz": { - "Data": "| Fetch/HTTP | [wuzz](https://github.com/asciimoo/wuzz) | Interactive cli tool for HTTP inspection | ![](https://img.shields.io/github/stars/asciimoo/wuzz) | ![](https://img.shields.io/github/languages/top/asciimoo/wuzz) |", - "Description": "Interactive cli tool for HTTP inspection ", - "Install": { - "Linux": "go get github.com/asciimoo/wuzz", - "MacOS": "go get github.com/asciimoo/wuzz", - "Windows": "go get github.com/asciimoo/wuzz" - }, - "Method": "HTTP", - "Type": "Fetch", - "Update": { - "Linux": "go get github.com/asciimoo/wuzz", - "MacOS": "go get github.com/asciimoo/wuzz", - "Windows": "go get github.com/asciimoo/wuzz" - } - }, - "x8": { - "Type": "Discovery", - "Data": "| Discovery/PARAM | [x8](https://github.com/Sh1Yo/x8) | Hidden parameters discovery suite | ![](https://img.shields.io/github/stars/Sh1Yo/x8) | ![](https://img.shields.io/github/languages/top/Sh1Yo/x8) |", - "Method": "PARAM", - "Description": "Hidden parameters discovery suite", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "xsinator.com": { - "Data": "| Utility/XS-Leaks | [xsinator.com](https://github.com/RUB-NDS/xsinator.com) | XS-Leak Browser Test Suite | ![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com) | ![](https://img.shields.io/github/languages/top/RUB-NDS/xsinator.com) |", - "Description": "XS-Leak Browser Test Suite", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "XS-Leaks", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "xss-cheatsheet-data": { - "Data": "| Utility/PAYLOAD | [xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data) | This repository contains all the XSS cheatsheet data to allow contributions from the community. | ![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data) | ![](https://img.shields.io/github/languages/top/PortSwigger/xss-cheatsheet-data) |", - "Description": "This repository contains all the XSS cheatsheet data to allow contributions from the community. ", - "Install": { - "Linux": "git clone https://github.com/PortSwigger/xss-cheatsheet-data", - "MacOS": "git clone https://github.com/PortSwigger/xss-cheatsheet-data", - "Windows": "git clone https://github.com/PortSwigger/xss-cheatsheet-data" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "cd xss-cheatsheet-data ; git pull -v", - "MacOS": "cd xss-cheatsheet-data ; git pull -v", - "Windows": "cd xss-cheatsheet-data ; git pull -v" - } - }, - "xsscrapy": { - "Data": "| Scanner/XSS | [xsscrapy](https://github.com/DanMcInerney/xsscrapy) | XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. | ![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy) | ![](https://img.shields.io/github/languages/top/DanMcInerney/xsscrapy) |", - "Description": "XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. ", - "Install": { - "Linux": "git clone https://github.com/DanMcInerney/xsscrapy.git ; cd xsscrapy; pip install -r requirements.txt", - "MacOS": "git clone https://github.com/DanMcInerney/xsscrapy.git ; cd xsscrapy; pip install -r requirements.txt", - "Windows": "git clone https://github.com/DanMcInerney/xsscrapy.git ; cd xsscrapy; pip install -r requirements.txt" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "cd xsscrapy; git pull -v ; pip install -r requirements.txt", - "MacOS": "cd xsscrapy; git pull -v ; pip install -r requirements.txt", - "Windows": "cd xsscrapy; git pull -v ; pip install -r requirements.txt" - } - }, - "xsser": { - "Data": "| Scanner/XSS | [xsser](https://github.com/epsylon/xsser) | Cross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. | ![](https://img.shields.io/github/stars/epsylon/xsser) | ![](https://img.shields.io/github/languages/top/epsylon/xsser) |", - "Description": "Cross Site \"Scripter\" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. ", - "Install": { - "Linux": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install", - "MacOS": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install", - "Windows": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install" - }, - "Method": "XSS", - "Type": "Scanner", - "Update": { - "Linux": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install", - "MacOS": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install", - "Windows": "git clone https://github.com/epsylon/xsser ; cd xsser ; python3 setup.py install" - } - }, - "xssor2": { - "Data": "| Utility/PAYLOAD | [xssor2](https://github.com/evilcos/xssor2) | XSS'OR - Hack with JavaScript. | ![](https://img.shields.io/github/stars/evilcos/xssor2) | ![](https://img.shields.io/github/languages/top/evilcos/xssor2) |", - "Description": "XSS'OR - Hack with JavaScript.", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "xxeserv": { - "Data": "| Utility/PAYLOAD | [xxeserv](https://github.com/staaldraad/xxeserv) | A mini webserver with FTP support for XXE payloads | ![](https://img.shields.io/github/stars/staaldraad/xxeserv) | ![](https://img.shields.io/github/languages/top/staaldraad/xxeserv) |", - "Description": "A mini webserver with FTP support for XXE payloads", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "ysoserial": { - "Data": "| Utility/PAYLOAD | [ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | ![](https://img.shields.io/github/stars/frohoff/ysoserial) | ![](https://img.shields.io/github/languages/top/frohoff/ysoserial) |", - "Description": "A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. ", - "Install": { - "Linux": "git clone https://github.com/frohoff/ysoserial", - "MacOS": "git clone https://github.com/frohoff/ysoserial", - "Windows": "git clone https://github.com/frohoff/ysoserial" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "cd ysoserial ; git pull -v", - "MacOS": "cd ysoserial ; git pull -v", - "Windows": "cd ysoserial ; git pull -v" - } - }, - "ysoserial.net": { - "Data": "| Utility/PAYLOAD | [ysoserial.net](https://github.com/pwntester/ysoserial.net) | Deserialization payload generator for a variety of .NET formatters | ![](https://img.shields.io/github/stars/pwntester/ysoserial.net) | ![](https://img.shields.io/github/languages/top/pwntester/ysoserial.net) |", - "Description": "Deserialization payload generator for a variety of .NET formatters ", - "Install": { - "Linux": "git clone https://github.com/pwntester/ysoserial.net", - "MacOS": "git clone https://github.com/pwntester/ysoserial.net", - "Windows": "git clone https://github.com/pwntester/ysoserial.net" - }, - "Method": "PAYLOAD", - "Type": "Utility", - "Update": { - "Linux": "cd ysoserial.net ; git pull -v", - "MacOS": "cd ysoserial.net ; git pull -v", - "Windows": "cd ysoserial.net ; git pull -v" - } - }, - "zap-cli": { - "Data": "| Scanner/WVS | [zap-cli](https://github.com/Grunny/zap-cli) | A simple tool for interacting with OWASP ZAP from the commandline. | ![](https://img.shields.io/github/stars/Grunny/zap-cli) | ![](https://img.shields.io/github/languages/top/Grunny/zap-cli) |", - "Description": "A simple tool for interacting with OWASP ZAP from the commandline. ", - "Install": { - "Linux": "pip3 install --upgrade zapcli", - "MacOS": "pip3 install --upgrade zapcli", - "Windows": "pip3 install --upgrade zapcli" - }, - "Method": "WVS", - "Type": "Scanner", - "Update": { - "Linux": "pip3 install --upgrade zapcli", - "MacOS": "pip3 install --upgrade zapcli", - "Windows": "pip3 install --upgrade zapcli" - } - }, - "zaproxy": { - "Data": "| Army-Knife/PROXY | [zaproxy](https://github.com/zaproxy/zaproxy) | The OWASP ZAP core project | ![](https://img.shields.io/github/stars/zaproxy/zaproxy) | ![](https://img.shields.io/github/languages/top/zaproxy/zaproxy) |", - "Description": "The OWASP ZAP core project", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "PROXY", - "Type": "Army-Knife", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - }, - "zdns": { - "Data": "| Discovery/DNS | [zdns](https://github.com/zmap/zdns) | Fast CLI DNS Lookup Tool | ![](https://img.shields.io/github/stars/zmap/zdns) | ![](https://img.shields.io/github/languages/top/zmap/zdns) |", - "Description": "Fast CLI DNS Lookup Tool", - "Install": { - "Linux": "", - "MacOS": "", - "Windows": "" - }, - "Method": "DNS", - "Type": "Discovery", - "Update": { - "Linux": "", - "MacOS": "", - "Windows": "" - } - } -} \ No newline at end of file From d8ac0c25b8fde988998c07688021a0011083aca7 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:41:54 +0900 Subject: [PATCH 27/42] Update CONTRIBUTING --- CONTRIBUTING.md | 96 +++++++++++-------------------------------------- 1 file changed, 21 insertions(+), 75 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ae29152..07bc0e2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,82 +1,28 @@ # Contribute -## Fork and Build Contribute tools -First, fork this repository +## Fork Repository +Fork this repository ![1414](https://user-images.githubusercontent.com/13212227/98445633-fd479700-215b-11eb-876f-fcc82a010bb6.png) -Second, Clone forked repo and compile `add-tool` and `distribute-readme` using `make` command: -``` -$ git clone https://github.com/{your-id}/WebHackersWeaponse -$ cd WebHackersWeaponse +## Write `./weapons/.yaml` and PR it +Write YAML Code. +```yaml +--- +name: App Name +description: App Description +url: App URL # https://github.com/hahwul/dalfox +category: tool # tool / tool-addon / browser-addon / bookmarklet +types: [] # fuzzer / scanner / enum / etc... +platform: +- linux # linux +- macos # macos application +- windows # windows application +- zap # zap addon +- burpsuite # burpsuite addon +# If supported crossplatform, you write out all three (linux/macos/windows) +lang: [] +tags: [] ``` -```bash -$ make contribute -``` - -## Add new tool -### First, your tool append `data.json` using `add-tool -Usage -``` -./add-tool -Usage of ./add-tool: - -isFirst - if you add new type, it use - -url string - any url -``` - -E.g -``` -$ ./add-tool -url https://github.com/sqlmapproject/sqlmap -Successfully Opened type.lst -[0] Army-Knife -[1] Discovery -[2] Fetch -[3] Scanner -[4] Utility -[+] What is type? -3 -Scanner -[+] What is method(e.g XSS, WVS, SSL, ETC..)? -SQL -Successfully Opened data.json -``` - -And if you want to add an install / update script for whw-tools, please open data.json and fill out the additional parts. -![1416](https://user-images.githubusercontent.com/13212227/98445636-0173b480-215c-11eb-8390-5dca78e0f79b.png) - -### Second, Give me PR or Add issue with data.json
![1415](https://user-images.githubusercontent.com/13212227/98445635-00db1e00-215c-11eb-8a59-d7d21dd98db0.png) -### Third, There's no third. - -### Asciinema video -[![asciicast](https://asciinema.org/a/318456.svg)](https://asciinema.org/a/318456) - -## Add Other type tools -(`Burp Suite or ZAP Extensions`, `Bookmarklets`, `Browser Extensions`) - -### First, add-tool in -``` -$ cd {Other directory} -``` -e.g : `./WebHackersWeapons/Burp and ZAP Extensions`, `./Bookmarklets`, `./Browser Extensions` - -``` -$ ../add-tool -url https://github.com/nccgroup/BurpSuiteLoggerPlusPlus -``` - -### Second, PR data.json - -## Distruibute (only for me) -### Distribute to common tools -``` -$ ./distribute-readme -=> show new README file -``` - -### Distribute to Another directory -``` -$ ../distribute-readme -=> show new README file in Burp Suite or ZAP Extensions -``` +### Third, There's no third. \ No newline at end of file From 7867f68e9e1174b0140733252de3f65d17b925b4 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:42:24 +0900 Subject: [PATCH 28/42] y --- CONTRIBUTING.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 07bc0e2..6668d47 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,7 +1,6 @@ # Contribute ## Fork Repository -Fork this repository -![1414](https://user-images.githubusercontent.com/13212227/98445633-fd479700-215b-11eb-876f-fcc82a010bb6.png) +Fork this repository :D ## Write `./weapons/.yaml` and PR it Write YAML Code. From 376f533ee97f11a8a607bf10a04bd0d2faecf7a2 Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:43:00 +0900 Subject: [PATCH 29/42] Update --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6668d47..ccb44ce 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,8 +1,8 @@ -# Contribute -## Fork Repository +## Contribute +### First, Fork Repository Fork this repository :D -## Write `./weapons/.yaml` and PR it +### Second, Write `./weapons/.yaml` and PR it Write YAML Code. ```yaml --- From 9b4048ccb29415081968ea72f729d00fcf902d2e Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:43:44 +0900 Subject: [PATCH 30/42] Update --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ccb44ce..c80bbb4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,7 +2,7 @@ ### First, Fork Repository Fork this repository :D -### Second, Write `./weapons/.yaml` and PR it +### Second, Write `./weapons/.yaml` and Commit/PR Write YAML Code. ```yaml --- From 645a715b0000bf901b7a16138969be0afbe4c93c Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:48:01 +0900 Subject: [PATCH 31/42] Update --- CONTRIBUTING.md | 3 +++ README.md | 2 ++ scripts/erb.rb | 2 ++ 3 files changed, 7 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c80bbb4..e61da3d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,6 +15,9 @@ platform: - linux # linux - macos # macos application - windows # windows application +- firefox # firefox addon +- safari # safari addon +- chrome # chrome addon - zap # zap addon - burpsuite # burpsuite addon # If supported crossplatform, you write out all three (linux/macos/windows) diff --git a/README.md b/README.md index f63d1ff..5057975 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,8 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons +> Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) + ### Tools | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | diff --git a/scripts/erb.rb b/scripts/erb.rb index b7e9565..cd699ae 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -53,6 +53,8 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons +> Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) + ### Tools <%= tools %> From 797e90884f1a0db78fce7e6051e435a0b2bdd5cb Mon Sep 17 00:00:00 2001 From: hahwul Date: Wed, 17 Aug 2022 23:49:04 +0900 Subject: [PATCH 32/42] y --- README.md | 4 +++- scripts/erb.rb | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5057975..e1d14be 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,9 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons -> Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) +- OS: Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) +- Browser-Addon: Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) +- Tool-Addon: ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) ### Tools | Type | Name | Description | Badges | Popularity | diff --git a/scripts/erb.rb b/scripts/erb.rb index cd699ae..d30d5d4 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -53,7 +53,9 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons -> Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) +- OS: Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) +- Browser-Addon: Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) +- Tool-Addon: ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) ### Tools <%= tools %> From f59af59f5547ee1e31e9781744827624b5be8bf0 Mon Sep 17 00:00:00 2001 From: hahwul Date: Thu, 18 Aug 2022 00:45:37 +0900 Subject: [PATCH 33/42] Update --- CONTRIBUTING.md | 2 +- README.md | 588 +++++++++--------- scripts/erb.rb | 2 +- weapons/230-OOB.yaml | 7 +- weapons/3klCon.yaml | 7 +- weapons/AWSBucketDump.yaml | 7 +- weapons/Amass.yaml | 3 +- weapons/Arjun.yaml | 2 +- weapons/Assetnote_Wordlists.yaml | 2 +- weapons/Atlas.yaml | 2 +- weapons/AuthMatrix.yaml | 2 +- weapons/Autorize.yaml | 2 +- weapons/Blacklist3r.yaml | 7 +- weapons/BruteX.yaml | 7 +- weapons/Bug-Bounty-Toolz.yaml | 7 +- weapons/BurpBounty.yaml | 2 +- weapons/BurpCustomizer.yaml | 2 +- weapons/BurpJSLinkFinder.yaml | 2 +- weapons/BurpSuite-Secret_Finder.yaml | 2 +- weapons/BurpSuite.yaml | 7 +- weapons/BurpSuiteHTTPSmuggler.yaml | 2 +- weapons/BurpSuiteLoggerPlusPlus.yaml | 2 +- weapons/CSP_Evaluator.yaml | 2 +- weapons/CT_subdomains.yaml | 2 +- weapons/Chaos_Web.yaml | 7 +- .../Chromium-based-XSS-Taint-Tracking.yaml | 2 +- weapons/CorsMe.yaml | 2 +- weapons/Corsy.yaml | 2 +- weapons/CyberChef.yaml | 2 +- weapons/DNSDumpster.yaml | 2 +- weapons/DOMPurify.yaml | 2 +- weapons/DSSS.yaml | 2 +- weapons/Dark_Reader.yaml | 2 +- weapons/Dark_Reader_for_Safari.yaml | 2 +- weapons/DeepViolet.yaml | 2 +- weapons/DirDar.yaml | 2 +- weapons/DotGit.yaml | 2 +- weapons/Edit-This-Cookie.yaml | 2 +- weapons/Emissary.yaml | 2 +- weapons/FavFreak.yaml | 2 +- weapons/Findsploit.yaml | 2 +- weapons/Gf-Patterns.yaml | 2 +- weapons/GitMiner.yaml | 2 +- weapons/Gopherus.yaml | 2 +- weapons/GraphQLmap.yaml | 2 +- weapons/HRS.yaml | 2 +- weapons/HUNT.yaml | 2 +- weapons/Hack-Tools.yaml | 2 +- weapons/HydraRecon.yaml | 2 +- weapons/IntruderPayloads.yaml | 2 +- weapons/JSFScan.sh.yaml | 2 +- weapons/LFISuite.yaml | 2 +- weapons/LinkFinder.yaml | 2 +- weapons/MM3_ProxySwitch.yaml | 2 +- weapons/NoSQLMap.yaml | 2 +- weapons/OneForAll.yaml | 2 +- weapons/OpenRedireX.yaml | 2 +- weapons/Osmedeus.yaml | 2 +- weapons/PPScan.yaml | 2 +- weapons/ParamSpider.yaml | 2 +- weapons/Parth.yaml | 2 +- weapons/PayloadsAllTheThings.yaml | 2 +- weapons/Phoenix.yaml | 2 +- weapons/Photon.yaml | 2 +- weapons/PoC-in-GitHub.yaml | 2 +- weapons/RustScan.yaml | 2 +- weapons/S3Scanner.yaml | 2 +- weapons/SQLNinja.yaml | 2 +- weapons/SQL_Ninja.yaml | 2 +- weapons/SSRFmap.yaml | 2 +- weapons/STEWS.yaml | 2 +- weapons/SecLists.yaml | 2 +- weapons/SecretFinder.yaml | 2 +- weapons/SecurityTrails.yaml | 2 +- weapons/SequenceDiagram.yaml | 2 +- weapons/Shodan.yaml | 2 +- weapons/Silver.yaml | 2 +- weapons/Sn1per.yaml | 2 +- weapons/Stepper.yaml | 2 +- weapons/Striker.yaml | 2 +- weapons/SubOver.yaml | 2 +- weapons/Sublist3r.yaml | 2 +- weapons/Taipan.yaml | 2 +- weapons/TukTuk.yaml | 2 +- weapons/User-Agent_Switcher.yaml | 2 +- weapons/VHostScan.yaml | 2 +- weapons/Wayback_Machine.yaml | 2 +- weapons/Web-Cache-Vulnerability-Scanner.yaml | 2 +- weapons/XSRFProbe.yaml | 2 +- weapons/XSStrike.yaml | 2 +- weapons/XSpear.yaml | 2 +- weapons/XXEinjector.yaml | 2 +- weapons/a2sv.yaml | 2 +- weapons/altdns.yaml | 2 +- weapons/anew.yaml | 2 +- weapons/apkleaks.yaml | 2 +- weapons/aquatone.yaml | 2 +- weapons/arachni.yaml | 3 +- weapons/assetfinder.yaml | 2 +- weapons/attack-surface-detector-zap.yaml | 2 +- weapons/auto-repeater.yaml | 2 +- weapons/autochrome.yaml | 2 +- weapons/axiom.yaml | 3 +- weapons/bat.yaml | 7 +- weapons/boast.yaml | 7 +- weapons/bountyplz.yaml | 4 +- weapons/burl.yaml | 2 +- weapons/burp-exporter.yaml | 2 +- weapons/burp-piper.yaml | 2 +- weapons/burp-retire-js.yaml | 2 +- weapons/burp-send-to.yaml | 2 +- weapons/c-jwt-cracker.yaml | 2 +- weapons/can-i-take-over-xyz.yaml | 7 +- weapons/cariddi.yaml | 7 +- weapons/cc.py.yaml | 2 +- weapons/cf-check.yaml | 2 +- weapons/chaos-client.yaml | 2 +- weapons/clear-cache.yaml | 2 +- weapons/collaborator-everywhere.yaml | 2 +- weapons/commix.yaml | 7 +- weapons/community-scripts.yaml | 2 +- weapons/confused.yaml | 7 +- weapons/cookie-quick-manager.yaml | 2 +- weapons/corsair_scan.yaml | 7 +- weapons/crawlergo.yaml | 7 +- weapons/crlfuzz.yaml | 2 +- weapons/csp-auditor.yaml | 2 +- weapons/curl.yaml | 2 +- weapons/dalfox.yaml | 2 +- weapons/dirsearch.yaml | 2 +- weapons/ditto.yaml | 2 +- weapons/dmut.yaml | 2 +- weapons/dnsobserver.yaml | 2 +- weapons/dnsprobe.yaml | 2 +- weapons/dnsvalidator.yaml | 2 +- weapons/dnsx.yaml | 2 +- weapons/docem.yaml | 2 +- weapons/domdig.yaml | 2 +- weapons/dontgo403.yaml | 2 +- weapons/dotdotpwn.yaml | 2 +- weapons/eval_villain.yaml | 2 +- weapons/ezXSS.yaml | 2 +- weapons/femida.yaml | 2 +- weapons/feroxbuster.yaml | 2 +- weapons/ffuf.yaml | 2 +- weapons/fhc.yaml | 2 +- weapons/findom-xss.yaml | 2 +- weapons/findomain.yaml | 2 +- weapons/fockcache.yaml | 2 +- weapons/fuzzparam.yaml | 2 +- weapons/fzf.yaml | 2 +- weapons/gau.yaml | 2 +- weapons/gauplus.yaml | 2 +- weapons/gee.yaml | 2 +- weapons/getJS.yaml | 2 +- weapons/gf.yaml | 2 +- weapons/gitGraber.yaml | 2 +- weapons/github-endpoints.yaml | 2 +- weapons/github-regexp.yaml | 2 +- weapons/github-search.yaml | 2 +- weapons/github-subdomains.yaml | 2 +- weapons/gitleaks.yaml | 2 +- weapons/gitls.yaml | 2 +- weapons/gitrob.yaml | 2 +- weapons/go-dork.yaml | 2 +- weapons/gobuster.yaml | 2 +- weapons/gospider.yaml | 2 +- weapons/gotator.yaml | 2 +- weapons/gotestwaf.yaml | 2 +- weapons/gowitness.yaml | 2 +- weapons/graphql-voyager.yaml | 2 +- weapons/grc.yaml | 2 +- weapons/grex.yaml | 2 +- weapons/gron.yaml | 2 +- weapons/h2csmuggler.yaml | 2 +- weapons/hacks.yaml | 2 +- weapons/hakcheckurl.yaml | 2 +- weapons/hakrawler.yaml | 2 +- weapons/hakrevdns.yaml | 2 +- weapons/haktrails.yaml | 2 +- weapons/hashcat.yaml | 2 +- weapons/headi.yaml | 2 +- weapons/hetty.yaml | 2 +- weapons/hinject.yaml | 2 +- weapons/htcat.yaml | 2 +- weapons/http-request-smuggler.yaml | 2 +- weapons/http-request-smuggling.yaml | 2 +- weapons/http-script-generator.yaml | 2 +- weapons/http2smugl.yaml | 2 +- weapons/httpie.yaml | 2 +- weapons/httprobe.yaml | 2 +- weapons/httptoolkit.yaml | 2 +- weapons/httpx.yaml | 2 +- weapons/hurl.yaml | 2 +- weapons/inql.yaml | 2 +- weapons/interactsh.yaml | 2 +- weapons/intrigue-core.yaml | 2 +- weapons/jaeles.yaml | 2 +- weapons/jsfuck.yaml | 2 +- weapons/jsonwebtoken.github.io.yaml | 2 +- weapons/jsprime.yaml | 2 +- weapons/jwt-cracker.yaml | 2 +- weapons/jwt-hack.yaml | 2 +- weapons/kiterunner.yaml | 2 +- weapons/knife.yaml | 2 +- weapons/knock.yaml | 2 +- weapons/lazyrecon.yaml | 2 +- weapons/longtongue.yaml | 2 +- weapons/masscan.yaml | 2 +- weapons/medusa.yaml | 2 +- weapons/meg.yaml | 2 +- weapons/megplus.yaml | 2 +- weapons/naabu.yaml | 2 +- weapons/nikto.yaml | 2 +- weapons/nmap.yaml | 2 +- weapons/nosqli.yaml | 2 +- weapons/nuclei.yaml | 2 +- weapons/ob_hacky_slack.yaml | 2 +- weapons/owasp-zap-jwt-addon.yaml | 2 +- weapons/oxml_xxe.yaml | 2 +- weapons/pagodo.yaml | 2 +- weapons/param-miner.yaml | 2 +- weapons/parameth.yaml | 2 +- weapons/pentest-tools.yaml | 2 +- weapons/pet.yaml | 2 +- weapons/plution.yaml | 2 +- weapons/postMessage-tracker.yaml | 2 +- weapons/ppfuzz.yaml | 2 +- weapons/ppmap.yaml | 2 +- weapons/proxify.yaml | 2 +- weapons/puredns.yaml | 2 +- weapons/pwncat.yaml | 2 +- weapons/qsreplace.yaml | 2 +- weapons/quickjack.yaml | 2 +- weapons/rapidscan.yaml | 2 +- weapons/recon_profile.yaml | 2 +- weapons/reconftw.yaml | 2 +- weapons/reflect.yaml | 2 +- weapons/reflected-parameters.yaml | 2 +- weapons/rengine.yaml | 2 +- weapons/rusolver.yaml | 2 +- weapons/s3reverse.yaml | 2 +- weapons/safecopy.yaml | 2 +- weapons/scilla.yaml | 2 +- weapons/security-crawl-maze.yaml | 2 +- weapons/security-research-pocs.yaml | 2 +- weapons/shuffledns.yaml | 2 +- weapons/singularity.yaml | 2 +- weapons/slackcat.yaml | 2 +- weapons/smuggler.yaml | 2 +- weapons/sn0int.yaml | 2 +- weapons/spiderfoot.yaml | 2 +- weapons/sqliv.yaml | 2 +- weapons/sqlmap.yaml | 2 +- weapons/ssrf-sheriff.yaml | 2 +- weapons/subfinder.yaml | 2 +- weapons/subgen.yaml | 2 +- weapons/subjack.yaml | 2 +- weapons/subjs.yaml | 2 +- weapons/subs_all.yaml | 2 +- weapons/subzy.yaml | 2 +- weapons/taborator.yaml | 2 +- weapons/template-generator.yaml | 2 +- weapons/testssl.sh.yaml | 2 +- weapons/thc-hydra.yaml | 2 +- weapons/tiscripts.yaml | 2 +- weapons/tplmap.yaml | 2 +- weapons/turbo-intruder.yaml | 2 +- weapons/uncover.yaml | 2 +- weapons/unfurl.yaml | 2 +- weapons/urlgrab.yaml | 2 +- weapons/urlhunter.yaml | 2 +- weapons/urlprobe.yaml | 2 +- weapons/uro.yaml | 2 +- weapons/waybackurls.yaml | 2 +- weapons/weaponised-XSS-payloads.yaml | 2 +- weapons/web_cache_poison.yaml | 2 +- weapons/websocket-connection-smuggler.yaml | 2 +- weapons/wfuzz.yaml | 2 +- weapons/wprecon.yaml | 2 +- weapons/wpscan.yaml | 2 +- weapons/ws-smuggler.yaml | 2 +- weapons/wssip.yaml | 2 +- weapons/wuzz.yaml | 2 +- weapons/x8.yaml | 2 +- weapons/xsinator.com.yaml | 2 +- weapons/xss-cheatsheet-data.yaml | 2 +- weapons/xsscrapy.yaml | 2 +- weapons/xsser.yaml | 2 +- weapons/xssor2.yaml | 2 +- weapons/xxeserv.yaml | 2 +- weapons/ysoserial.net.yaml | 2 +- weapons/ysoserial.yaml | 2 +- weapons/zap-cli.yaml | 2 +- weapons/zap-hud.yaml | 2 +- weapons/zaproxy.yaml | 2 +- weapons/zdns.yaml | 2 +- 297 files changed, 659 insertions(+), 606 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e61da3d..53e663f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ name: App Name description: App Description url: App URL # https://github.com/hahwul/dalfox category: tool # tool / tool-addon / browser-addon / bookmarklet -types: [] # fuzzer / scanner / enum / etc... +type: # fuzzer / scanner / enum / etc... platform: - linux # linux - macos # macos application diff --git a/README.md b/README.md index e1d14be..b384567 100644 --- a/README.md +++ b/README.md @@ -31,254 +31,254 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Tools | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| -|[]|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| -|[]|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| -|[]|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| -|[]|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| -|[]|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| -|[]|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| -|[]|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| -|[]|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| -|[]|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| -|[]|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| -|[]|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| -|[]|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| -|[]|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets||![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| -|[]|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)||x| -|[]|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| -|[]|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| -|[]|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| -|[]|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| -|[]|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| -|[]|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| -|[]|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| -|[]|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| -|[]|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| -|[]|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| -|[]|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| -|[]|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| -|[]|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| -|[]|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| -|[]|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| -|[]|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| -|[]|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| -|[]|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| -|[]|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| -|[]|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| -|[]|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| -|[]|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| -|[]|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| -|[]|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| -|[]|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| -|[]|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| -|[]|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| -|[]|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| -|[]|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| -|[]|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| -|[]|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| -|[]|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| -|[]|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| -|[]|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| -|[]|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| -|[]|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| -|[]|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| -|[]|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| -|[]|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| -|[]|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| -|[]|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| -|[]|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| -|[]|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| -|[]|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| -|[]|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| -|[]|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| -|[]|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| -|[]|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| -|[]|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| -|[]|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| -|[]|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| -|[]|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| -|[]|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| -|[]|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| -|[]|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| -|[]|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| -|[]|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| -|[]|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| -|[]|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| -|[]|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| -|[]|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| -|[]|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| -|[]|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| -|[]|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| -|[]|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| -|[]|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| -|[]|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| -|[]|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| -|[]|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| -|[]|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| -|[]|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| -|[]|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| -|[]|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| -|[]|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| -|[]|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| -|[]|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| -|[]|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| -|[]|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| -|[]|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).||![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| -|[]|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| -|[]|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| -|[]|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| -|[]|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| -|[]|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| -|[]|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| -|[]|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| -|[]|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| -|[]|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| -|[]|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| -|[]|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| -|[]|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| -|[]|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| -|[]|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| -|[]|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| -|[]|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| -|[]|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| -|[]|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| -|[]|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| -|[]|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| -|[]|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| -|[]|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| -|[]|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| -|[]|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| -|[]|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| -|[]|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| -|[]|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| -|[]|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| -|[]|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| -|[]|[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| -|[]|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| -|[]|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| -|[]|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| -|[]|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| -|[]|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.||![](https://img.shields.io/github/stars/lc/230-OOB)| -|[]|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| -|[]|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| -|[]|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| -|[]|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| -|[]|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| -|[]|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| -|[]|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| -|[]|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| -|[]|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| -|[]|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners||![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| -|[]|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| -|[]|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| -|[]|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| -|[]|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)||![](https://img.shields.io/github/stars/marcoagner/boast)| -|[]|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| -|[]|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...||![](https://img.shields.io/github/stars/edoardottt/cariddi)| -|[]|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| -|[]|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack)| -|[]|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| -|[]|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| -|[]|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| -|[]|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| -|[]|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| -|[]|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| -|[]|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| -|[]|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| -|[]|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools ||![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| -|[]|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| -|[]|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| -|[]|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| -|[]|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| -|[]|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| -|[]|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| -|[]|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| -|[]|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| -|[]|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| -|[]|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| -|[]|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -|[]|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| -|[]|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| -|[]|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| -|[]|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| -|[]|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![macos](./images/apple.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| -|[]|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| -|[]|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| -|[]|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.||![](https://img.shields.io/github/stars/commixproject/commix)| -|[]|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| -|[]|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| -|[]|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| -|[]|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| -|[]|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| -|[]|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| -|[]|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| -|[]|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| -|[]|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| -|[]|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| -|[]|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.||![](https://img.shields.io/github/stars/1N3/BruteX)| -|[]|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| -|[]|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| -|[]|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| -|[]|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| -|[]|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| -|[]|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| -|[]|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| -|[]|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| -|[]|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| -|[]|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| -|[]|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| -|[]|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| -|[]|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| -|[]|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| -|[]|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems||![](https://img.shields.io/github/stars/visma-prodsec/confused)| -|[]|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| -|[]|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| -|[]|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| -|[]|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| -|[]|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| -|[]|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| -|[]|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| -|[]|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project||x| -|[]|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| -|[]|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| -|[]|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| -|[]|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| -|[]|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| -|[]|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| -|[]|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| -|[]|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| -|[]|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| -|[]|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.||![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| -|[]|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.||![](https://img.shields.io/github/stars/eslam3kl/3klCon)| -|[]|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| -|[]|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| -|[]|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| -|[]|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| -|[]|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| -|[]|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| -|[]|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| -|[]|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| -|[]|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.||![](https://img.shields.io/github/stars/sharkdp/bat)| -|[]|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| -|[]|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| -|[]|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| -|[]|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| -|[]|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| -|[]|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| -|[]|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| -|[]|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| -|[]|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| -|[]|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r ||![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| -|[]|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| -|[]|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| -|[]|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| +||[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| +||[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| +||[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| +||[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| +||[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| +||[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| +||[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| +||[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| +||[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| +||[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| +||[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| +||[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| +||[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| +||[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| +||[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|x| +||[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| +||[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| +||[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| +||[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| +||[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| +||[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| +||[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| +||[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| +||[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| +||[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| +||[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| +||[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| +||[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| +||[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| +||[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| +||[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| +||[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| +||[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| +||[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| +||[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| +||[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| +||[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| +||[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| +||[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| +||[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| +||[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| +||[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| +||[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| +||[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| +||[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| +||[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| +||[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| +||[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| +||[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| +||[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| +||[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| +||[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| +||[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| +||[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| +||[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| +||[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| +||[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| +||[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| +||[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| +||[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| +||[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| +||[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| +||[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| +||[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| +||[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| +||[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| +||[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| +||[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| +||[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| +||[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| +||[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| +||[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| +||[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| +||[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| +||[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| +||[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| +||[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| +||[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| +||[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| +||[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| +||[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| +||[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| +||[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| +||[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| +||[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| +||[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| +||[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| +||[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| +||[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| +||[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| +||[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| +||[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| +||[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| +||[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| +||[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| +||[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| +||[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| +||[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| +||[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| +||[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| +||[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| +||[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| +||[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| +||[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| +||[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| +||[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| +||[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| +||[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| +||[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| +||[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| +||[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| +||[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| +||[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| +||[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| +||[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| +||[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| +||[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| +||[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| +||[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| +||[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| +||[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| +||[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| +||[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| +||[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| +||[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| +||[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| +||[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| +||[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| +||[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/230-OOB)| +||[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| +||[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| +||[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| +||[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| +||[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| +||[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| +||[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| +||[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| +||[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| +||[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| +||[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| +||[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| +||[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| +||[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/marcoagner/boast)| +||[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| +||[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/cariddi)| +||[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| +||[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack)| +||[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| +||[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| +||[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| +||[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| +||[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| +||[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| +||[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| +||[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| +||[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| +||[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| +||[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| +||[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| +||[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| +||[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| +||[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| +||[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| +||[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| +||[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| +||[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| +||[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| +||[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| +||[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| +||[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| +||[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| +||[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| +||[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| +||[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| +||[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/commixproject/commix)| +||[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| +||[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| +||[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| +||[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| +||[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| +||[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| +||[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| +||[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| +||[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| +||[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| +||[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/BruteX)| +||[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| +||[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| +||[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| +||[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| +||[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| +||[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| +||[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| +||[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| +||[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| +||[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| +||[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| +||[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| +||[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| +||[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| +||[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/visma-prodsec/confused)| +||[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| +||[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| +||[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| +||[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| +||[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| +||[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| +||[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| +||[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|x| +||[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| +||[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| +||[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| +||[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| +||[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| +||[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| +||[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| +||[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| +||[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| +||[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| +||[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/eslam3kl/3klCon)| +||[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| +||[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| +||[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| +||[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| +||[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| +||[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| +||[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| +||[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| +||[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sharkdp/bat)| +||[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| +||[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| +||[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| +||[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| +||[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| +||[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| +||[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| +||[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| +||[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| +||[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| +||[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| +||[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| +||[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| ### Bookmarklets | Type | Name | Description | Badges | Popularity | @@ -287,56 +287,56 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Browser Addons | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| -|[]|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| -|[]|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| -|[]|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![safari](./images/safari.png)|x| -|[]|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![chrome](./images/chrome.png)|x| -|[]|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| -|[]|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| -|[]|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![safari](./images/safari.png)|x| -|[]|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| -|[]|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| -|[]|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| -|[]|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| -|[]|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| +||[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| +||[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| +||[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| +||[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![safari](./images/safari.png)|x| +||[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![chrome](./images/chrome.png)|x| +||[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| +||[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| +||[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![safari](./images/safari.png)|x| +||[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| +||[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| +||[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| +||[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| +||[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| ### Burpsuite and ZAP Addons | Type | Name | Description | Badges | Popularity | | --- | --- | --- | --- | --- | -|[]|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| -|[]|[param-miner](https://github.com/PortSwigger/param-miner)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/param-miner)| -|[]|[HUNT](https://github.com/bugcrowd/HUNT)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/bugcrowd/HUNT)| -|[]|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bit4woo/knife)| -|[]|[Autorize](https://github.com/Quitten/Autorize)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/Quitten/Autorize)| -|[]|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| -|[]|[taborator](https://github.com/hackvertor/taborator)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/hackvertor/taborator)| -|[]|[BurpBounty](https://github.com/wagiro/BurpBounty)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wagiro/BurpBounty)| -|[]|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| -|[]|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| -|[]|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| -|[]|[safecopy](https://github.com/yashrs/safecopy)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/yashrs/safecopy)| -|[]|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| -|[]|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| -|[]|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| -|[]|[femida](https://github.com/wish-i-was/femida)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wish-i-was/femida)| -|[]|[burp-exporter](https://github.com/artssec/burp-exporter)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/artssec/burp-exporter)| -|[]|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| -|[]|[zap-hud](https://github.com/zaproxy/zap-hud)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/zap-hud)| -|[]|[Stepper](https://github.com/CoreyD97/Stepper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/Stepper)| -|[]|[inql](https://github.com/doyensec/inql)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/doyensec/inql)| -|[]|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| -|[]|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| -|[]|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| -|[]|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| -|[]|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| -|[]|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| -|[]|[reflect](https://github.com/TypeError/reflect)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/TypeError/reflect)| -|[]|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| -|[]|[burp-piper](https://github.com/silentsignal/burp-piper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/silentsignal/burp-piper)| -|[]|[community-scripts](https://github.com/zaproxy/community-scripts)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/community-scripts)| -|[]|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| -|[]|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| +||[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| +||[param-miner](https://github.com/PortSwigger/param-miner)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/param-miner)| +||[HUNT](https://github.com/bugcrowd/HUNT)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/bugcrowd/HUNT)| +||[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bit4woo/knife)| +||[Autorize](https://github.com/Quitten/Autorize)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/Quitten/Autorize)| +||[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| +||[taborator](https://github.com/hackvertor/taborator)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/hackvertor/taborator)| +||[BurpBounty](https://github.com/wagiro/BurpBounty)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wagiro/BurpBounty)| +||[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| +||[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| +||[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| +||[safecopy](https://github.com/yashrs/safecopy)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/yashrs/safecopy)| +||[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| +||[http-script-generator](https://github.com/h3xstream/http-script-generator)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| +||[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| +||[femida](https://github.com/wish-i-was/femida)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wish-i-was/femida)| +||[burp-exporter](https://github.com/artssec/burp-exporter)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/artssec/burp-exporter)| +||[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| +||[zap-hud](https://github.com/zaproxy/zap-hud)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/zap-hud)| +||[Stepper](https://github.com/CoreyD97/Stepper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/Stepper)| +||[inql](https://github.com/doyensec/inql)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/doyensec/inql)| +||[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| +||[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| +||[csp-auditor](https://github.com/GoSecure/csp-auditor)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| +||[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| +||[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| +||[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| +||[reflect](https://github.com/TypeError/reflect)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/TypeError/reflect)| +||[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| +||[burp-piper](https://github.com/silentsignal/burp-piper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/silentsignal/burp-piper)| +||[community-scripts](https://github.com/zaproxy/community-scripts)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/community-scripts)| +||[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| +||[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 diff --git a/scripts/erb.rb b/scripts/erb.rb index d30d5d4..bc7abf2 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -98,7 +98,7 @@ Dir.entries("./weapons/").each do | name | popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" end badge = generate_badge(data['platform']) - line = "|#{data['types']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" + line = "|#{data['type']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" case data['category'] when 'tool' tools = tools + line + "\n" diff --git a/weapons/230-OOB.yaml b/weapons/230-OOB.yaml index 99c03a1..3ed2664 100644 --- a/weapons/230-OOB.yaml +++ b/weapons/230-OOB.yaml @@ -3,7 +3,10 @@ name: 230-OOB description: An Out-of-Band XXE server for retrieving file contents over FTP. url: https://github.com/lc/230-OOB category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/3klCon.yaml b/weapons/3klCon.yaml index 6a9bc17..0e0409a 100644 --- a/weapons/3klCon.yaml +++ b/weapons/3klCon.yaml @@ -4,7 +4,10 @@ description: Automation Recon tool which works with Large & Medium scopes. It pe more than 20 tasks and gets back all the results in separated files. url: https://github.com/eslam3kl/3klCon category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/AWSBucketDump.yaml b/weapons/AWSBucketDump.yaml index 6f83ce8..fc276a4 100644 --- a/weapons/AWSBucketDump.yaml +++ b/weapons/AWSBucketDump.yaml @@ -3,7 +3,10 @@ name: AWSBucketDump description: Security Tool to Look For Interesting Files in S3 Buckets url: https://github.com/jordanpotti/AWSBucketDump category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Amass.yaml b/weapons/Amass.yaml index fdc4944..275fcc5 100644 --- a/weapons/Amass.yaml +++ b/weapons/Amass.yaml @@ -3,9 +3,10 @@ name: Amass description: 'In-depth Attack Surface Mapping and Asset Discovery ' url: https://github.com/OWASP/Amass category: tool -types: [] +type: platform: - linux - macos +- windows lang: [] tags: [] diff --git a/weapons/Arjun.yaml b/weapons/Arjun.yaml index 046aee2..51e68e4 100644 --- a/weapons/Arjun.yaml +++ b/weapons/Arjun.yaml @@ -3,7 +3,7 @@ name: Arjun description: 'HTTP parameter discovery suite. ' url: https://github.com/s0md3v/Arjun category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Assetnote_Wordlists.yaml b/weapons/Assetnote_Wordlists.yaml index 0491f17..7ea78a2 100644 --- a/weapons/Assetnote_Wordlists.yaml +++ b/weapons/Assetnote_Wordlists.yaml @@ -3,7 +3,7 @@ name: Assetnote Wordlists description: Automated & Manual Wordlists provided by Assetnote url: https://github.com/assetnote/wordlists category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Atlas.yaml b/weapons/Atlas.yaml index 1f15b5e..9b0ee6d 100644 --- a/weapons/Atlas.yaml +++ b/weapons/Atlas.yaml @@ -3,7 +3,7 @@ name: Atlas description: 'Quick SQLMap Tamper Suggester ' url: https://github.com/m4ll0k/Atlas category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/AuthMatrix.yaml b/weapons/AuthMatrix.yaml index b05be3c..86fda63 100644 --- a/weapons/AuthMatrix.yaml +++ b/weapons/AuthMatrix.yaml @@ -3,7 +3,7 @@ name: AuthMatrix description: url: https://github.com/SecurityInnovation/AuthMatrix category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/Autorize.yaml b/weapons/Autorize.yaml index 1d700d5..e73e1a5 100644 --- a/weapons/Autorize.yaml +++ b/weapons/Autorize.yaml @@ -3,7 +3,7 @@ name: Autorize description: url: https://github.com/Quitten/Autorize category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/Blacklist3r.yaml b/weapons/Blacklist3r.yaml index caa5569..317493c 100644 --- a/weapons/Blacklist3r.yaml +++ b/weapons/Blacklist3r.yaml @@ -3,7 +3,10 @@ name: Blacklist3r description: 'project-blacklist3r ' url: https://github.com/NotSoSecure/Blacklist3r category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BruteX.yaml b/weapons/BruteX.yaml index 709b57f..1fde598 100644 --- a/weapons/BruteX.yaml +++ b/weapons/BruteX.yaml @@ -3,7 +3,10 @@ name: BruteX description: Automatically brute force all services running on a target. url: https://github.com/1N3/BruteX category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Bug-Bounty-Toolz.yaml b/weapons/Bug-Bounty-Toolz.yaml index d61fbc1..28c4e0f 100644 --- a/weapons/Bug-Bounty-Toolz.yaml +++ b/weapons/Bug-Bounty-Toolz.yaml @@ -3,7 +3,10 @@ name: Bug-Bounty-Toolz description: 'BBT - Bug Bounty Tools ' url: https://github.com/m4ll0k/Bug-Bounty-Toolz category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BurpBounty.yaml b/weapons/BurpBounty.yaml index aa9710e..7e07818 100644 --- a/weapons/BurpBounty.yaml +++ b/weapons/BurpBounty.yaml @@ -3,7 +3,7 @@ name: BurpBounty description: url: https://github.com/wagiro/BurpBounty category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpCustomizer.yaml b/weapons/BurpCustomizer.yaml index 1f01ba9..cd2d029 100644 --- a/weapons/BurpCustomizer.yaml +++ b/weapons/BurpCustomizer.yaml @@ -3,7 +3,7 @@ name: BurpCustomizer description: Because just a dark theme wasn't enough! url: https://github.com/CoreyD97/BurpCustomizer category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpJSLinkFinder.yaml b/weapons/BurpJSLinkFinder.yaml index e7a37e1..556ac96 100644 --- a/weapons/BurpJSLinkFinder.yaml +++ b/weapons/BurpJSLinkFinder.yaml @@ -3,7 +3,7 @@ name: BurpJSLinkFinder description: url: https://github.com/InitRoot/BurpJSLinkFinder category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpSuite-Secret_Finder.yaml b/weapons/BurpSuite-Secret_Finder.yaml index b6f3858..ac9a4af 100644 --- a/weapons/BurpSuite-Secret_Finder.yaml +++ b/weapons/BurpSuite-Secret_Finder.yaml @@ -3,7 +3,7 @@ name: BurpSuite-Secret_Finder description: url: https://github.com/m4ll0k/BurpSuite-Secret_Finder category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpSuite.yaml b/weapons/BurpSuite.yaml index 13e38f4..1caab35 100644 --- a/weapons/BurpSuite.yaml +++ b/weapons/BurpSuite.yaml @@ -3,7 +3,10 @@ name: BurpSuite description: the BurpSuite Project url: https://portswigger.net/burp category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BurpSuiteHTTPSmuggler.yaml b/weapons/BurpSuiteHTTPSmuggler.yaml index fcc4b12..7952c28 100644 --- a/weapons/BurpSuiteHTTPSmuggler.yaml +++ b/weapons/BurpSuiteHTTPSmuggler.yaml @@ -3,7 +3,7 @@ name: BurpSuiteHTTPSmuggler description: url: https://github.com/nccgroup/BurpSuiteHTTPSmuggler category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/BurpSuiteLoggerPlusPlus.yaml b/weapons/BurpSuiteLoggerPlusPlus.yaml index 1bffb96..1a496a0 100644 --- a/weapons/BurpSuiteLoggerPlusPlus.yaml +++ b/weapons/BurpSuiteLoggerPlusPlus.yaml @@ -3,7 +3,7 @@ name: BurpSuiteLoggerPlusPlus description: url: https://github.com/nccgroup/BurpSuiteLoggerPlusPlus category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml index 38b9a70..daee20b 100644 --- a/weapons/CSP_Evaluator.yaml +++ b/weapons/CSP_Evaluator.yaml @@ -3,7 +3,7 @@ name: CSP Evaluator description: " Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://csp-evaluator.withgoogle.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/CT_subdomains.yaml b/weapons/CT_subdomains.yaml index b9aacc5..22782a4 100644 --- a/weapons/CT_subdomains.yaml +++ b/weapons/CT_subdomains.yaml @@ -4,7 +4,7 @@ description: 'An hourly updated list of subdomains gathered from certificate tra logs ' url: https://github.com/internetwache/CT_subdomains category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml index 3114520..670ef46 100644 --- a/weapons/Chaos_Web.yaml +++ b/weapons/Chaos_Web.yaml @@ -4,7 +4,10 @@ description: " actively scan and maintain internet-wide assets' data. enhance re and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)" url: https://chaos.projectdiscovery.io category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Chromium-based-XSS-Taint-Tracking.yaml b/weapons/Chromium-based-XSS-Taint-Tracking.yaml index c3490a8..faf61f0 100644 --- a/weapons/Chromium-based-XSS-Taint-Tracking.yaml +++ b/weapons/Chromium-based-XSS-Taint-Tracking.yaml @@ -4,7 +4,7 @@ description: Cyclops is a web browser with XSS detection feature, it is chromium xss detection that used to find the flows from a source to a sink. url: https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/CorsMe.yaml b/weapons/CorsMe.yaml index 3ed8e4e..df42b31 100644 --- a/weapons/CorsMe.yaml +++ b/weapons/CorsMe.yaml @@ -3,7 +3,7 @@ name: CorsMe description: 'Cross Origin Resource Sharing MisConfiguration Scanner ' url: https://github.com/Shivangx01b/CorsMe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Corsy.yaml b/weapons/Corsy.yaml index e44a078..0ba303b 100644 --- a/weapons/Corsy.yaml +++ b/weapons/Corsy.yaml @@ -3,7 +3,7 @@ name: Corsy description: 'CORS Misconfiguration Scanner ' url: https://github.com/s0md3v/Corsy category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/CyberChef.yaml b/weapons/CyberChef.yaml index cc72198..b98c5b0 100644 --- a/weapons/CyberChef.yaml +++ b/weapons/CyberChef.yaml @@ -4,7 +4,7 @@ description: 'The Cyber Swiss Army Knife - a web app for encryption, encoding, c and data analysis ' url: https://github.com/gchq/CyberChef category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml index ac48711..21baf35 100644 --- a/weapons/DNSDumpster.yaml +++ b/weapons/DNSDumpster.yaml @@ -3,7 +3,7 @@ name: DNSDumpster description: " Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://dnsdumpster.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DOMPurify.yaml b/weapons/DOMPurify.yaml index 4e6518a..dec97ff 100644 --- a/weapons/DOMPurify.yaml +++ b/weapons/DOMPurify.yaml @@ -5,7 +5,7 @@ description: 'DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer fo configurability and hooks. Demo:' url: https://github.com/cure53/DOMPurify category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DSSS.yaml b/weapons/DSSS.yaml index 60b90c8..4508b8c 100644 --- a/weapons/DSSS.yaml +++ b/weapons/DSSS.yaml @@ -3,7 +3,7 @@ name: DSSS description: Damn Small SQLi Scanner url: https://github.com/stamparm/DSSS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Dark_Reader.yaml b/weapons/Dark_Reader.yaml index 23648ae..7c2d0a6 100644 --- a/weapons/Dark_Reader.yaml +++ b/weapons/Dark_Reader.yaml @@ -3,7 +3,7 @@ name: Dark Reader description: Dark mode to any site url: https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/Dark_Reader_for_Safari.yaml b/weapons/Dark_Reader_for_Safari.yaml index ddf4486..26fb6d2 100644 --- a/weapons/Dark_Reader_for_Safari.yaml +++ b/weapons/Dark_Reader_for_Safari.yaml @@ -3,7 +3,7 @@ name: Dark Reader for Safari description: Dark mode to any site url: https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180 category: browser-addon -types: [] +type: platform: - safari lang: [] diff --git a/weapons/DeepViolet.yaml b/weapons/DeepViolet.yaml index 885e277..6ab741a 100644 --- a/weapons/DeepViolet.yaml +++ b/weapons/DeepViolet.yaml @@ -3,7 +3,7 @@ name: DeepViolet description: Tool for introspection of SSL\TLS sessions url: https://github.com/spoofzu/DeepViolet category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DirDar.yaml b/weapons/DirDar.yaml index a5881da..b378091 100644 --- a/weapons/DirDar.yaml +++ b/weapons/DirDar.yaml @@ -4,7 +4,7 @@ description: DirDar is a tool that searches for (403-Forbidden) directories to b it and get dir listing on it url: https://github.com/M4DM0e/DirDar category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/DotGit.yaml b/weapons/DotGit.yaml index e95e03e..b5df387 100644 --- a/weapons/DotGit.yaml +++ b/weapons/DotGit.yaml @@ -3,7 +3,7 @@ name: DotGit description: An extension for checking if .git is exposed in visited websites url: https://github.com/davtur19/DotGit category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/Edit-This-Cookie.yaml b/weapons/Edit-This-Cookie.yaml index 5c5c73d..a3b6110 100644 --- a/weapons/Edit-This-Cookie.yaml +++ b/weapons/Edit-This-Cookie.yaml @@ -4,7 +4,7 @@ description: EditThisCookie is the famous Google Chrome/Chromium extension for e cookies url: https://github.com/ETCExtensions/Edit-This-Cookie category: browser-addon -types: [] +type: platform: - chrome lang: [] diff --git a/weapons/Emissary.yaml b/weapons/Emissary.yaml index a7c0c63..9bf0bfd 100644 --- a/weapons/Emissary.yaml +++ b/weapons/Emissary.yaml @@ -4,7 +4,7 @@ description: Send notifications on different channels such as Slack, Telegram, D etc. url: https://github.com/BountyStrike/Emissary category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/FavFreak.yaml b/weapons/FavFreak.yaml index ebd0856..2e1fcba 100644 --- a/weapons/FavFreak.yaml +++ b/weapons/FavFreak.yaml @@ -3,7 +3,7 @@ name: FavFreak description: 'Making Favicon.ico based Recon Great again ! ' url: https://github.com/devanshbatham/FavFreak category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Findsploit.yaml b/weapons/Findsploit.yaml index c7db9b6..db5e3b3 100644 --- a/weapons/Findsploit.yaml +++ b/weapons/Findsploit.yaml @@ -3,7 +3,7 @@ name: Findsploit description: Find exploits in local and online databases instantly url: https://github.com/1N3/Findsploit category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Gf-Patterns.yaml b/weapons/Gf-Patterns.yaml index dd9f6ee..2ae6822 100644 --- a/weapons/Gf-Patterns.yaml +++ b/weapons/Gf-Patterns.yaml @@ -4,7 +4,7 @@ description: 'GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_ parameters grep ' url: https://github.com/1ndianl33t/Gf-Patterns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/GitMiner.yaml b/weapons/GitMiner.yaml index ce0945c..3d7fd64 100644 --- a/weapons/GitMiner.yaml +++ b/weapons/GitMiner.yaml @@ -3,7 +3,7 @@ name: GitMiner description: 'Tool for advanced mining for content on Github ' url: https://github.com/UnkL4b/GitMiner category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Gopherus.yaml b/weapons/Gopherus.yaml index f5f3917..80e5192 100644 --- a/weapons/Gopherus.yaml +++ b/weapons/Gopherus.yaml @@ -4,7 +4,7 @@ description: 'This tool generates gopher link for exploiting SSRF and gaining RC in various servers ' url: https://github.com/tarunkant/Gopherus category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/GraphQLmap.yaml b/weapons/GraphQLmap.yaml index 781878f..67a1426 100644 --- a/weapons/GraphQLmap.yaml +++ b/weapons/GraphQLmap.yaml @@ -4,7 +4,7 @@ description: 'GraphQLmap is a scripting engine to interact with a graphql endpoi for pentesting purposes. ' url: https://github.com/swisskyrepo/GraphQLmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/HRS.yaml b/weapons/HRS.yaml index d8e3fde..e136421 100644 --- a/weapons/HRS.yaml +++ b/weapons/HRS.yaml @@ -4,7 +4,7 @@ description: HTTP Request Smuggling demonstration Perl script, for variants 1, 2 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. url: https://github.com/SafeBreach-Labs/HRS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/HUNT.yaml b/weapons/HUNT.yaml index 2356c56..e51c48c 100644 --- a/weapons/HUNT.yaml +++ b/weapons/HUNT.yaml @@ -3,7 +3,7 @@ name: HUNT description: url: https://github.com/bugcrowd/HUNT category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/Hack-Tools.yaml b/weapons/Hack-Tools.yaml index 1ff710d..8a81641 100644 --- a/weapons/Hack-Tools.yaml +++ b/weapons/Hack-Tools.yaml @@ -3,7 +3,7 @@ name: Hack-Tools description: "The all-in-one Red Team extension for Web Pentester \U0001F6E0" url: https://github.com/LasCC/Hack-Tools category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/HydraRecon.yaml b/weapons/HydraRecon.yaml index 41fd775..7642aac 100644 --- a/weapons/HydraRecon.yaml +++ b/weapons/HydraRecon.yaml @@ -3,7 +3,7 @@ name: HydraRecon description: All In One, Fast, Easy Recon Tool url: https://github.com/aufzayed/HydraRecon category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/IntruderPayloads.yaml b/weapons/IntruderPayloads.yaml index 4ba9172..02df0f1 100644 --- a/weapons/IntruderPayloads.yaml +++ b/weapons/IntruderPayloads.yaml @@ -3,7 +3,7 @@ name: IntruderPayloads description: url: https://github.com/1N3/IntruderPayloads category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/JSFScan.sh.yaml b/weapons/JSFScan.sh.yaml index c11febf..aab7b35 100644 --- a/weapons/JSFScan.sh.yaml +++ b/weapons/JSFScan.sh.yaml @@ -3,7 +3,7 @@ name: JSFScan.sh description: 'Automation for javascript recon in bug bounty. ' url: https://github.com/KathanP19/JSFScan.sh category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/LFISuite.yaml b/weapons/LFISuite.yaml index 3433f5f..3fa0c08 100644 --- a/weapons/LFISuite.yaml +++ b/weapons/LFISuite.yaml @@ -3,7 +3,7 @@ name: LFISuite description: 'Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ' url: https://github.com/D35m0nd142/LFISuite category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/LinkFinder.yaml b/weapons/LinkFinder.yaml index 9072cbc..0565ab1 100644 --- a/weapons/LinkFinder.yaml +++ b/weapons/LinkFinder.yaml @@ -3,7 +3,7 @@ name: LinkFinder description: 'A python script that finds endpoints in JavaScript files ' url: https://github.com/GerbenJavado/LinkFinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/MM3_ProxySwitch.yaml b/weapons/MM3_ProxySwitch.yaml index 20e1533..d9d195b 100644 --- a/weapons/MM3_ProxySwitch.yaml +++ b/weapons/MM3_ProxySwitch.yaml @@ -3,7 +3,7 @@ name: MM3 ProxySwitch description: Proxy Switch in Firefox and Chrome url: https://proxy-offline-browser.com/ProxySwitch/ category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/NoSQLMap.yaml b/weapons/NoSQLMap.yaml index 6f36a2f..b571303 100644 --- a/weapons/NoSQLMap.yaml +++ b/weapons/NoSQLMap.yaml @@ -4,7 +4,7 @@ description: 'Automated NoSQL database enumeration and web application exploitat tool. ' url: https://github.com/codingo/NoSQLMap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/OneForAll.yaml b/weapons/OneForAll.yaml index 6087e4b..38937ea 100644 --- a/weapons/OneForAll.yaml +++ b/weapons/OneForAll.yaml @@ -3,7 +3,7 @@ name: OneForAll description: 'OneForAll是一款功能强大的子域收集工具 ' url: https://github.com/shmilylty/OneForAll category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/OpenRedireX.yaml b/weapons/OpenRedireX.yaml index 718aa7a..2634a9a 100644 --- a/weapons/OpenRedireX.yaml +++ b/weapons/OpenRedireX.yaml @@ -3,7 +3,7 @@ name: OpenRedireX description: A Fuzzer for OpenRedirect issues url: https://github.com/devanshbatham/OpenRedireX category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Osmedeus.yaml b/weapons/Osmedeus.yaml index 3963021..3836ad4 100644 --- a/weapons/Osmedeus.yaml +++ b/weapons/Osmedeus.yaml @@ -4,7 +4,7 @@ description: 'Fully automated offensive security framework for reconnaissance an vulnerability scanning ' url: https://github.com/j3ssie/Osmedeus category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/PPScan.yaml b/weapons/PPScan.yaml index cf87d6f..f84cda2 100644 --- a/weapons/PPScan.yaml +++ b/weapons/PPScan.yaml @@ -3,7 +3,7 @@ name: PPScan description: Client Side Prototype Pollution Scanner url: https://github.com/msrkp/PPScan category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ParamSpider.yaml b/weapons/ParamSpider.yaml index 2074160..7ee674f 100644 --- a/weapons/ParamSpider.yaml +++ b/weapons/ParamSpider.yaml @@ -3,7 +3,7 @@ name: ParamSpider description: 'Mining parameters from dark corners of Web Archives ' url: https://github.com/devanshbatham/ParamSpider category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Parth.yaml b/weapons/Parth.yaml index 53958af..2a3efc1 100644 --- a/weapons/Parth.yaml +++ b/weapons/Parth.yaml @@ -3,7 +3,7 @@ name: Parth description: 'Heuristic Vulnerable Parameter Scanner ' url: https://github.com/s0md3v/Parth category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/PayloadsAllTheThings.yaml b/weapons/PayloadsAllTheThings.yaml index 972bfb8..1f8299f 100644 --- a/weapons/PayloadsAllTheThings.yaml +++ b/weapons/PayloadsAllTheThings.yaml @@ -4,7 +4,7 @@ description: 'A list of useful payloads and bypass for Web Application Security Pentest/CTF ' url: https://github.com/swisskyrepo/PayloadsAllTheThings category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml index 057953c..8c1d0aa 100644 --- a/weapons/Phoenix.yaml +++ b/weapons/Phoenix.yaml @@ -3,7 +3,7 @@ name: Phoenix description: " hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://www.hahwul.com/p/phoenix.html category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Photon.yaml b/weapons/Photon.yaml index c5549af..b3fddb6 100644 --- a/weapons/Photon.yaml +++ b/weapons/Photon.yaml @@ -3,7 +3,7 @@ name: Photon description: 'Incredibly fast crawler designed for OSINT. ' url: https://github.com/s0md3v/Photon category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/PoC-in-GitHub.yaml b/weapons/PoC-in-GitHub.yaml index 7186460..ede7bf5 100644 --- a/weapons/PoC-in-GitHub.yaml +++ b/weapons/PoC-in-GitHub.yaml @@ -3,7 +3,7 @@ name: PoC-in-GitHub description: "\U0001F4E1 PoC auto collect from GitHub. Be careful malware." url: https://github.com/nomi-sec/PoC-in-GitHub category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/RustScan.yaml b/weapons/RustScan.yaml index b3b1b3a..b5b5383 100644 --- a/weapons/RustScan.yaml +++ b/weapons/RustScan.yaml @@ -3,7 +3,7 @@ name: RustScan description: 'Faster Nmap Scanning with Rust ' url: https://github.com/brandonskerritt/RustScan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/S3Scanner.yaml b/weapons/S3Scanner.yaml index 2df652a..635cf53 100644 --- a/weapons/S3Scanner.yaml +++ b/weapons/S3Scanner.yaml @@ -3,7 +3,7 @@ name: S3Scanner description: 'Scan for open AWS S3 buckets and dump the contents ' url: https://github.com/sa7mon/S3Scanner category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml index 2806dbd..00e8d6d 100644 --- a/weapons/SQLNinja.yaml +++ b/weapons/SQLNinja.yaml @@ -3,7 +3,7 @@ name: SQLNinja description: " SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SQL_Ninja.yaml b/weapons/SQL_Ninja.yaml index e94dab2..30f3f09 100644 --- a/weapons/SQL_Ninja.yaml +++ b/weapons/SQL_Ninja.yaml @@ -3,7 +3,7 @@ name: SQL Ninja description: SQL Injection scanner url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SSRFmap.yaml b/weapons/SSRFmap.yaml index c1a40c3..77dc7b6 100644 --- a/weapons/SSRFmap.yaml +++ b/weapons/SSRFmap.yaml @@ -3,7 +3,7 @@ name: SSRFmap description: 'Automatic SSRF fuzzer and exploitation tool ' url: https://github.com/swisskyrepo/SSRFmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/STEWS.yaml b/weapons/STEWS.yaml index cb37cb8..102c178 100644 --- a/weapons/STEWS.yaml +++ b/weapons/STEWS.yaml @@ -3,7 +3,7 @@ name: STEWS description: A Security Tool for Enumerating WebSockets url: https://github.com/PalindromeLabs/STEWS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SecLists.yaml b/weapons/SecLists.yaml index 9126247..d9e63fa 100644 --- a/weapons/SecLists.yaml +++ b/weapons/SecLists.yaml @@ -6,7 +6,7 @@ description: 'SecLists is the security tester''s companion. It''s a collection o payloads, web shells, and many more. ' url: https://github.com/danielmiessler/SecLists category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SecretFinder.yaml b/weapons/SecretFinder.yaml index 5473a97..b86c7a4 100644 --- a/weapons/SecretFinder.yaml +++ b/weapons/SecretFinder.yaml @@ -4,7 +4,7 @@ description: 'SecretFinder - A python script for find sensitive data (apikeys, a and search anything on javascript files ' url: https://github.com/m4ll0k/SecretFinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml index 83f6d82..199a442 100644 --- a/weapons/SecurityTrails.yaml +++ b/weapons/SecurityTrails.yaml @@ -3,7 +3,7 @@ name: SecurityTrails description: " Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://securitytrails.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml index 8171e9d..442c45e 100644 --- a/weapons/SequenceDiagram.yaml +++ b/weapons/SequenceDiagram.yaml @@ -3,7 +3,7 @@ name: SequenceDiagram description: " Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://sequencediagram.org category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml index a6230bc..746898e 100644 --- a/weapons/Shodan.yaml +++ b/weapons/Shodan.yaml @@ -3,7 +3,7 @@ name: Shodan description: " World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " url: https://www.shodan.io/ category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Silver.yaml b/weapons/Silver.yaml index 6bcdb09..1a17081 100644 --- a/weapons/Silver.yaml +++ b/weapons/Silver.yaml @@ -3,7 +3,7 @@ name: Silver description: 'Mass scan IPs for vulnerable services ' url: https://github.com/s0md3v/Silver category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Sn1per.yaml b/weapons/Sn1per.yaml index 226e2a7..e8de3b0 100644 --- a/weapons/Sn1per.yaml +++ b/weapons/Sn1per.yaml @@ -3,7 +3,7 @@ name: Sn1per description: 'Automated pentest framework for offensive security experts ' url: https://github.com/1N3/Sn1per category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Stepper.yaml b/weapons/Stepper.yaml index fa0e658..144b40e 100644 --- a/weapons/Stepper.yaml +++ b/weapons/Stepper.yaml @@ -3,7 +3,7 @@ name: Stepper description: url: https://github.com/CoreyD97/Stepper category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/Striker.yaml b/weapons/Striker.yaml index ca7f239..ceb24d4 100644 --- a/weapons/Striker.yaml +++ b/weapons/Striker.yaml @@ -3,7 +3,7 @@ name: Striker description: 'Striker is an offensive information and vulnerability scanner. ' url: https://github.com/s0md3v/Striker category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/SubOver.yaml b/weapons/SubOver.yaml index bdd8cba..3002d26 100644 --- a/weapons/SubOver.yaml +++ b/weapons/SubOver.yaml @@ -3,7 +3,7 @@ name: SubOver description: A Powerful Subdomain Takeover Tool url: https://github.com/Ice3man543/SubOver category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/Sublist3r.yaml b/weapons/Sublist3r.yaml index 0479114..b7d24dd 100644 --- a/weapons/Sublist3r.yaml +++ b/weapons/Sublist3r.yaml @@ -3,7 +3,7 @@ name: Sublist3r description: 'Fast subdomains enumeration tool for penetration testers ' url: https://github.com/aboul3la/Sublist3r category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Taipan.yaml b/weapons/Taipan.yaml index d02b531..077c48f 100644 --- a/weapons/Taipan.yaml +++ b/weapons/Taipan.yaml @@ -3,7 +3,7 @@ name: Taipan description: Web application vulnerability scanner url: https://github.com/enkomio/Taipan category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/TukTuk.yaml b/weapons/TukTuk.yaml index e2b55ee..70b89ee 100644 --- a/weapons/TukTuk.yaml +++ b/weapons/TukTuk.yaml @@ -3,7 +3,7 @@ name: TukTuk description: 'Tool for catching and logging different types of requests. ' url: https://github.com/ArturSS7/TukTuk category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/User-Agent_Switcher.yaml b/weapons/User-Agent_Switcher.yaml index 0fb2ec3..a8ee6f9 100644 --- a/weapons/User-Agent_Switcher.yaml +++ b/weapons/User-Agent_Switcher.yaml @@ -3,7 +3,7 @@ name: User-Agent Switcher description: quick and easy way to switch between user-agents. url: https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae category: browser-addon -types: [] +type: platform: - chrome lang: [] diff --git a/weapons/VHostScan.yaml b/weapons/VHostScan.yaml index a26a6fc..84aae21 100644 --- a/weapons/VHostScan.yaml +++ b/weapons/VHostScan.yaml @@ -5,7 +5,7 @@ description: 'A virtual host scanner that performs reverse lookups, can be used default pages. ' url: https://github.com/codingo/VHostScan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/Wayback_Machine.yaml b/weapons/Wayback_Machine.yaml index 4267aeb..41ee9af 100644 --- a/weapons/Wayback_Machine.yaml +++ b/weapons/Wayback_Machine.yaml @@ -3,7 +3,7 @@ name: Wayback Machine description: History of website url: https://apps.apple.com/us/app/wayback-machine/id1472432422 category: browser-addon -types: [] +type: platform: - safari lang: [] diff --git a/weapons/Web-Cache-Vulnerability-Scanner.yaml b/weapons/Web-Cache-Vulnerability-Scanner.yaml index 9fd2379..efe619c 100644 --- a/weapons/Web-Cache-Vulnerability-Scanner.yaml +++ b/weapons/Web-Cache-Vulnerability-Scanner.yaml @@ -4,7 +4,7 @@ description: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). url: https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/XSRFProbe.yaml b/weapons/XSRFProbe.yaml index c5e069e..a41f391 100644 --- a/weapons/XSRFProbe.yaml +++ b/weapons/XSRFProbe.yaml @@ -3,7 +3,7 @@ name: XSRFProbe description: The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. url: https://github.com/0xInfection/XSRFProbe category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/XSStrike.yaml b/weapons/XSStrike.yaml index 54b25a5..49a3800 100644 --- a/weapons/XSStrike.yaml +++ b/weapons/XSStrike.yaml @@ -3,7 +3,7 @@ name: XSStrike description: 'Most advanced XSS scanner. ' url: https://github.com/s0md3v/XSStrike category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/XSpear.yaml b/weapons/XSpear.yaml index 5148926..bde6169 100644 --- a/weapons/XSpear.yaml +++ b/weapons/XSpear.yaml @@ -3,7 +3,7 @@ name: XSpear description: 'Powerfull XSS Scanning and Parameter analysis tool&gem ' url: https://github.com/hahwul/XSpear category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/XXEinjector.yaml b/weapons/XXEinjector.yaml index 82b4129..9b8b34e 100644 --- a/weapons/XXEinjector.yaml +++ b/weapons/XXEinjector.yaml @@ -4,7 +4,7 @@ description: Tool for automatic exploitation of XXE vulnerability using direct a different out of band methods. url: https://github.com/enjoiz/XXEinjector category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/a2sv.yaml b/weapons/a2sv.yaml index 743fad1..8a7ef78 100644 --- a/weapons/a2sv.yaml +++ b/weapons/a2sv.yaml @@ -3,7 +3,7 @@ name: a2sv description: 'Auto Scanning to SSL Vulnerability ' url: https://github.com/hahwul/a2sv category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/altdns.yaml b/weapons/altdns.yaml index fe8ba86..9afb35b 100644 --- a/weapons/altdns.yaml +++ b/weapons/altdns.yaml @@ -4,7 +4,7 @@ description: 'Generates permutations, alterations and mutations of subdomains an then resolves them ' url: https://github.com/infosec-au/altdns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/anew.yaml b/weapons/anew.yaml index b5a3058..d562597 100644 --- a/weapons/anew.yaml +++ b/weapons/anew.yaml @@ -3,7 +3,7 @@ name: anew description: A tool for adding new lines to files, skipping duplicates url: https://github.com/tomnomnom/anew category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/apkleaks.yaml b/weapons/apkleaks.yaml index 790088e..a9f137f 100644 --- a/weapons/apkleaks.yaml +++ b/weapons/apkleaks.yaml @@ -3,7 +3,7 @@ name: apkleaks description: 'Scanning APK file for URIs, endpoints & secrets. ' url: https://github.com/dwisiswant0/apkleaks category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/aquatone.yaml b/weapons/aquatone.yaml index 9d680f0..4eeac56 100644 --- a/weapons/aquatone.yaml +++ b/weapons/aquatone.yaml @@ -3,7 +3,7 @@ name: aquatone description: 'A Tool for Domain Flyovers ' url: https://github.com/michenriksen/aquatone category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/arachni.yaml b/weapons/arachni.yaml index 2953c65..a78eac0 100644 --- a/weapons/arachni.yaml +++ b/weapons/arachni.yaml @@ -3,9 +3,10 @@ name: arachni description: 'Web Application Security Scanner Framework ' url: https://github.com/Arachni/arachni category: tool -types: [] +type: platform: - linux - macos +- windows lang: [] tags: [] diff --git a/weapons/assetfinder.yaml b/weapons/assetfinder.yaml index 8465f3e..e0c22ad 100644 --- a/weapons/assetfinder.yaml +++ b/weapons/assetfinder.yaml @@ -3,7 +3,7 @@ name: assetfinder description: 'Find domains and subdomains related to a given domain ' url: https://github.com/tomnomnom/assetfinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/attack-surface-detector-zap.yaml b/weapons/attack-surface-detector-zap.yaml index 16e0e95..de27bd2 100644 --- a/weapons/attack-surface-detector-zap.yaml +++ b/weapons/attack-surface-detector-zap.yaml @@ -3,7 +3,7 @@ name: attack-surface-detector-zap description: url: https://github.com/secdec/attack-surface-detector-zap category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/auto-repeater.yaml b/weapons/auto-repeater.yaml index cda212a..7abafaa 100644 --- a/weapons/auto-repeater.yaml +++ b/weapons/auto-repeater.yaml @@ -3,7 +3,7 @@ name: auto-repeater description: url: https://github.com/PortSwigger/auto-repeater category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/autochrome.yaml b/weapons/autochrome.yaml index b993fb0..1ba3a16 100644 --- a/weapons/autochrome.yaml +++ b/weapons/autochrome.yaml @@ -3,7 +3,7 @@ name: autochrome description: This tool downloads, installs, and configures a shiny new copy of Chromium. url: https://github.com/nccgroup/autochrome category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/axiom.yaml b/weapons/axiom.yaml index 85b4d70..5d31727 100644 --- a/weapons/axiom.yaml +++ b/weapons/axiom.yaml @@ -3,9 +3,10 @@ name: axiom description: 'A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ' url: https://github.com/pry0cc/axiom category: tool -types: [] +type: platform: - linux - macos +- windows lang: [] tags: [] diff --git a/weapons/bat.yaml b/weapons/bat.yaml index cd6db31..4f156cf 100644 --- a/weapons/bat.yaml +++ b/weapons/bat.yaml @@ -3,7 +3,10 @@ name: bat description: A cat(1) clone with wings. url: https://github.com/sharkdp/bat category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/boast.yaml b/weapons/boast.yaml index 983cfd4..98896d3 100644 --- a/weapons/boast.yaml +++ b/weapons/boast.yaml @@ -3,7 +3,10 @@ name: boast description: The BOAST Outpost for AppSec Testing (v0.1.0) url: https://github.com/marcoagner/boast category: tool -types: [] -platform: [] +types: OAST +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/bountyplz.yaml b/weapons/bountyplz.yaml index cc32026..53bccfe 100644 --- a/weapons/bountyplz.yaml +++ b/weapons/bountyplz.yaml @@ -4,8 +4,10 @@ description: 'Automated security reporting from markdown templates (HackerOne an Bugcrowd are currently the platforms supported) ' url: https://github.com/fransr/bountyplz category: tool -types: [] +type: platform: +- linux - macos +- windows lang: [] tags: [] diff --git a/weapons/burl.yaml b/weapons/burl.yaml index bed931e..d7131fb 100644 --- a/weapons/burl.yaml +++ b/weapons/burl.yaml @@ -3,7 +3,7 @@ name: burl description: 'A Broken-URL Checker ' url: https://github.com/tomnomnom/burl category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/burp-exporter.yaml b/weapons/burp-exporter.yaml index f4714a4..86f58f8 100644 --- a/weapons/burp-exporter.yaml +++ b/weapons/burp-exporter.yaml @@ -3,7 +3,7 @@ name: burp-exporter description: url: https://github.com/artssec/burp-exporter category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/burp-piper.yaml b/weapons/burp-piper.yaml index a203041..0926a13 100644 --- a/weapons/burp-piper.yaml +++ b/weapons/burp-piper.yaml @@ -3,7 +3,7 @@ name: burp-piper description: url: https://github.com/silentsignal/burp-piper category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/burp-retire-js.yaml b/weapons/burp-retire-js.yaml index fb5c4f3..4a06a03 100644 --- a/weapons/burp-retire-js.yaml +++ b/weapons/burp-retire-js.yaml @@ -3,7 +3,7 @@ name: burp-retire-js description: url: https://github.com/h3xstream/burp-retire-js category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/burp-send-to.yaml b/weapons/burp-send-to.yaml index 4f2e5b4..fc30cd9 100644 --- a/weapons/burp-send-to.yaml +++ b/weapons/burp-send-to.yaml @@ -3,7 +3,7 @@ name: burp-send-to description: url: https://github.com/bytebutcher/burp-send-to category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/c-jwt-cracker.yaml b/weapons/c-jwt-cracker.yaml index 07107a1..a0ceb03 100644 --- a/weapons/c-jwt-cracker.yaml +++ b/weapons/c-jwt-cracker.yaml @@ -3,7 +3,7 @@ name: c-jwt-cracker description: 'JWT brute force cracker written in C ' url: https://github.com/brendan-rius/c-jwt-cracker category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/can-i-take-over-xyz.yaml b/weapons/can-i-take-over-xyz.yaml index 35104d6..f981da2 100644 --- a/weapons/can-i-take-over-xyz.yaml +++ b/weapons/can-i-take-over-xyz.yaml @@ -4,7 +4,10 @@ description: '"Can I take over XYZ?" — a list of services and how to claim (su with dangling DNS records.' url: https://github.com/EdOverflow/can-i-take-over-xyz category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/cariddi.yaml b/weapons/cariddi.yaml index 8dd81ee..0f95d91 100644 --- a/weapons/cariddi.yaml +++ b/weapons/cariddi.yaml @@ -4,7 +4,10 @@ description: Take a list of domains and scan for endpoints, secrets, api keys, f extensions, tokens and more... url: https://github.com/edoardottt/cariddi category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/cc.py.yaml b/weapons/cc.py.yaml index 8f179eb..c5ef3c3 100644 --- a/weapons/cc.py.yaml +++ b/weapons/cc.py.yaml @@ -3,7 +3,7 @@ name: cc.py description: 'Extracting URLs of a specific target based on the results of "commoncrawl.org" ' url: https://github.com/si9int/cc.py category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/cf-check.yaml b/weapons/cf-check.yaml index 8dff280..837cc83 100644 --- a/weapons/cf-check.yaml +++ b/weapons/cf-check.yaml @@ -3,7 +3,7 @@ name: cf-check description: 'Cloudflare Checker written in Go ' url: https://github.com/dwisiswant0/cf-check category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/chaos-client.yaml b/weapons/chaos-client.yaml index 4afbe07..055bda0 100644 --- a/weapons/chaos-client.yaml +++ b/weapons/chaos-client.yaml @@ -3,7 +3,7 @@ name: chaos-client description: 'Go client to communicate with Chaos DNS API. ' url: https://github.com/projectdiscovery/chaos-client category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/clear-cache.yaml b/weapons/clear-cache.yaml index 5c0b09e..6d9f6d2 100644 --- a/weapons/clear-cache.yaml +++ b/weapons/clear-cache.yaml @@ -3,7 +3,7 @@ name: clear-cache description: Add-on to clear browser cache with a single click or via the F9 key. url: https://github.com/TenSoja/clear-cache category: browser-addon -types: [] +type: platform: - firefox lang: [] diff --git a/weapons/collaborator-everywhere.yaml b/weapons/collaborator-everywhere.yaml index c0ce829..9a9e5c1 100644 --- a/weapons/collaborator-everywhere.yaml +++ b/weapons/collaborator-everywhere.yaml @@ -3,7 +3,7 @@ name: collaborator-everywhere description: url: https://github.com/PortSwigger/collaborator-everywhere category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/commix.yaml b/weapons/commix.yaml index 994c4ed..98a18ae 100644 --- a/weapons/commix.yaml +++ b/weapons/commix.yaml @@ -3,7 +3,10 @@ name: commix description: Automated All-in-One OS Command Injection Exploitation Tool. url: https://github.com/commixproject/commix category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/community-scripts.yaml b/weapons/community-scripts.yaml index 2be8d95..3a1eb50 100644 --- a/weapons/community-scripts.yaml +++ b/weapons/community-scripts.yaml @@ -3,7 +3,7 @@ name: community-scripts description: url: https://github.com/zaproxy/community-scripts category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/confused.yaml b/weapons/confused.yaml index 11253a8..8461021 100644 --- a/weapons/confused.yaml +++ b/weapons/confused.yaml @@ -4,7 +4,10 @@ description: Tool to check for dependency confusion vulnerabilities in multiple management systems url: https://github.com/visma-prodsec/confused category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/cookie-quick-manager.yaml b/weapons/cookie-quick-manager.yaml index 6a743e2..906837d 100644 --- a/weapons/cookie-quick-manager.yaml +++ b/weapons/cookie-quick-manager.yaml @@ -4,7 +4,7 @@ description: An addon to manage (view, search, create, edit, remove, backup, res cookies on Firefox. url: https://github.com/ysard/cookie-quick-manager category: browser-addon -types: [] +type: platform: - firefox lang: [] diff --git a/weapons/corsair_scan.yaml b/weapons/corsair_scan.yaml index fdf0028..b1a1a32 100644 --- a/weapons/corsair_scan.yaml +++ b/weapons/corsair_scan.yaml @@ -4,7 +4,10 @@ description: Corsair_scan is a security tool to test Cross-Origin Resource Shari (CORS). url: https://github.com/Santandersecurityresearch/corsair_scan category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/crawlergo.yaml b/weapons/crawlergo.yaml index 2e1fc32..7b7000b 100644 --- a/weapons/crawlergo.yaml +++ b/weapons/crawlergo.yaml @@ -3,7 +3,10 @@ name: crawlergo description: A powerful browser crawler for web vulnerability scanners url: https://github.com/Qianlitp/crawlergo category: tool -types: [] -platform: [] +type: +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/crlfuzz.yaml b/weapons/crlfuzz.yaml index 0f0a462..85596ed 100644 --- a/weapons/crlfuzz.yaml +++ b/weapons/crlfuzz.yaml @@ -3,7 +3,7 @@ name: crlfuzz description: 'A fast tool to scan CRLF vulnerability written in Go ' url: https://github.com/dwisiswant0/crlfuzz category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/csp-auditor.yaml b/weapons/csp-auditor.yaml index 476ab7f..a1cf30a 100644 --- a/weapons/csp-auditor.yaml +++ b/weapons/csp-auditor.yaml @@ -3,7 +3,7 @@ name: csp-auditor description: url: https://github.com/GoSecure/csp-auditor category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/curl.yaml b/weapons/curl.yaml index c0282a1..1ef1392 100644 --- a/weapons/curl.yaml +++ b/weapons/curl.yaml @@ -6,7 +6,7 @@ description: A command line tool and library for transferring data with URL synt features url: https://github.com/curl/curl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dalfox.yaml b/weapons/dalfox.yaml index a60dcd1..30a0652 100644 --- a/weapons/dalfox.yaml +++ b/weapons/dalfox.yaml @@ -4,7 +4,7 @@ description: "\U0001F318\U0001F98A DalFox(Finder Of XSS) / Parameter Analysis an XSS Scanning tool based on golang " url: https://github.com/hahwul/dalfox category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/dirsearch.yaml b/weapons/dirsearch.yaml index 6a6f9a9..8e50b90 100644 --- a/weapons/dirsearch.yaml +++ b/weapons/dirsearch.yaml @@ -3,7 +3,7 @@ name: dirsearch description: 'Web path scanner ' url: https://github.com/maurosoria/dirsearch category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ditto.yaml b/weapons/ditto.yaml index aa090d1..9116adb 100644 --- a/weapons/ditto.yaml +++ b/weapons/ditto.yaml @@ -3,7 +3,7 @@ name: ditto description: A tool for IDN homograph attacks and detection. url: https://github.com/evilsocket/ditto category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dmut.yaml b/weapons/dmut.yaml index b145a7e..f445d70 100644 --- a/weapons/dmut.yaml +++ b/weapons/dmut.yaml @@ -4,7 +4,7 @@ description: A tool to perform permutations, mutations and alteration of subdoma in golang. url: https://github.com/bp0lr/dmut category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dnsobserver.yaml b/weapons/dnsobserver.yaml index 35ceb1c..dee816c 100644 --- a/weapons/dnsobserver.yaml +++ b/weapons/dnsobserver.yaml @@ -5,7 +5,7 @@ description: 'A handy DNS service written in Go to aid in the detection of sever DNS interactions and sends lookup notifications via Slack. ' url: https://github.com/allyomalley/dnsobserver category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dnsprobe.yaml b/weapons/dnsprobe.yaml index 86505fc..74cd7ef 100644 --- a/weapons/dnsprobe.yaml +++ b/weapons/dnsprobe.yaml @@ -4,7 +4,7 @@ description: 'DNSProb (beta) is a tool built on top of retryabledns that allows to perform multiple dns queries of your choice with a list of user supplied resolvers. ' url: https://github.com/projectdiscovery/dnsprobe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/dnsvalidator.yaml b/weapons/dnsvalidator.yaml index ef76021..450e2f1 100644 --- a/weapons/dnsvalidator.yaml +++ b/weapons/dnsvalidator.yaml @@ -4,7 +4,7 @@ description: Maintains a list of IPv4 DNS servers by verifying them against base servers, and ensuring accurate responses. url: https://github.com/vortexau/dnsvalidator category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dnsx.yaml b/weapons/dnsx.yaml index 7655a0a..d3f83f3 100644 --- a/weapons/dnsx.yaml +++ b/weapons/dnsx.yaml @@ -4,7 +4,7 @@ description: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple queries of your choice with a list of user-supplied resolvers. url: https://github.com/projectdiscovery/dnsx category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/docem.yaml b/weapons/docem.yaml index 4dc0f07..06086de 100644 --- a/weapons/docem.yaml +++ b/weapons/docem.yaml @@ -4,7 +4,7 @@ description: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE steroids) url: https://github.com/whitel1st/docem category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/domdig.yaml b/weapons/domdig.yaml index 5cee306..34b93a6 100644 --- a/weapons/domdig.yaml +++ b/weapons/domdig.yaml @@ -3,7 +3,7 @@ name: domdig description: 'DOM XSS scanner for Single Page Applications ' url: https://github.com/fcavallarin/domdig category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/dontgo403.yaml b/weapons/dontgo403.yaml index 74f7378..f9c2d76 100644 --- a/weapons/dontgo403.yaml +++ b/weapons/dontgo403.yaml @@ -3,7 +3,7 @@ name: dontgo403 description: Tool to bypass 40X response codes. url: https://github.com/devploit/dontgo403 category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/dotdotpwn.yaml b/weapons/dotdotpwn.yaml index 3a6fdb7..567ef35 100644 --- a/weapons/dotdotpwn.yaml +++ b/weapons/dotdotpwn.yaml @@ -3,7 +3,7 @@ name: dotdotpwn description: 'DotDotPwn - The Directory Traversal Fuzzer ' url: https://github.com/wireghoul/dotdotpwn category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/eval_villain.yaml b/weapons/eval_villain.yaml index 03e3eee..f18161e 100644 --- a/weapons/eval_villain.yaml +++ b/weapons/eval_villain.yaml @@ -3,7 +3,7 @@ name: eval_villain description: A Firefox Web Extension to improve the discovery of DOM XSS. url: https://github.com/swoops/eval_villain category: browser-addon -types: [] +type: platform: - firefox lang: [] diff --git a/weapons/ezXSS.yaml b/weapons/ezXSS.yaml index 6fec55a..516912c 100644 --- a/weapons/ezXSS.yaml +++ b/weapons/ezXSS.yaml @@ -4,7 +4,7 @@ description: 'ezXSS is an easy way for penetration testers and bug bounty hunter to test (blind) Cross Site Scripting. ' url: https://github.com/ssl/ezXSS category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/femida.yaml b/weapons/femida.yaml index 3d3a4cb..247db74 100644 --- a/weapons/femida.yaml +++ b/weapons/femida.yaml @@ -3,7 +3,7 @@ name: femida description: url: https://github.com/wish-i-was/femida category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/feroxbuster.yaml b/weapons/feroxbuster.yaml index 0a02f90..ff682f2 100644 --- a/weapons/feroxbuster.yaml +++ b/weapons/feroxbuster.yaml @@ -3,7 +3,7 @@ name: feroxbuster description: A fast, simple, recursive content discovery tool written in Rust. url: https://github.com/epi052/feroxbuster category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ffuf.yaml b/weapons/ffuf.yaml index 81505be..5483a73 100644 --- a/weapons/ffuf.yaml +++ b/weapons/ffuf.yaml @@ -3,7 +3,7 @@ name: ffuf description: 'Fast web fuzzer written in Go ' url: https://github.com/ffuf/ffuf category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/fhc.yaml b/weapons/fhc.yaml index 53a8d65..13872f7 100644 --- a/weapons/fhc.yaml +++ b/weapons/fhc.yaml @@ -3,7 +3,7 @@ name: fhc description: Fast HTTP Checker. url: https://github.com/Edu4rdSHL/fhc category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/findom-xss.yaml b/weapons/findom-xss.yaml index 5bb0472..834bbe8 100644 --- a/weapons/findom-xss.yaml +++ b/weapons/findom-xss.yaml @@ -3,7 +3,7 @@ name: findom-xss description: 'A fast DOM based XSS vulnerability scanner with simplicity. ' url: https://github.com/dwisiswant0/findom-xss category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/findomain.yaml b/weapons/findomain.yaml index 0bf58d8..8cfedfd 100644 --- a/weapons/findomain.yaml +++ b/weapons/findomain.yaml @@ -4,7 +4,7 @@ description: 'The fastest and cross-platform subdomain enumerator, do not waste time. ' url: https://github.com/Edu4rdSHL/findomain category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/fockcache.yaml b/weapons/fockcache.yaml index 58c9cb8..9b4e5d0 100644 --- a/weapons/fockcache.yaml +++ b/weapons/fockcache.yaml @@ -3,7 +3,7 @@ name: fockcache description: FockCache - Minimalized Test Cache Poisoning url: https://github.com/tismayil/fockcache category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/fuzzparam.yaml b/weapons/fuzzparam.yaml index 641ae89..e583bc2 100644 --- a/weapons/fuzzparam.yaml +++ b/weapons/fuzzparam.yaml @@ -3,7 +3,7 @@ name: fuzzparam description: A fast go based param miner to fuzz possible parameters a URL can have. url: https://github.com/0xsapra/fuzzparam category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/fzf.yaml b/weapons/fzf.yaml index 9cd16fb..c71d013 100644 --- a/weapons/fzf.yaml +++ b/weapons/fzf.yaml @@ -3,7 +3,7 @@ name: fzf description: A command-line fuzzy finder url: https://github.com/junegunn/fzf category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gau.yaml b/weapons/gau.yaml index 6998bff..2c8b5a8 100644 --- a/weapons/gau.yaml +++ b/weapons/gau.yaml @@ -4,7 +4,7 @@ description: Fetch known URLs from AlienVault's Open Threat Exchange, the Waybac Machine, and Common Crawl. url: https://github.com/lc/gau category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gauplus.yaml b/weapons/gauplus.yaml index 352f8b9..06a61ae 100644 --- a/weapons/gauplus.yaml +++ b/weapons/gauplus.yaml @@ -4,7 +4,7 @@ description: A modified version of gau for personal usage. Support workers, prox and some extra things. url: https://github.com/bp0lr/gauplus category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gee.yaml b/weapons/gee.yaml index 0884af7..eef84c0 100644 --- a/weapons/gee.yaml +++ b/weapons/gee.yaml @@ -5,7 +5,7 @@ description: "\U0001F3F5 Gee is tool of stdin to each files and stdout. It is si was written as go" url: https://github.com/hahwul/gee category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/getJS.yaml b/weapons/getJS.yaml index 23491bd..78bfa67 100644 --- a/weapons/getJS.yaml +++ b/weapons/getJS.yaml @@ -3,7 +3,7 @@ name: getJS description: A tool to fastly get all javascript sources/files url: https://github.com/003random/getJS category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gf.yaml b/weapons/gf.yaml index 6749963..43626a6 100644 --- a/weapons/gf.yaml +++ b/weapons/gf.yaml @@ -3,7 +3,7 @@ name: gf description: 'A wrapper around grep, to help you grep for things ' url: https://github.com/tomnomnom/gf category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gitGraber.yaml b/weapons/gitGraber.yaml index 5eaecf3..399384f 100644 --- a/weapons/gitGraber.yaml +++ b/weapons/gitGraber.yaml @@ -3,7 +3,7 @@ name: gitGraber description: 'gitGraber ' url: https://github.com/hisxo/gitGraber category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/github-endpoints.yaml b/weapons/github-endpoints.yaml index 25066f7..d46f5f4 100644 --- a/weapons/github-endpoints.yaml +++ b/weapons/github-endpoints.yaml @@ -3,7 +3,7 @@ name: github-endpoints description: Find endpoints on GitHub. url: https://github.com/gwen001/github-endpoints category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/github-regexp.yaml b/weapons/github-regexp.yaml index 203e367..49655e4 100644 --- a/weapons/github-regexp.yaml +++ b/weapons/github-regexp.yaml @@ -3,7 +3,7 @@ name: github-regexp description: Basically a regexp over a GitHub search. url: https://github.com/gwen001/github-regexp category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/github-search.yaml b/weapons/github-search.yaml index da1b29d..fbf5f03 100644 --- a/weapons/github-search.yaml +++ b/weapons/github-search.yaml @@ -3,7 +3,7 @@ name: github-search description: 'Tools to perform basic search on GitHub. ' url: https://github.com/gwen001/github-search category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/github-subdomains.yaml b/weapons/github-subdomains.yaml index 416ebe3..6e9031a 100644 --- a/weapons/github-subdomains.yaml +++ b/weapons/github-subdomains.yaml @@ -3,7 +3,7 @@ name: github-subdomains description: Find subdomains on GitHub url: https://github.com/gwen001/github-subdomains category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gitleaks.yaml b/weapons/gitleaks.yaml index 085007b..fd1cc78 100644 --- a/weapons/gitleaks.yaml +++ b/weapons/gitleaks.yaml @@ -3,7 +3,7 @@ name: gitleaks description: "Scan git repos (or files) for secrets using regex and entropy \U0001F511" url: https://github.com/zricethezav/gitleaks category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gitls.yaml b/weapons/gitls.yaml index eaac3e4..4fea465 100644 --- a/weapons/gitls.yaml +++ b/weapons/gitls.yaml @@ -3,7 +3,7 @@ name: gitls description: Listing git repository from URL/User/Org url: https://github.com/hahwul/gitls category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gitrob.yaml b/weapons/gitrob.yaml index 83a7aa7..ee6b984 100644 --- a/weapons/gitrob.yaml +++ b/weapons/gitrob.yaml @@ -3,7 +3,7 @@ name: gitrob description: 'Reconnaissance tool for GitHub organizations ' url: https://github.com/michenriksen/gitrob category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/go-dork.yaml b/weapons/go-dork.yaml index 6966923..866316b 100644 --- a/weapons/go-dork.yaml +++ b/weapons/go-dork.yaml @@ -3,7 +3,7 @@ name: go-dork description: 'The fastest dork scanner written in Go. ' url: https://github.com/dwisiswant0/go-dork category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gobuster.yaml b/weapons/gobuster.yaml index 9f31f52..b20c48e 100644 --- a/weapons/gobuster.yaml +++ b/weapons/gobuster.yaml @@ -3,7 +3,7 @@ name: gobuster description: 'Directory/File, DNS and VHost busting tool written in Go ' url: https://github.com/OJ/gobuster category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gospider.yaml b/weapons/gospider.yaml index b0a4733..f3902f4 100644 --- a/weapons/gospider.yaml +++ b/weapons/gospider.yaml @@ -3,7 +3,7 @@ name: gospider description: 'Gospider - Fast web spider written in Go ' url: https://github.com/jaeles-project/gospider category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/gotator.yaml b/weapons/gotator.yaml index e62aeda..34d243b 100644 --- a/weapons/gotator.yaml +++ b/weapons/gotator.yaml @@ -3,7 +3,7 @@ name: gotator description: Gotator is a tool to generate DNS wordlists through permutations. url: https://github.com/Josue87/gotator category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gotestwaf.yaml b/weapons/gotestwaf.yaml index cd285cf..54cb25f 100644 --- a/weapons/gotestwaf.yaml +++ b/weapons/gotestwaf.yaml @@ -4,7 +4,7 @@ description: An open-source project in Golang to test different web application (WAF) for detection logic and bypasses url: https://github.com/wallarm/gotestwaf category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gowitness.yaml b/weapons/gowitness.yaml index 11849b1..c857848 100644 --- a/weapons/gowitness.yaml +++ b/weapons/gowitness.yaml @@ -4,7 +4,7 @@ description: "\U0001F50D gowitness - a golang, web screenshot utility using Chro Headless " url: https://github.com/sensepost/gowitness category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/graphql-voyager.yaml b/weapons/graphql-voyager.yaml index 9d12e34..286a1cb 100644 --- a/weapons/graphql-voyager.yaml +++ b/weapons/graphql-voyager.yaml @@ -3,7 +3,7 @@ name: graphql-voyager description: "\U0001F6F0️ Represent any GraphQL API as an interactive graph " url: https://github.com/APIs-guru/graphql-voyager category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/grc.yaml b/weapons/grc.yaml index 0113914..02c56e6 100644 --- a/weapons/grc.yaml +++ b/weapons/grc.yaml @@ -3,7 +3,7 @@ name: grc description: generic colouriser url: https://github.com/garabik/grc category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/grex.yaml b/weapons/grex.yaml index 792d6e3..29b4bba 100644 --- a/weapons/grex.yaml +++ b/weapons/grex.yaml @@ -4,7 +4,7 @@ description: A command-line tool and library for generating regular expressions user-provided test cases url: https://github.com/pemistahl/grex category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/gron.yaml b/weapons/gron.yaml index cac3d58..fbb0593 100644 --- a/weapons/gron.yaml +++ b/weapons/gron.yaml @@ -3,7 +3,7 @@ name: gron description: 'Make JSON greppable! ' url: https://github.com/tomnomnom/gron category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/h2csmuggler.yaml b/weapons/h2csmuggler.yaml index 861ef8f..3aa2995 100644 --- a/weapons/h2csmuggler.yaml +++ b/weapons/h2csmuggler.yaml @@ -3,7 +3,7 @@ name: h2csmuggler description: HTTP Request Smuggling Detection Tool url: https://github.com/assetnote/h2csmuggler category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hacks.yaml b/weapons/hacks.yaml index 729882d..6d8d328 100644 --- a/weapons/hacks.yaml +++ b/weapons/hacks.yaml @@ -3,7 +3,7 @@ name: hacks description: 'A collection of hacks and one-off scripts ' url: https://github.com/tomnomnom/hacks category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hakcheckurl.yaml b/weapons/hakcheckurl.yaml index 49511d9..3ecb07a 100644 --- a/weapons/hakcheckurl.yaml +++ b/weapons/hakcheckurl.yaml @@ -3,7 +3,7 @@ name: hakcheckurl description: Takes a list of URLs and returns their HTTP response codes url: https://github.com/hakluke/hakcheckurl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/hakrawler.yaml b/weapons/hakrawler.yaml index 193b3c3..19e7c5a 100644 --- a/weapons/hakrawler.yaml +++ b/weapons/hakrawler.yaml @@ -4,7 +4,7 @@ description: 'Simple, fast web crawler designed for easy, quick discovery of end and assets within a web application ' url: https://github.com/hakluke/hakrawler category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hakrevdns.yaml b/weapons/hakrevdns.yaml index fa7b879..eb70eec 100644 --- a/weapons/hakrevdns.yaml +++ b/weapons/hakrevdns.yaml @@ -3,7 +3,7 @@ name: hakrevdns description: 'Small, fast tool for performing reverse DNS lookups en masse. ' url: https://github.com/hakluke/hakrevdns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/haktrails.yaml b/weapons/haktrails.yaml index 782d958..53cfe86 100644 --- a/weapons/haktrails.yaml +++ b/weapons/haktrails.yaml @@ -3,7 +3,7 @@ name: haktrails description: Golang client for querying SecurityTrails API data url: https://github.com/hakluke/haktrails category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/hashcat.yaml b/weapons/hashcat.yaml index 0df7ee6..28e6099 100644 --- a/weapons/hashcat.yaml +++ b/weapons/hashcat.yaml @@ -3,7 +3,7 @@ name: hashcat description: 'World''s fastest and most advanced password recovery utility ' url: https://github.com/hashcat/hashcat/ category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/headi.yaml b/weapons/headi.yaml index a90b73b..70e550f 100644 --- a/weapons/headi.yaml +++ b/weapons/headi.yaml @@ -3,7 +3,7 @@ name: headi description: Customisable and automated HTTP header injection url: https://github.com/mlcsec/headi category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/hetty.yaml b/weapons/hetty.yaml index d1c66c2..65ef483 100644 --- a/weapons/hetty.yaml +++ b/weapons/hetty.yaml @@ -5,7 +5,7 @@ description: Hetty is an HTTP toolkit for security research. It aims to become a features tailored to the needs of the infosec and bug bounty community. url: https://github.com/dstotijn/hetty category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hinject.yaml b/weapons/hinject.yaml index 1b6233b..f95b7a5 100644 --- a/weapons/hinject.yaml +++ b/weapons/hinject.yaml @@ -3,7 +3,7 @@ name: hinject description: 'Host Header Injection Checker ' url: https://github.com/dwisiswant0/hinject category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/htcat.yaml b/weapons/htcat.yaml index ff6e227..89e6c39 100644 --- a/weapons/htcat.yaml +++ b/weapons/htcat.yaml @@ -3,7 +3,7 @@ name: htcat description: 'Parallel and Pipelined HTTP GET Utility ' url: https://github.com/htcat/htcat category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/http-request-smuggler.yaml b/weapons/http-request-smuggler.yaml index 2cbc389..4b5d09f 100644 --- a/weapons/http-request-smuggler.yaml +++ b/weapons/http-request-smuggler.yaml @@ -3,7 +3,7 @@ name: http-request-smuggler description: url: https://github.com/PortSwigger/http-request-smuggler category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/http-request-smuggling.yaml b/weapons/http-request-smuggling.yaml index bceaa99..dd63c11 100644 --- a/weapons/http-request-smuggling.yaml +++ b/weapons/http-request-smuggling.yaml @@ -3,7 +3,7 @@ name: http-request-smuggling description: HTTP Request Smuggling Detection Tool url: https://github.com/anshumanpattnaik/http-request-smuggling category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/http-script-generator.yaml b/weapons/http-script-generator.yaml index bc36948..5a20a45 100644 --- a/weapons/http-script-generator.yaml +++ b/weapons/http-script-generator.yaml @@ -3,7 +3,7 @@ name: http-script-generator description: url: https://github.com/h3xstream/http-script-generator category: tool-addon -types: [] +type: platform: - burpsuite - zap diff --git a/weapons/http2smugl.yaml b/weapons/http2smugl.yaml index a507772..be67019 100644 --- a/weapons/http2smugl.yaml +++ b/weapons/http2smugl.yaml @@ -4,7 +4,7 @@ description: This tool helps to detect and exploit HTTP request smuggling in cas it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. url: https://github.com/neex/http2smugl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/httpie.yaml b/weapons/httpie.yaml index 33bcf5e..eb4784a 100644 --- a/weapons/httpie.yaml +++ b/weapons/httpie.yaml @@ -5,7 +5,7 @@ description: "As easy as /aitch-tee-tee-pie/ \U0001F967 Modern, user-friendly co & more. https://twitter.com/httpie" url: https://github.com/httpie/httpie category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/httprobe.yaml b/weapons/httprobe.yaml index 56a9a4e..911f3f3 100644 --- a/weapons/httprobe.yaml +++ b/weapons/httprobe.yaml @@ -3,7 +3,7 @@ name: httprobe description: 'Take a list of domains and probe for working HTTP and HTTPS servers ' url: https://github.com/tomnomnom/httprobe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/httptoolkit.yaml b/weapons/httptoolkit.yaml index c39ec57..eb49a6e 100644 --- a/weapons/httptoolkit.yaml +++ b/weapons/httptoolkit.yaml @@ -4,7 +4,7 @@ description: HTTP Toolkit is a beautiful & open-source tool for debugging, testi and building with HTTP(S) on Windows, Linux & Mac url: https://github.com/httptoolkit/httptoolkit category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/httpx.yaml b/weapons/httpx.yaml index 4904d31..1ce18cc 100644 --- a/weapons/httpx.yaml +++ b/weapons/httpx.yaml @@ -5,7 +5,7 @@ description: 'httpx is a fast and multi-purpose HTTP toolkit allow to run multip with increased threads. ' url: https://github.com/projectdiscovery/httpx category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/hurl.yaml b/weapons/hurl.yaml index f574e36..c5e6bd5 100644 --- a/weapons/hurl.yaml +++ b/weapons/hurl.yaml @@ -3,7 +3,7 @@ name: hurl description: Hurl, run and test HTTP requests. url: https://github.com/Orange-OpenSource/hurl category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/inql.yaml b/weapons/inql.yaml index 5c3b625..6cc1788 100644 --- a/weapons/inql.yaml +++ b/weapons/inql.yaml @@ -3,7 +3,7 @@ name: inql description: url: https://github.com/doyensec/inql category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/interactsh.yaml b/weapons/interactsh.yaml index 69c828c..2cfbdce 100644 --- a/weapons/interactsh.yaml +++ b/weapons/interactsh.yaml @@ -3,7 +3,7 @@ name: interactsh description: An OOB interaction gathering server and client library url: https://github.com/projectdiscovery/interactsh category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/intrigue-core.yaml b/weapons/intrigue-core.yaml index 5c10f54..b67af7d 100644 --- a/weapons/intrigue-core.yaml +++ b/weapons/intrigue-core.yaml @@ -3,7 +3,7 @@ name: intrigue-core description: 'Discover Your Attack Surface ' url: https://github.com/intrigueio/intrigue-core category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/jaeles.yaml b/weapons/jaeles.yaml index b3ea758..193161f 100644 --- a/weapons/jaeles.yaml +++ b/weapons/jaeles.yaml @@ -3,7 +3,7 @@ name: jaeles description: 'The Swiss Army knife for automated Web Application Testing ' url: https://github.com/jaeles-project/jaeles category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/jsfuck.yaml b/weapons/jsfuck.yaml index 3bd94d1..4188b42 100644 --- a/weapons/jsfuck.yaml +++ b/weapons/jsfuck.yaml @@ -3,7 +3,7 @@ name: jsfuck description: Write any JavaScript with 6 Characters url: https://github.com/aemkei/jsfuck category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/jsonwebtoken.github.io.yaml b/weapons/jsonwebtoken.github.io.yaml index 0cf8f23..f915769 100644 --- a/weapons/jsonwebtoken.github.io.yaml +++ b/weapons/jsonwebtoken.github.io.yaml @@ -3,7 +3,7 @@ name: jsonwebtoken.github.io description: JWT En/Decode and Verify url: https://github.com/jsonwebtoken/jsonwebtoken.github.io category: browser-addon -types: [] +type: platform: - chrome - firefox diff --git a/weapons/jsprime.yaml b/weapons/jsprime.yaml index c6a1e64..25a9050 100644 --- a/weapons/jsprime.yaml +++ b/weapons/jsprime.yaml @@ -3,7 +3,7 @@ name: jsprime description: a javascript static security analysis tool url: https://github.com/dpnishant/jsprime category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/jwt-cracker.yaml b/weapons/jwt-cracker.yaml index 7a95c3f..6e3c298 100644 --- a/weapons/jwt-cracker.yaml +++ b/weapons/jwt-cracker.yaml @@ -3,7 +3,7 @@ name: jwt-cracker description: 'Simple HS256 JWT token brute force cracker ' url: https://github.com/lmammino/jwt-cracker category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/jwt-hack.yaml b/weapons/jwt-hack.yaml index 82c25dd..13cce9c 100644 --- a/weapons/jwt-hack.yaml +++ b/weapons/jwt-hack.yaml @@ -4,7 +4,7 @@ description: "\U0001F529 jwt-hack is tool for hacking / security testing to JWT. for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)" url: https://github.com/hahwul/jwt-hack category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/kiterunner.yaml b/weapons/kiterunner.yaml index 48b0bb1..9e61a84 100644 --- a/weapons/kiterunner.yaml +++ b/weapons/kiterunner.yaml @@ -3,7 +3,7 @@ name: kiterunner description: Contextual Content Discovery Tool url: https://github.com/assetnote/kiterunner category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/knife.yaml b/weapons/knife.yaml index e0d8633..fb2808b 100644 --- a/weapons/knife.yaml +++ b/weapons/knife.yaml @@ -3,7 +3,7 @@ name: knife description: A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 url: https://github.com/bit4woo/knife category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/knock.yaml b/weapons/knock.yaml index 040b0bf..87cde91 100644 --- a/weapons/knock.yaml +++ b/weapons/knock.yaml @@ -3,7 +3,7 @@ name: knock description: 'Knock Subdomain Scan ' url: https://github.com/guelfoweb/knock category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/lazyrecon.yaml b/weapons/lazyrecon.yaml index 25f1a2f..0752c0d 100644 --- a/weapons/lazyrecon.yaml +++ b/weapons/lazyrecon.yaml @@ -4,7 +4,7 @@ description: 'This script is intended to automate your reconnaissance process in organized fashion ' url: https://github.com/nahamsec/lazyrecon category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/longtongue.yaml b/weapons/longtongue.yaml index 3f537c8..29ae2c5 100644 --- a/weapons/longtongue.yaml +++ b/weapons/longtongue.yaml @@ -3,7 +3,7 @@ name: longtongue description: Customized Password/Passphrase List inputting Target Info url: https://github.com/edoardottt/longtongue category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/masscan.yaml b/weapons/masscan.yaml index 42ed8a3..29ae625 100644 --- a/weapons/masscan.yaml +++ b/weapons/masscan.yaml @@ -4,7 +4,7 @@ description: 'TCP port scanner, spews SYN packets asynchronously, scanning entir Internet in under 5 minutes. ' url: https://github.com/robertdavidgraham/masscan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/medusa.yaml b/weapons/medusa.yaml index 9c5cc0f..0684780 100644 --- a/weapons/medusa.yaml +++ b/weapons/medusa.yaml @@ -3,7 +3,7 @@ name: medusa description: 'Fastest recursive HTTP fuzzer, like a Ferrari. ' url: https://github.com/riza/medusa category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/meg.yaml b/weapons/meg.yaml index 9cfd64a..49ac20c 100644 --- a/weapons/meg.yaml +++ b/weapons/meg.yaml @@ -3,7 +3,7 @@ name: meg description: 'Fetch many paths for many hosts - without killing the hosts ' url: https://github.com/tomnomnom/meg category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/megplus.yaml b/weapons/megplus.yaml index e1f4431..858468e 100644 --- a/weapons/megplus.yaml +++ b/weapons/megplus.yaml @@ -3,7 +3,7 @@ name: megplus description: 'Automated reconnaissance wrapper — TomNomNom''s meg on steroids. [DEPRECATED] ' url: https://github.com/EdOverflow/megplus category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/naabu.yaml b/weapons/naabu.yaml index b227115..557ed7c 100644 --- a/weapons/naabu.yaml +++ b/weapons/naabu.yaml @@ -5,7 +5,7 @@ description: 'A fast port scanner written in go with focus on reliability and si in bug bounties and pentests ' url: https://github.com/projectdiscovery/naabu category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nikto.yaml b/weapons/nikto.yaml index debb6a9..228edd1 100644 --- a/weapons/nikto.yaml +++ b/weapons/nikto.yaml @@ -3,7 +3,7 @@ name: nikto description: 'Nikto web server scanner ' url: https://github.com/sullo/nikto category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nmap.yaml b/weapons/nmap.yaml index 6c2dbb4..08344f4 100644 --- a/weapons/nmap.yaml +++ b/weapons/nmap.yaml @@ -3,7 +3,7 @@ name: nmap description: 'Nmap - the Network Mapper. Github mirror of official SVN repository. ' url: https://github.com/nmap/nmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nosqli.yaml b/weapons/nosqli.yaml index 8a398b8..2dab1c8 100644 --- a/weapons/nosqli.yaml +++ b/weapons/nosqli.yaml @@ -3,7 +3,7 @@ name: nosqli description: NoSql Injection CLI tool url: https://github.com/Charlie-belmer/nosqli category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/nuclei.yaml b/weapons/nuclei.yaml index 95c951f..8aef515 100644 --- a/weapons/nuclei.yaml +++ b/weapons/nuclei.yaml @@ -4,7 +4,7 @@ description: 'Nuclei is a fast tool for configurable targeted scanning based on offering massive extensibility and ease of use. ' url: https://github.com/projectdiscovery/nuclei category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ob_hacky_slack.yaml b/weapons/ob_hacky_slack.yaml index 7be0fc0..6abce65 100644 --- a/weapons/ob_hacky_slack.yaml +++ b/weapons/ob_hacky_slack.yaml @@ -3,7 +3,7 @@ name: ob_hacky_slack description: Hacky Slack - a bash script that sends beautiful messages to Slack url: https://github.com/openbridge/ob_hacky_slack category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/owasp-zap-jwt-addon.yaml b/weapons/owasp-zap-jwt-addon.yaml index f8b53ba..8263679 100644 --- a/weapons/owasp-zap-jwt-addon.yaml +++ b/weapons/owasp-zap-jwt-addon.yaml @@ -3,7 +3,7 @@ name: owasp-zap-jwt-addon description: url: https://github.com/SasanLabs/owasp-zap-jwt-addon category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/oxml_xxe.yaml b/weapons/oxml_xxe.yaml index b5ceca5..167c867 100644 --- a/weapons/oxml_xxe.yaml +++ b/weapons/oxml_xxe.yaml @@ -3,7 +3,7 @@ name: oxml_xxe description: 'A tool for embedding XXE/XML exploits into different filetypes ' url: https://github.com/BuffaloWill/oxml_xxe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/pagodo.yaml b/weapons/pagodo.yaml index 7db2d2a..88a1ab3 100644 --- a/weapons/pagodo.yaml +++ b/weapons/pagodo.yaml @@ -4,7 +4,7 @@ description: pagodo (Passive Google Dork) - Automate Google Hacking Database scr and searching url: https://github.com/opsdisk/pagodo category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/param-miner.yaml b/weapons/param-miner.yaml index 7bcc573..b3a4760 100644 --- a/weapons/param-miner.yaml +++ b/weapons/param-miner.yaml @@ -3,7 +3,7 @@ name: param-miner description: url: https://github.com/PortSwigger/param-miner category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/parameth.yaml b/weapons/parameth.yaml index 6cd81e3..ca72e9e 100644 --- a/weapons/parameth.yaml +++ b/weapons/parameth.yaml @@ -3,7 +3,7 @@ name: parameth description: This tool can be used to brute discover GET and POST parameters url: https://github.com/maK-/parameth category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/pentest-tools.yaml b/weapons/pentest-tools.yaml index 490b9bf..0f96953 100644 --- a/weapons/pentest-tools.yaml +++ b/weapons/pentest-tools.yaml @@ -3,7 +3,7 @@ name: pentest-tools description: 'Custom pentesting tools ' url: https://github.com/gwen001/pentest-tools category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/pet.yaml b/weapons/pet.yaml index b1895b3..b326659 100644 --- a/weapons/pet.yaml +++ b/weapons/pet.yaml @@ -3,7 +3,7 @@ name: pet description: Simple command-line snippet manager, written in Go. url: https://github.com/knqyf263/pet category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/plution.yaml b/weapons/plution.yaml index 9a7707d..0a46894 100644 --- a/weapons/plution.yaml +++ b/weapons/plution.yaml @@ -3,7 +3,7 @@ name: plution description: Prototype pollution scanner using headless chrome url: https://github.com/raverrr/plution category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/postMessage-tracker.yaml b/weapons/postMessage-tracker.yaml index dd1846d..e41a81a 100644 --- a/weapons/postMessage-tracker.yaml +++ b/weapons/postMessage-tracker.yaml @@ -4,7 +4,7 @@ description: A Chrome Extension to track postMessage usage (url, domain and stac both by logging using CORS and also visually as an extension-icon url: https://github.com/fransr/postMessage-tracker category: browser-addon -types: [] +type: platform: - chrome lang: [] diff --git a/weapons/ppfuzz.yaml b/weapons/ppfuzz.yaml index 2698546..38a943c 100644 --- a/weapons/ppfuzz.yaml +++ b/weapons/ppfuzz.yaml @@ -4,7 +4,7 @@ description: "A fast tool to scan client-side prototype pollution vulnerability in Rust. \U0001F980" url: https://github.com/dwisiswant0/ppfuzz category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ppmap.yaml b/weapons/ppmap.yaml index 6ca421c..5d9c111 100644 --- a/weapons/ppmap.yaml +++ b/weapons/ppmap.yaml @@ -4,7 +4,7 @@ description: A scanner/exploitation tool written in GO, which leverages client-s Prototype Pollution to XSS by exploiting known gadgets. url: https://github.com/kleiton0x00/ppmap category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/proxify.yaml b/weapons/proxify.yaml index 2b7ad24..105b50b 100644 --- a/weapons/proxify.yaml +++ b/weapons/proxify.yaml @@ -4,7 +4,7 @@ description: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipul and replay url: https://github.com/projectdiscovery/proxify category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/puredns.yaml b/weapons/puredns.yaml index ff9db20..9cabfb2 100644 --- a/weapons/puredns.yaml +++ b/weapons/puredns.yaml @@ -4,7 +4,7 @@ description: Puredns is a fast domain resolver and subdomain bruteforcing tool t can accurately filter out wildcard subdomains and DNS poisoned entries. url: https://github.com/d3mondev/puredns category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/pwncat.yaml b/weapons/pwncat.yaml index 8cff32f..26245e5 100644 --- a/weapons/pwncat.yaml +++ b/weapons/pwncat.yaml @@ -5,7 +5,7 @@ description: 'pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind a with Python (PSE) ' url: https://github.com/cytopia/pwncat category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/qsreplace.yaml b/weapons/qsreplace.yaml index 579723b..17ab3ae 100644 --- a/weapons/qsreplace.yaml +++ b/weapons/qsreplace.yaml @@ -4,7 +4,7 @@ description: 'Accept URLs on stdin, replace all query string values with a user- value ' url: https://github.com/tomnomnom/qsreplace category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/quickjack.yaml b/weapons/quickjack.yaml index fbc8708..b408483 100644 --- a/weapons/quickjack.yaml +++ b/weapons/quickjack.yaml @@ -4,7 +4,7 @@ description: Quickjack is a point-and-click tool for intuitively producing advan clickjacking and frame slicing attacks. url: https://github.com/samyk/quickjack category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/rapidscan.yaml b/weapons/rapidscan.yaml index ae70793..4cae278 100644 --- a/weapons/rapidscan.yaml +++ b/weapons/rapidscan.yaml @@ -3,7 +3,7 @@ name: rapidscan description: 'The Multi-Tool Web Vulnerability Scanner. ' url: https://github.com/skavngr/rapidscan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/recon_profile.yaml b/weapons/recon_profile.yaml index 6a2f724..18e12fb 100644 --- a/weapons/recon_profile.yaml +++ b/weapons/recon_profile.yaml @@ -3,7 +3,7 @@ name: recon_profile description: 'Recon profile (bash profile) for bugbounty ' url: https://github.com/nahamsec/recon_profile category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/reconftw.yaml b/weapons/reconftw.yaml index a8b061b..b3c80a6 100644 --- a/weapons/reconftw.yaml +++ b/weapons/reconftw.yaml @@ -4,7 +4,7 @@ description: reconFTW is a tool designed to perform automated recon on a target by running the best set of tools to perform scanning and finding out vulnerabilities url: https://github.com/six2dez/reconftw category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/reflect.yaml b/weapons/reflect.yaml index 2ad9594..756cf38 100644 --- a/weapons/reflect.yaml +++ b/weapons/reflect.yaml @@ -3,7 +3,7 @@ name: reflect description: url: https://github.com/TypeError/reflect category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/reflected-parameters.yaml b/weapons/reflected-parameters.yaml index 14245f0..f3e9547 100644 --- a/weapons/reflected-parameters.yaml +++ b/weapons/reflected-parameters.yaml @@ -3,7 +3,7 @@ name: reflected-parameters description: url: https://github.com/PortSwigger/reflected-parameters category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/rengine.yaml b/weapons/rengine.yaml index 9b7be01..2079239 100644 --- a/weapons/rengine.yaml +++ b/weapons/rengine.yaml @@ -5,7 +5,7 @@ description: 'reNgine is an automated reconnaissance framework meant for gatheri scan engines, which can be used to scan the websites, endpoints, and gather information. ' url: https://github.com/yogeshojha/rengine category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/rusolver.yaml b/weapons/rusolver.yaml index afd97ef..f744407 100644 --- a/weapons/rusolver.yaml +++ b/weapons/rusolver.yaml @@ -3,7 +3,7 @@ name: rusolver description: Fast and accurate DNS resolver. url: https://github.com/Edu4rdSHL/rusolver category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/s3reverse.yaml b/weapons/s3reverse.yaml index b84bb80..f41ef4b 100644 --- a/weapons/s3reverse.yaml +++ b/weapons/s3reverse.yaml @@ -4,7 +4,7 @@ description: 'The format of various s3 buckets is convert in one format. for bug and security testing. ' url: https://github.com/hahwul/s3reverse category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/safecopy.yaml b/weapons/safecopy.yaml index a9f903a..48bded6 100644 --- a/weapons/safecopy.yaml +++ b/weapons/safecopy.yaml @@ -3,7 +3,7 @@ name: safecopy description: url: https://github.com/yashrs/safecopy category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/scilla.yaml b/weapons/scilla.yaml index 980ae98..cd4cb49 100644 --- a/weapons/scilla.yaml +++ b/weapons/scilla.yaml @@ -4,7 +4,7 @@ description: "\U0001F3F4‍☠️ Information Gathering tool \U0001F3F4‍☠️ enumeration" url: https://github.com/edoardottt/scilla category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/security-crawl-maze.yaml b/weapons/security-crawl-maze.yaml index 9348bb8..a075bb4 100644 --- a/weapons/security-crawl-maze.yaml +++ b/weapons/security-crawl-maze.yaml @@ -5,7 +5,7 @@ description: Security Crawl Maze is a comprehensive testbed for web security cra valid HTML document. url: https://github.com/google/security-crawl-maze category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/security-research-pocs.yaml b/weapons/security-research-pocs.yaml index db6f2d5..431eaa1 100644 --- a/weapons/security-research-pocs.yaml +++ b/weapons/security-research-pocs.yaml @@ -4,7 +4,7 @@ description: Proof-of-concept codes created as part of security research done by Security Team. url: https://github.com/google/security-research-pocs category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/shuffledns.yaml b/weapons/shuffledns.yaml index cd0d857..9df208a 100644 --- a/weapons/shuffledns.yaml +++ b/weapons/shuffledns.yaml @@ -5,7 +5,7 @@ description: 'shuffleDNS is a wrapper around massdns written in go that allows y with wildcard handling and easy input-output support. ' url: https://github.com/projectdiscovery/shuffledns category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/singularity.yaml b/weapons/singularity.yaml index 38d70bc..a9a6d45 100644 --- a/weapons/singularity.yaml +++ b/weapons/singularity.yaml @@ -3,7 +3,7 @@ name: singularity description: A DNS rebinding attack framework. url: https://github.com/nccgroup/singularity category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/slackcat.yaml b/weapons/slackcat.yaml index 79edd05..96eea41 100644 --- a/weapons/slackcat.yaml +++ b/weapons/slackcat.yaml @@ -3,7 +3,7 @@ name: slackcat description: CLI utility to post files and command output to slack url: https://github.com/bcicen/slackcat category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/smuggler.yaml b/weapons/smuggler.yaml index 15ccf7d..b70ed28 100644 --- a/weapons/smuggler.yaml +++ b/weapons/smuggler.yaml @@ -4,7 +4,7 @@ description: 'Smuggler - An HTTP Request Smuggling / Desync testing tool written Python 3 ' url: https://github.com/defparam/smuggler category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/sn0int.yaml b/weapons/sn0int.yaml index 3ab07df..0108586 100644 --- a/weapons/sn0int.yaml +++ b/weapons/sn0int.yaml @@ -3,7 +3,7 @@ name: sn0int description: Semi-automatic OSINT framework and package manager url: https://github.com/kpcyrd/sn0int category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/spiderfoot.yaml b/weapons/spiderfoot.yaml index e9dba3f..32ed9a1 100644 --- a/weapons/spiderfoot.yaml +++ b/weapons/spiderfoot.yaml @@ -3,7 +3,7 @@ name: spiderfoot description: SpiderFoot automates OSINT collection so that you can focus on analysis. url: https://github.com/smicallef/spiderfoot category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/sqliv.yaml b/weapons/sqliv.yaml index 3cfc29a..663f0cb 100644 --- a/weapons/sqliv.yaml +++ b/weapons/sqliv.yaml @@ -3,7 +3,7 @@ name: sqliv description: massive SQL injection vulnerability scanner url: https://github.com/the-robot/sqliv category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/sqlmap.yaml b/weapons/sqlmap.yaml index ef2ddfc..a723383 100644 --- a/weapons/sqlmap.yaml +++ b/weapons/sqlmap.yaml @@ -3,7 +3,7 @@ name: sqlmap description: Automatic SQL injection and database takeover tool url: https://github.com/sqlmapproject/sqlmap category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ssrf-sheriff.yaml b/weapons/ssrf-sheriff.yaml index 898b695..e5db311 100644 --- a/weapons/ssrf-sheriff.yaml +++ b/weapons/ssrf-sheriff.yaml @@ -3,7 +3,7 @@ name: ssrf-sheriff description: 'A simple SSRF-testing sheriff written in Go ' url: https://github.com/teknogeek/ssrf-sheriff category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subfinder.yaml b/weapons/subfinder.yaml index 2e1a4b2..86f148c 100644 --- a/weapons/subfinder.yaml +++ b/weapons/subfinder.yaml @@ -5,7 +5,7 @@ description: 'Subfinder is a subdomain discovery tool that discovers valid subdo safe for penetration testing. ' url: https://github.com/projectdiscovery/subfinder category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subgen.yaml b/weapons/subgen.yaml index 441dfda..307ff31 100644 --- a/weapons/subgen.yaml +++ b/weapons/subgen.yaml @@ -4,7 +4,7 @@ description: A really simple utility to concate wordlists to a domain name - to into your favourite resolver! url: https://github.com/pry0cc/subgen category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/subjack.yaml b/weapons/subjack.yaml index e52dbf5..d69d5d6 100644 --- a/weapons/subjack.yaml +++ b/weapons/subjack.yaml @@ -3,7 +3,7 @@ name: subjack description: 'Subdomain Takeover tool written in Go ' url: https://github.com/haccer/subjack category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subjs.yaml b/weapons/subjs.yaml index f1607c6..74101b3 100644 --- a/weapons/subjs.yaml +++ b/weapons/subjs.yaml @@ -3,7 +3,7 @@ name: subjs description: Fetches javascript file from a list of URLS or subdomains. url: https://github.com/lc/subjs category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/subs_all.yaml b/weapons/subs_all.yaml index b452cb1..e348658 100644 --- a/weapons/subs_all.yaml +++ b/weapons/subs_all.yaml @@ -3,7 +3,7 @@ name: subs_all description: 'Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ' url: https://github.com/emadshanab/subs_all category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/subzy.yaml b/weapons/subzy.yaml index 0b3a428..fc5f347 100644 --- a/weapons/subzy.yaml +++ b/weapons/subzy.yaml @@ -3,7 +3,7 @@ name: subzy description: Subdomain takeover vulnerability checker url: https://github.com/LukaSikic/subzy category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/taborator.yaml b/weapons/taborator.yaml index e18439a..2ea9860 100644 --- a/weapons/taborator.yaml +++ b/weapons/taborator.yaml @@ -3,7 +3,7 @@ name: taborator description: url: https://github.com/hackvertor/taborator category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/template-generator.yaml b/weapons/template-generator.yaml index 95c0c11..0e46d7f 100644 --- a/weapons/template-generator.yaml +++ b/weapons/template-generator.yaml @@ -6,7 +6,7 @@ description: 'A simple variable based template editor using handlebarjs+strapdow generate the list of files in the dropdown of templates. ' url: https://github.com/fransr/template-generator category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/testssl.sh.yaml b/weapons/testssl.sh.yaml index daaa991..6011d62 100644 --- a/weapons/testssl.sh.yaml +++ b/weapons/testssl.sh.yaml @@ -3,7 +3,7 @@ name: testssl.sh description: 'Testing TLS/SSL encryption anywhere on any port ' url: https://github.com/drwetter/testssl.sh category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/thc-hydra.yaml b/weapons/thc-hydra.yaml index eb16807..86cfc14 100644 --- a/weapons/thc-hydra.yaml +++ b/weapons/thc-hydra.yaml @@ -3,7 +3,7 @@ name: thc-hydra description: 'hydra ' url: https://github.com/vanhauser-thc/thc-hydra category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/tiscripts.yaml b/weapons/tiscripts.yaml index b20e22f..30f8e97 100644 --- a/weapons/tiscripts.yaml +++ b/weapons/tiscripts.yaml @@ -3,7 +3,7 @@ name: tiscripts description: Turbo Intruder Scripts url: https://github.com/defparam/tiscripts category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/tplmap.yaml b/weapons/tplmap.yaml index d00e1e5..967d5ff 100644 --- a/weapons/tplmap.yaml +++ b/weapons/tplmap.yaml @@ -4,7 +4,7 @@ description: Server-Side Template Injection and Code Injection Detection and Exp Tool url: https://github.com/epinna/tplmap category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/turbo-intruder.yaml b/weapons/turbo-intruder.yaml index deca9d5..d577328 100644 --- a/weapons/turbo-intruder.yaml +++ b/weapons/turbo-intruder.yaml @@ -3,7 +3,7 @@ name: turbo-intruder description: url: https://github.com/PortSwigger/turbo-intruder category: tool-addon -types: [] +type: platform: - burpsuite lang: [] diff --git a/weapons/uncover.yaml b/weapons/uncover.yaml index 211824e..c67a74f 100644 --- a/weapons/uncover.yaml +++ b/weapons/uncover.yaml @@ -4,7 +4,7 @@ description: Quickly discover exposed hosts on the internet using multiple searc engine. url: https://github.com/projectdiscovery/uncover category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/unfurl.yaml b/weapons/unfurl.yaml index 2e6c31a..f058dcf 100644 --- a/weapons/unfurl.yaml +++ b/weapons/unfurl.yaml @@ -3,7 +3,7 @@ name: unfurl description: 'Pull out bits of URLs provided on stdin ' url: https://github.com/tomnomnom/unfurl category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/urlgrab.yaml b/weapons/urlgrab.yaml index e5e2088..51aa54f 100644 --- a/weapons/urlgrab.yaml +++ b/weapons/urlgrab.yaml @@ -4,7 +4,7 @@ description: 'A golang utility to spider through a website searching for additio links. ' url: https://github.com/IAmStoxe/urlgrab category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/urlhunter.yaml b/weapons/urlhunter.yaml index 17a1e61..0090924 100644 --- a/weapons/urlhunter.yaml +++ b/weapons/urlhunter.yaml @@ -4,7 +4,7 @@ description: a recon tool that allows searching on URLs that are exposed via sho services url: https://github.com/utkusen/urlhunter category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/urlprobe.yaml b/weapons/urlprobe.yaml index da500d0..752d840 100644 --- a/weapons/urlprobe.yaml +++ b/weapons/urlprobe.yaml @@ -3,7 +3,7 @@ name: urlprobe description: 'Urls status code & content length checker ' url: https://github.com/1ndianl33t/urlprobe category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/uro.yaml b/weapons/uro.yaml index 894a46a..2f7d1c0 100644 --- a/weapons/uro.yaml +++ b/weapons/uro.yaml @@ -3,7 +3,7 @@ name: uro description: declutters url lists for crawling/pentesting url: https://github.com/s0md3v/uro category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/waybackurls.yaml b/weapons/waybackurls.yaml index 3dbcdb9..03341e5 100644 --- a/weapons/waybackurls.yaml +++ b/weapons/waybackurls.yaml @@ -3,7 +3,7 @@ name: waybackurls description: 'Fetch all the URLs that the Wayback Machine knows about for a domain ' url: https://github.com/tomnomnom/waybackurls category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/weaponised-XSS-payloads.yaml b/weapons/weaponised-XSS-payloads.yaml index e240a84..b1bbffd 100644 --- a/weapons/weaponised-XSS-payloads.yaml +++ b/weapons/weaponised-XSS-payloads.yaml @@ -3,7 +3,7 @@ name: weaponised-XSS-payloads description: XSS payloads designed to turn alert(1) into P1 url: https://github.com/hakluke/weaponised-XSS-payloads category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/web_cache_poison.yaml b/weapons/web_cache_poison.yaml index ccd3286..4e0bcd3 100644 --- a/weapons/web_cache_poison.yaml +++ b/weapons/web_cache_poison.yaml @@ -3,7 +3,7 @@ name: web_cache_poison description: web cache poison - Top 1 web hacking technique of 2019 url: https://github.com/fngoo/web_cache_poison category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/websocket-connection-smuggler.yaml b/weapons/websocket-connection-smuggler.yaml index 72a1a18..716fdad 100644 --- a/weapons/websocket-connection-smuggler.yaml +++ b/weapons/websocket-connection-smuggler.yaml @@ -3,7 +3,7 @@ name: websocket-connection-smuggler description: websocket-connection-smuggler url: https://github.com/hahwul/websocket-connection-smuggler category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wfuzz.yaml b/weapons/wfuzz.yaml index 7bc6163..8d6e491 100644 --- a/weapons/wfuzz.yaml +++ b/weapons/wfuzz.yaml @@ -3,7 +3,7 @@ name: wfuzz description: 'Web application fuzzer ' url: https://github.com/xmendez/wfuzz category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/wprecon.yaml b/weapons/wprecon.yaml index debe825..5bf0152 100644 --- a/weapons/wprecon.yaml +++ b/weapons/wprecon.yaml @@ -4,7 +4,7 @@ description: Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recog tool in CMS Wordpress, 100% developed in Go. url: https://github.com/blackcrw/wprecon category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wpscan.yaml b/weapons/wpscan.yaml index e9b5ed3..7fed8af 100644 --- a/weapons/wpscan.yaml +++ b/weapons/wpscan.yaml @@ -5,7 +5,7 @@ description: 'WPScan is a free, for non-commercial use, black box WordPress Vuln of their WordPress websites. ' url: https://github.com/wpscanteam/wpscan category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ws-smuggler.yaml b/weapons/ws-smuggler.yaml index b942fd8..71aaf4e 100644 --- a/weapons/ws-smuggler.yaml +++ b/weapons/ws-smuggler.yaml @@ -3,7 +3,7 @@ name: ws-smuggler description: WebSocket Connection Smuggler url: https://github.com/hahwul/ws-smuggler category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wssip.yaml b/weapons/wssip.yaml index 167f108..4ac33f7 100644 --- a/weapons/wssip.yaml +++ b/weapons/wssip.yaml @@ -4,7 +4,7 @@ description: Application for capturing, modifying and sending custom WebSocket d from client to server and vice versa. url: https://github.com/nccgroup/wssip category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/wuzz.yaml b/weapons/wuzz.yaml index 3c49953..bf41784 100644 --- a/weapons/wuzz.yaml +++ b/weapons/wuzz.yaml @@ -3,7 +3,7 @@ name: wuzz description: 'Interactive cli tool for HTTP inspection ' url: https://github.com/asciimoo/wuzz category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/x8.yaml b/weapons/x8.yaml index d797bd0..278ec58 100644 --- a/weapons/x8.yaml +++ b/weapons/x8.yaml @@ -3,7 +3,7 @@ name: x8 description: Hidden parameters discovery suite url: https://github.com/Sh1Yo/x8 category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/xsinator.com.yaml b/weapons/xsinator.com.yaml index 0f6b109..e51c54b 100644 --- a/weapons/xsinator.com.yaml +++ b/weapons/xsinator.com.yaml @@ -3,7 +3,7 @@ name: xsinator.com description: XS-Leak Browser Test Suite url: https://github.com/RUB-NDS/xsinator.com category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/xss-cheatsheet-data.yaml b/weapons/xss-cheatsheet-data.yaml index a418c51..9f9ede0 100644 --- a/weapons/xss-cheatsheet-data.yaml +++ b/weapons/xss-cheatsheet-data.yaml @@ -4,7 +4,7 @@ description: 'This repository contains all the XSS cheatsheet data to allow cont from the community. ' url: https://github.com/PortSwigger/xss-cheatsheet-data category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/xsscrapy.yaml b/weapons/xsscrapy.yaml index 7f44232..2fe0d91 100644 --- a/weapons/xsscrapy.yaml +++ b/weapons/xsscrapy.yaml @@ -4,7 +4,7 @@ description: 'XSS/SQLi spider. Give it a URL and it''ll test every link it finds XSS and some SQLi. ' url: https://github.com/DanMcInerney/xsscrapy category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/xsser.yaml b/weapons/xsser.yaml index ff6a24e..54c05ec 100644 --- a/weapons/xsser.yaml +++ b/weapons/xsser.yaml @@ -4,7 +4,7 @@ description: 'Cross Site "Scripter" (aka XSSer) is an automatic -framework- to d exploit and report XSS vulnerabilities in web-based applications. ' url: https://github.com/epsylon/xsser category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/xssor2.yaml b/weapons/xssor2.yaml index 3972040..ddfd33f 100644 --- a/weapons/xssor2.yaml +++ b/weapons/xssor2.yaml @@ -3,7 +3,7 @@ name: xssor2 description: XSS'OR - Hack with JavaScript. url: https://github.com/evilcos/xssor2 category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/xxeserv.yaml b/weapons/xxeserv.yaml index 6f9b786..3980b54 100644 --- a/weapons/xxeserv.yaml +++ b/weapons/xxeserv.yaml @@ -3,7 +3,7 @@ name: xxeserv description: A mini webserver with FTP support for XXE payloads url: https://github.com/staaldraad/xxeserv category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/ysoserial.net.yaml b/weapons/ysoserial.net.yaml index 1720dd3..473989b 100644 --- a/weapons/ysoserial.net.yaml +++ b/weapons/ysoserial.net.yaml @@ -3,7 +3,7 @@ name: ysoserial.net description: 'Deserialization payload generator for a variety of .NET formatters ' url: https://github.com/pwntester/ysoserial.net category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/ysoserial.yaml b/weapons/ysoserial.yaml index 74801c8..5222bd4 100644 --- a/weapons/ysoserial.yaml +++ b/weapons/ysoserial.yaml @@ -4,7 +4,7 @@ description: 'A proof-of-concept tool for generating payloads that exploit unsaf Java object deserialization. ' url: https://github.com/frohoff/ysoserial category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/zap-cli.yaml b/weapons/zap-cli.yaml index a3b84c1..de8d172 100644 --- a/weapons/zap-cli.yaml +++ b/weapons/zap-cli.yaml @@ -3,7 +3,7 @@ name: zap-cli description: 'A simple tool for interacting with OWASP ZAP from the commandline. ' url: https://github.com/Grunny/zap-cli category: tool -types: [] +type: platform: - linux - macos diff --git a/weapons/zap-hud.yaml b/weapons/zap-hud.yaml index 267208a..abe4482 100644 --- a/weapons/zap-hud.yaml +++ b/weapons/zap-hud.yaml @@ -3,7 +3,7 @@ name: zap-hud description: url: https://github.com/zaproxy/zap-hud category: tool-addon -types: [] +type: platform: - zap lang: [] diff --git a/weapons/zaproxy.yaml b/weapons/zaproxy.yaml index a3aab88..8c3d4aa 100644 --- a/weapons/zaproxy.yaml +++ b/weapons/zaproxy.yaml @@ -3,7 +3,7 @@ name: zaproxy description: The OWASP ZAP core project url: https://github.com/zaproxy/zaproxy category: tool -types: [] +type: platform: [] lang: [] tags: [] diff --git a/weapons/zdns.yaml b/weapons/zdns.yaml index a05627f..b7db6ab 100644 --- a/weapons/zdns.yaml +++ b/weapons/zdns.yaml @@ -3,7 +3,7 @@ name: zdns description: Fast CLI DNS Lookup Tool url: https://github.com/zmap/zdns category: tool -types: [] +type: platform: [] lang: [] tags: [] From f08cdd7bd362a0d39c460fcf717866827f1ad5f3 Mon Sep 17 00:00:00 2001 From: hahwul Date: Thu, 18 Aug 2022 01:04:58 +0900 Subject: [PATCH 34/42] Update tags and images --- images/apple.png | Bin 886 -> 780 bytes images/burp.png | Bin 947 -> 963 bytes images/chrome.png | Bin 1068 -> 995 bytes images/firefox.png | Bin 1583 -> 1270 bytes images/linux.png | Bin 1270 -> 1151 bytes images/safari.png | Bin 1325 -> 1100 bytes images/windows.png | Bin 998 -> 972 bytes images/zap.png | Bin 1405 -> 1291 bytes scripts/erb.rb | 10 +++++++++- 9 files changed, 9 insertions(+), 1 deletion(-) diff --git a/images/apple.png b/images/apple.png index b9d6d098abbc401257e40da40dbaf094b5476bf7..aaeae0b31b978098b0607bfb4469242b648dcb1a 100644 GIT binary patch delta 722 zcmV;@0xkXa28;$FiBL{Q4GJ0x0000DNk~Le0000K0000K2nGNE0F8+q4Ur*8e-xkt z00aO40096102BZK006Sx@cjS)0(MD6K~y*qjg(DK6Hyd~@6fdN!&MVYtdR~)Y-&h^ zV44DJT)2^qtVlH`#f|lUs0;ZMu$G-$#HvYAG{#Vj5lQ%1s7O*|Xc6Z4zLVaYb~+eO z^2|MR&pGe?oUv4}^`Scqu7CmOpJ)Ls%2p2|mC6Ibf09iNG_+slnr&b#lgaq^$HcU=@pVJH{&vvY#LnJB=dklN z&>y`%s`~nRN=+_ryq>ZYi$!TQkN&x29@N-aF=*M;Qp3O;3PzTN`FXuxdhhfArd?co z=7vHcGm*9iwY;NVLu-P(61Xy*qFUH%k6TT-F*(Uk&(y%DhIehae;F0fnc&_j%^Wn3 z98Z9EuRVZw1D-s7Z1P@@G|OAWKJHePB#C$M$m@%Zz*rI|)77886aGBtIpb?M@T zCBz!OT-Msa7?tmVeb6cTKR#<%Yi0-EvlyNX@CVwt{If)v!(7&|HqbbV4IY9zXaT<< z`xs-64Z3D#p(DtcC=>x#!8o`KXj_24DheJ0&a%t?0tw8#IlBx6U;qFB07*qoM6N<$ Ef}?#-9{>OV delta 829 zcmV-D1H$}_2KELaiBL{Q4GJ0x0000DNk~Le0000O0000O2nGNE0N{5$_>mzpOSO%-jiC)g^>*47dhde+Di9lr3Nt_zdg;0-RZHpyCyf2W)^OZqUaVb8Z4w zYpYdH{V!qCBybA239GG{%bNP;X6qbuMY)K`G7z+5r$I+YyWANZbZq2v%^KE{BT%?= zCU^@CySw|A{QPku&*tU~zpIWMfunkeK-HZ`qfy!3+7z)*?Ve1gQUh|3f6I_ASiYHu zLLq5vY?OFBE_HQvl1ZoKV1G~U4G&98ON%6vNvWx+32H#97TpO=>}7G-07O^xX=e;|ts3zA4AjM_36ImvA$fkVJZdN4lDQK)fn zBrdppaF=ADzu%}WbCHwWe^wSSX5Zd^RZ4$~?gj>_yV=al6FVFZ2Q?sPPXw1XK-~(o zlD@t^3$x{#g%oOcj=Nv z$okqh_d~Au7U6-*>!l^TwzgJ}O>1)Y@(w-$Cx9cRQpvhMGUC`+=$*TLdMztoR;*&N zsBNvu`H=>T-vGL^(y>@fHotFpcdqZs(Z7Ecgs-)?zRc-tEDeV-CKjYpDLFdKJ55fG zk8BehCG7hYr@@4PE5${fdO?M@$Bi%W@T(_)XrqmUSith zAeT@0qj(Pl6`jRLj*35>O9*}de0TC6jafr-a#R&|e+-lTjFcw(t9#oBMGy=hSTKOf!EP zDdZ1cML~ptS$2_7`IBPcMG0MYQz2c3nwFtK7ey%&MHqNt7nY=yn~+3`7S1enI?L(i z_I1wm%r%EzbYOeWdEe)Kw)cI`fA@Ys=p{r(MkZdVtLtuRYFe`|EQn%9g}C;lVYTP_ z>F04;?LLwwgi4hJIh97EF}tdwqD^lwWU|<~vNC9Tt^%rP=ECRc`Oyn^U)M~I+bq9; z-z>nfjZUXaI9pnJ^L%-EON3IXXMSq4GBY6?>jh*Hes{E5p|3ucU8#*yf9r-P7A(t7 zr-KF=p^}mn78TX_Gd4G}FabHaxsZAQ%ay1G;{(k6d{|exeQUonC6q!OU zM{)5f@LdgnI%XRgb5tG8s!cS-Wz#by6soH(wy_|yGMNnd`FYR{Gy{AXaR;}XAvf%! z`V*8x;I&$9Y_vYkF8~dze^n~vn6qJ;8w6ID$j|Z{Sv!2E$46xn^<%lqm6smsV+;ow z)|8x#!omXV)hd8L^FT~0uqO#vu>T_dEtxYV8O?#BuwbC|c)VCq#lt2y z!lp=q%6uHM=y=kfA4IqXKlJ7Bc#ni!n|+OqjZ=Q_E}M*u4CLw7z)cJQ^l6i9^)|lx zfl+F=+h^u}&W!HDf8z_s8Vo4Vi{QrkNV!C)05Uo(Y=n!7;=bSBvF#ZS{((r12E~Pk zAhEmvyz9YX(8)u&d@4^(OMa* z-={4RiZFRXf-#o?nWcp06f#pMKm1cBjZ?B4PX}+$I-PU$V9W^NB=hXkh_&BpwZ2ME zGaXSx(0j76c%Fm#zz>% delta 890 zcmV-=1BLv<2eStuiBL{Q4GJ0x0000DNk~Le0000O0000O2nGNE0N{5$_>mzN%wOn+qpL&an3tA|?va=CwCU>C9^GMkH&gMp8qpMl}uA7o(+c3ZT4 zH?mJ)ali@+77W!;0TCe~hM$A7BWzbiVWnfrcgpn-K)#Bp+{`3DMV{doY6COT(X=FvN&dv;q z%F4hH{K3G$2u}wPB}e8ke=xj#h^!nZ`^AT^PZ(#;nDLK+kr5WzaK%haXa)miw6(Pu zEdSkPV0du@t_~mL|9^&mEZ7VOY5Mo?ABNulKpmt2ptG?!lN1w(P|Lyqau${#!l@S& zC+P74Qv4sAkAXq-<@2X!=#h-e@E<>ZGW@ZN#*k)V0jBmlM;RC{e{MpNd-?I}Ge%%C zE%EUS=thwtfdeeU8F-(cWnj3l5tyskQFK->J5mBlJ$Q==6dgz$P^c!v$1|{=TgAZe z_yVxlWJZ#OFhRuyC@ube{`kRh3|Tw^tiT{iNls>9-9LeW;mIYehM&3j0%YcISo$a0 z7u;N24AC($3=C^Zf3Zh4)L|%v9muA6v!{FGaWq&86q#Vd7pLJhJfwRA$SiQ}1`oKW z&tBYS`uqEfnuaDuxdgMAm6e6TKp9x7JUj=q0Oom^EQGFFda!iXo=Xd1qM*_g4mNGy z+57VKv+GHzIa}d^BrrfOUwiV_He@Xr1~~^c)I7=IXM?_^YTdn`CtbDOQe6V-UFL0+knlM_4u1D0N%l~ZF;g?YBrWv1y^qek zpK2Zr1e|0mMEBK#)Jh5fUurVh+BaujC@>{#S7X}ssBf{q@tw1N(B~U)0W2tZlyH4Q z!iHuct*LT-N{s^k%iR6Vb*07mz4hzj;umVq(hrU7RDsY|mA1N;>i;8KfB8gPGRK%+ z&3T^r0fG#54%@9ZbGcB1|A$FsTbY(pOH)O+C?QvT#CEX@b*cfeO#xP)_NCLyz&ZQrm7Cy8TqnX(#(5Ee|;KQe?Ljq zGMPxsB?P4m-cdLX0}7R3w2xU~${TSO%m^B7 zbKvk-0^@rl|3v+{{~X^y`)^jbb$ZsK0GV?keD1aj&9+{KqvJU+Ilpo&YLjU}aCOfJ z2onyXNs601`n73ndR$P|pulO$RfTLOS|f9h>{ooED$TxBhC z$Ii2`l1VN6Hytx#K#JaS#WIXVa0ez}BgvUoXdY9f5_FGMkM01d_N>HftcJ~ zdnk4_T^CztW`MLsQarUI>0`V#%W5mGEV-c0Y2B(J(P8)&`T4TL$YeY+B9=+#52X~{S0CI^fX+g2_8~O4ZY+`jN4gdfE N07*qoM6N<$0fLDKs5<}v delta 1012 zcmVmzX`KUkNFu<=71Ok+xcB z4YqaW`QAv!b~?iXUNW6~&$;*9f0_F}Qwk;+1^{*WoYaavGmYiOIAw;CqEsY2giv5O z7#h4WUQCe}r{~0vl!< zi!aPgZw?caz2|Eaiv|LL9;a{Y9nqk9Ap@x6YV+FIf8J!Zg*=-nyN%2v0eDIC(fs=y z4fLgT8div!f%6>Y8oSZ{a*e`;oasi`88I$f-X+FQc{#2l&uZ=nUO4};L}3G(DGYHv`~wBj6D5S0A=lW6Z6w z0-BK@nI2{D->k6GDvc^D3dPRZOf_>Iqmd#e&zD#eJ~BB4GW_ZD*~K0}-?_(}#;QIjb!*tnmYs331K#erzVaseq3 z^4zX5H!Rf2S6QT^feH*trSn+m4+QAnKZCLn7kV1NwowVRL=A#9VNNk{K(@fp5A>NH z?D*6q7t!Z&!i(?ifAD-)94yx3orp!rm4j`9>AjbM8hIj@4%Z*C_*~ON;^xc6BeGGL z$k8o^!^;kWVVWKQ_ilL11&;m`?2cfIaF$8s8+Qbg_?I`IS^HSCKwBUcB!!WrJKA=n z0+!F0ig7qmhxt&bh+jp|>z-P0kopGV)}T%T@8<@EYSk(gprUsL64jUXW>Bpbw_k>$(yMMRq9JL@n)X i^Z5r{quVY2x8*M`*)y3wz>3-c0000g1?MJl&DQ>H5!mA7!b5V zpKNP)x83ft^SI+TEln`QAHB($f3rLHobR6VedmsfnJx3J*K6L$X8h5COYYFjQm>5` zFFakjNv50Rr+eld;I?&b$PC^*xH`Vh8(8YfzLb=`DY>hyW(U(F{|iwKL_dBevY!FU zl_2Bl;7eT%1M=@iIcFIJ+Pe)yT4h>7dGns@ z-yY2P1A9A1_uZUWwtUmvC%4YdwJuO1V=$7VK)^bL3K0kqi>k3yW7#dI&rh5kOuK`E zpyK^i(x$40{P1 z6d1|`{T-(!+SfmI=3%uGus>Q=b4U?9QVU2k&tL^H&9&z@jLemWF7o*s5d$hQIb^AL*dLE1QQM^Am^jCmQEyqKaUW)p;~m zgL5%~j?)W~pOfW;_^^eJaUoD8UBsON;#6DYOKgLqnxlFD(5p!IxkKuB$;)m`%zKO_ zGJt?SwaIAc)+%tmkVIa%RJVknI01}}LCfXPeA{7Emh}M{e|8kG7_&gS47~hd|4Ujs z`i~cf?k-q!L=+BB)m@;d<5BxNjCwKrF;vHCRZ$>adFG`mf5i#1 zY?Qt_k?RTvJ17gRXtP$m0xC~qh43`;;qTB>$Po_nZ`DQY*fBC z(z9dxg`REWaCj>whi?k;%G10RvzKhMTH2b`S$FzuTdFQ^q70{$2Lzl$mESiFKY62_ zn+iW}{@F|a!Yy8#sWr*r^q;G|UWsJwPP4UbjZ(YT7HX1cCs* e<4N>?7T3QP`@HAjyJgY<0000mzK+{oH=Ljf4%lzd!KWG|2b-Fy)}bp8?N5XT)CUVMCbGCgY~Cd z>(2xBTt_O}wH5UyJchz-tXS*k|ktf)^Bj~Pe z(?3<=cwpIp?ND5t*k5xx5v4dqngi>Qe>IT<5E(cQ zR0*E$mRUX2y^ZoQfD)kK><6LVQpJr3fR`R9UU~VOSy3(p54llW<*Sl)Q$gAQvdqBb zkxhI@Mo~yB>)2a+yt%3P!Ll-hM{ULcx;B-ZQPPs8WF+mwrDgBze5P`@Ji^%WLvAc= zT(W7(+uN?}-iYYQ2Dm!ue@PR-po&d51e#qPXjnWqu=xD13(nIlXPf)kI6J)Vlcj+j z@G*721%w%0h{iqz8$X`2`9*oxM*+pJso+qPjBT|v@_ zp?tyjs9tuM!O)dT5C&mbZd55&LfVWrk6O;c25e6l`mG4UbXr7ZiF1-bmWx@$NA+m^9V1TtXXz!<;#)_*bB4?CYL<6yu4^dF1<1q zuOR`HP%%P-sUD!zf5%L`@K%nXn9j}}TMdi1%XDm9J6w-x5AA~*q0Mzai%uXxlb6A% z4lZ5NFDP54-ShgKuzzmuAf*CAO0!fD)s>LcC!zD=Ds*23 z(Szv=jzXTaZDmsDfh8`;Pf06j*1K4xmHMCt>4Lcly zqInVWSxins*kbR44jmJ{e^#-Zn7PaU!(O&8<0`*FDpl5A@u{hsr3p;tp-smEMB{8J z$P9+@BJFZ@paLXr))7Lip8s2~^vfzQBNl4U(KwU3>@2i1hTd+unZDygQGf)#r$cY3z zr0VIXwnEKPKUT=*7|Pok1T?&OdHdxJ>Hv~MiNS(cf7ovn(gUNXm=x7Ub5}nGid*sR za3i!-1`yrDII@g1%V+F~MW4YtEa(U_a<(+1hAzQ1g2*az>gsT&kAwqp$GoxBxo?@| zV|zK=5^}314VivCB6lLLc%iejg-QZV;ZxX9`2{9rV~m`<8+1%sbCPBB$pGH_rRUAo z%h7gnf07>~f%QY-0;5z8Gej0N*LJd4Gct)HW|_BpOc;!~j2;RT$lZFD!8LkKWsWbK{tI& z(vN4m+m|1V4jmOf#Td&V{})(@ig|~EPqsnUHB&L6`TS5dzN50BM9`Iw+T~kgvniac z0hNKcY{Mn-ADRwj2HQq`O$c!7(DR*d+1HONQ&-rM0gK{D?0q^H5eZQwgFkH7C=%!|eS0OY7wJ h>-oF;FVp0}TU8YQ-Iu-Q>m|+7X4-C}ZAR9{ zPFuUl{%|S^DucqDD1K1cKphN}N|>P1$yg_XI#I+woRuyN5$ZtLbh=TNi7N_bwHqB} zHBD-h)^yEW+I%!kntQ!BFYlSue;s)Do_jui_uO;tJrB4u$wqId$MebAZ@Mn0lMe(L z6`$aROz60qd?!~@C9JQvDc<|LnqU9;BU4NJcEYKoXAF!|5QCw-WGolCer5VI-=Xxx zAEQVlQW}m9Xl~rH`R)UKhwHody#kbhxD^{80S%4e?^q1Rjc&O1ybMT^f9lWoN&Ikf zAb#Rl|MJ{aR0!2Ad1RXp9(%98d;hDIV7NI0=06G=97gD;(^w1!U}$K8;<;A^Bp{Zp zo!cdwT}h6QTtYURFKs1`sYa&SX(Rh<0{i!NLs1m?d_HXRxDgG7kSb^v>MVQ(hFA$e zS>&uLGSv=H90*)Ihry?!e`qJ8Fq=$Zk^z%EV+E=iiJ1@;1G2;`)+`E8sn&R6vf`ax z88n&;c*yoAp5AgB$mc*Aa4m_dNCk$#GPwJ`{M_8sT26`v#b;jGy2vP=d*XS(>P3XK z!_xT-ehpm2V(Tt2iygP}{D{1))^#FALW~JZYz4ySm-U)p7sV)u_M$iTHe9AeptP^8&u&+;AnHZZE4_(MDJi14c-@`GaUHg80D7bEm+ZtqX0DGSd^IB8GR?+AlddOU+E*kpk#Y-A=n`x+4FkU#r+$l} z=X4Aw&RoF3jT8L7F{I>L{IdQroN73LgnXC4V>td|4`w4%YPaFdq2;v?kBjCYk{jYr zD_tnUN&mqjf2l>D)Ceck7H?yP7?G1KrL{f``v)+1$S2yE+HH83SeYCj6J5jF+R^2# zA%ya0ev?{JEH@mztUUbYtCsNvp<0 ze{7`?E4D^MAyA-2G|(S_iQ*rsAsS0C82YRANBM!#P*W>3F&0wNC=#^>Vv9DEZYiRz zX?Ro@S-b7h7v1Mv&zaqw&h9LFf0LOx_dLFH&$;KGI}-kDSgqN%od@5vZfG|eV``zy2pTOgpe;ACER8UZm^+ZeWxy+~5R!cOJ>O`4>#^SGo zKmPvi)@_)YT1eD27+W^(-oESL81-KRfASG^05D_4-7o(`m>LZJvo zyf8$6_|wL}-2^dlG9(U#+cCDVr&v#vm~3iJj1q)U4vB-Ke`Bq}Ch%UtK= zF(Jr!Kgw0wgZlHhy|5m4OfSQ}|0|eeGP%*ODkh7BF&W#m`e;Xoe>p4H5)ZjN6J9rV z_$RQjb{AGY`zj_)Hkiz*C@3t%z=v-ETj^PmL9qaCA5cU`k$v-6VYAz1KB1AR@hy}v z#0Pa~Y-}_LYiepBDsTL_24P$;=YL+`~Zlfb!7BpkYPEY3z6AH0Z}nYqZS zbsE`73|HRoYCyBuwgHsMC* z(@`fvq1ERtJ0Lcq{!o)8gOB2_}lyGPOAs3 zdQY5;&X*l9W5M~;W&h;FXl~W^oic4YJDH-U$r1hkptQ6!?9zj?&GNGJ2)avO&}Ddy z(iKwl3VK=y-cWIL^ES@8Ucz*82QjVaZ;OR~TYfVYmxN7`-xh=derfuiOZ0WNqqptj eWWX_q7JmT@zPu~i&Sa(l0000ad!24AEJuFWt)=gNd$FiWFfC*@O5GWx`apv4{NuCxyK@=}Xz;6v3&#NVUZJ)go5k04}*|$Mb>4H%^?gHu}3)my-5y%#Rf5^WAk`TzN z0#QZ4S^;?IMO(e@Is^{%Yc97t6PmmWC6Qv%GSDS6Y|s9_flyjPwMoOBgoOB_K!Hw| zAu#{=qzTeJ%n7)wG{h7QyKR+$h`UA3O#C`VN61S|!G{DD6I*hVcanS~(J1lW@`x|M@d6{dg3I zUOa-Q?E>4#j~Vo+!pPOMHu$>=DsV3$HidZ>lX!pn3ijRq1*iRcaNki6DFFnW8koT> zgR_6|8=ud&oeRJ@D<@UOCG>~K@WJE=dV)7G)Yy%)oo|**xlpo+fAU+|;4xa-U)jyA z!PP7mX+Xqr?E1H8OFn>_Rd7pg!eGbVk}dm$$+y9(!AvYkm@G0^&rWYxFWhq@maV9znQkKeJkCuE&DPfJ2^HgsMNmB6BE<*7T|VV=uP{suZTWR z48tK{IO;;8@Z`+!d~@48$N=M?cD72qHPYd!aU->OheOqyfBT>}hV#=#49?bW3ZoH6 zhf@Xnrf69(i)UHQJPQ4R&bRvK7bTq89>bBlcHBtm8*4*|D+-2n)u@~NuY-MjIVh-n`I5nR=`A_d@_bbe>nLil$jVGVBInP zU$8RGri;Lfs}`(*tXD7CaG3?W4p<7Z^a;?%i6(#zi_~WdwZ>+jfd2rh5QnrAPm_TF O0000mzdU1wL&NZTmsW!jc^51egLVH8r}T~Xj%vLEa}f}cflwl)U7`hw zG=MJ(xIzNKtK*~I;T|VEo?tGXlsln&c(1eW@IL|P&gPE(dt|T$&88&&fAk9&378)q zKS*=D)?Y89hji;coeuEcTs*Slju^Y&dSlZIhmTo{A^b6c^Ii$zgun%#1X%&x5urZ3 zW8$WSSW;lZFCm%)^je6*=I&==NhKJ&bapI_nmK?^XYgn5mT}H4q0Xq_dQc!vn;AS; zcrHe3{M3`~)Gc6O;T*2De?0F9&tLmJF*|XI_oQM#K4-U7=^z%C1$NN&&wKvkz1%Z0 z-}f!e;`r#tXm@@Ft6pG!St!?Ex0P{BR1^-VqgoM#^wqRcSvNRa_u(HWaBAco^gnt4 z_nQP5!%>|SjL8;gL8+)~uy<7HWSm))Fu7{NWeipan<6*xh>)JN_wXqiP z0)_%$XJrz4!enfXarc4O>YH0Tr^w$NQ17xy92@%_A{4@+QiT59?`F2}4dy8s zjD>)IDeBjlUOsxf!CGo+t4L_lbk6sROrd<(C$6JX)gF7Ee(5f9I2ZTV&LfDDe4w>VsYF zc;CDW{vty@b#;!hwy{SDTT1vBri-bbUuu-q9M0ZVrBm?gRyhOiju)cu@>Y!M>a*2W zj5&)Ki!tSZds-t58+4`HT019~1fmp}IQ176{{5*lfp8#Y`L~`5d^BT2Oj+Bj4D6zA zuuNDpBS#KNf85V!!vc;f>W<{ww7lIULkW8Ew>yA+lUwke$C6%J^UV;9HAiinu_Y#p z(3SB~>K~{qR$wDwlM1=yUbtgap6d|aTS;zZEanKtPMMt5?6@VLv@c@t zVi~3)DFRyuHd-vHLQNe2YIe1EnjLq&g`t67UsT|^f0{6!8n?n^AR1ez*v*RC1^S45 z7=y9W?3UpJ?%%P55}dX@=CF|Aamq3#lmdz=Uo)2zI9oWNOr2U%&=J%9N(ANl{)0C| zKYwvNZCmC5o`_vOJH}*z2fChau_%JC&Hn7!oVq?&yH%HBwt)s&&6cj3qzVX9Tf!7j_bQ~H|A6#iS$|ukGOJBcZ{ZC| hs?a1A(R%*2{0lef4oqy1L9PG*002ovPDHLkV1iS$U)TTu diff --git a/images/windows.png b/images/windows.png index 5cd706a0854df58495cf37e3e9a107b0d3b8e661..e8c3161f5d0378420cca445e1f717180a9f6442b 100644 GIT binary patch delta 915 zcmV;E18n@}2h0Z{iBL{Q4GJ0x0000DNk~Le0000K0000K2nGNE0F8+q4Ur*8e-xkt z00aO40096102BZK006Sx@cjS)12#!SK~y*qjZ{l$6HydBGnurB`6z8vViCWsS{3UD z{D6uS!GdmGDY{U^g|1wQy703T5qAnAiYT}f7vi_Z+Cs6Z6cP`zJcrL-P-Vtz03SQZr+g zx^4F!Oq(%X^!N54Gm>UEn~+vvGIht^{r@B?CkA;hYFdp@I4FACpFr0Qe^vS{S-DEx zzGvTL|H+67fuJf-UnQ`~p9h41j3o~C=52YY9v#YpWosDl62d`M^sl3`H&$DSXuz(B zip4%4M0?T-)rf!1VBOOsP(KgieP5TkbNL31PHe6+f9Yx_V|lbtU~P~{3qh%@!0rAd z*3XUF4z90CZM#3gR)x7#WzCir zx3A@%uvcM}!E$Oj3mFFRW&p~xIV~Fefw0?oFg=dIm?bk~{Ev~xciq6dpL!8voEJ)@ zbXINQOur<(QTF6=|&^Z+7$ zFB)p6U@?tQwFa$_f12sOPsyQf48BcpeZgHrJAc2GGgf+ID+cY0P8NOPvZuWSxOY5SC|7xylU z*yAgp<0}yAhHOF9HI#-GtK`e^(FumB)g^ycB;|EU1d~~hX|A6_mREPS$QlbbOX?b) zL+8%Qx5+*6H?_IW?h;bEp#ndKy3Gfdj-YoS4*ba21m%Pd%I%#VI=@Z%G*xdHu?~oF pJp;NL=EG~pF#Kka+^N{5@)t$;OY2kkXXXF^002ovPDHLkV1h#4s#yR4 delta 942 zcmV;f15y0U2j&MMiBL{Q4GJ0x0000DNk~Le0000O0000O2nGNE0N{5$_>mz z77>9K6h&pAEhGqPQL8oyMT-{g3WA^_$bx8BWYG^T`cdi6z!(@MGKCy9Y|!`?R3G`%`dp~@Ze<5=O$S%OK zCb_tRSy8sv?K6f3d@#`SgYr{gc;;e@%dA`l4sP6Qu?A48>d+p+dg;nIH|p1gLTXl;s$Zrz+4~pg^??{fOnjb=d>HKoquh`2lJ+lampqesbqt zjoM6f3o)6avywxt8;NZVe-xZG;6?v9?AlZ!!!qa5K+1gc{aeCqC6|R^&A#4o_O3GIVvv?YjB;(~839kLH_}|ou7OnC=ze-jgYofc(sLotCd{5bG}=2+ zDmZu?8dMdmfwDX&f8;qes9c{5)%Z+)2TF&Oii`?=_jN!hG=*w{Bb(SIl1TCqz({Xb zI}pQcw?l>EwN5DYIHALz>O3l5zuvTt2v8JoL?UsN*dC$h_=*dkiYiyJ5x_q}>L^_E z|HvEDx#+OLNvln{{^aU$_|@yB_!I$Iq~G|lAU($?lLVJ5f69;q8*Kp+O0^AcynAqw ze`&ibeRBlpp)V1AELdGbqjk7qCrguvW5LSp;6#$DRMN>g+ebf|K~j)?J50Q3yjh-Cm%($ z3M4~=%$V%LC|gitb~A5WmS~J0TymioUd&6qGA3SZnq9d#WxAO;LY#wvjKMa-RtjX5 zu_6ez9bYZ&`SN*Ni!AaaZ+qV7f4tA{{GX3=fZa_X_a0gw3WCs2|A%)!_J6Oq!^I&o zt&qp#`6wI?pX=`KKJwP_;}y}lMQ2i~bix^|02BoxvqR77be6A2Orjl!xFt!71OkC0 z&CShkpEz;C-PP3v#u$>xq-$nrRS)3*(+b^@sSHyf4)0T@mnP- zSJl(h)D$^(?AWUv9UU%Oq(Ld&hhT;RY=KA*onv&!7jsp%JLs{9CrLIuc9D8H5%aO1a2$l0qQ+Fevn zlEk@8QY_zNPnt9RXXpr7S(%d^eE*GWiwvhue}haWQ*iJ6NvG53f9>tXQaTH}tiVnR z6pI{JG!(~1-5ZcwUjIbREDJBUH6Zdt0~`*=BP#ixLuZ%s(A6r4N*PRg zqEToN3e7VVm5RfyD$=ghKK~}8L({W!NG&BGnp;rqHn`pH!V%sanoSt13EZ8$g`DUH zvpJy=P$RNI)1a4me?vv!;|E?+s#`i0)dSI8jd&uB7zM>AN8t1AK`%u9fGY`!(48S&l?GcAlo7O_G5lwxu8x})dH;a6OYFci%#O< zpR+WNJmx>MOfz2uuEeG+g7MpYXf0WV?y1ACLt_{n9fhW8f7?-9ZEPwAb>9K%un2?h za4r{QttM_2Q#LJ`J$3k9iHQ;)SW#fGd#ka@{1_h_Lt=Ui^>wxIdcANuooH=s!G-hZ zkaag8FWR7!3e7a2U;nzh2-LSMc=mE zP}90lB`#h3e*sxfEp&?^pIc9vgI|151X80ceRGWkTVG+4y{uFjlimbKHpo=d#Z3w4 zfBF&WrFqDLiRR{Kpy=xuxjBhVyFaUqo_+_(xqnmU-B|x?*$@>?^w&NICfiI>Seh}N zo?trsuqv8xV>*G$SAR!xK88qmKXT~=qN4+6jj6uRf2f>VNg*$~j-?0F8q>2VZ|DHk zlQ)RNbSk(;n>_z?xdPa9gfRNY8it1lu}{rmeeSl9P9@I}V{0dn_W2B!qT|Nm{UIX| ze$kZd9*aIxC8dT**R*s3=Vixg>dxSM(cxddPp4Kg)a5H2z+dg%jQec}Hn$5;zxFY! z2)7HOE36XSur^j^&DiD7ad-GEkScrwcLM$aTC~$X{C`T$00000NkvXXu0mjfYjimz>paiv_;P-r`k0d@xr!+_54%unfq-|WW3;7@^p%PM|>9BONiiHS*XZf-_?e}4Y5A@{12 zlaokH&w`_@g#;|uHA9E0YfwE4H}#%*n^*lm3N(-MN9^tS-@Dpo1LAF`1trh<7$<_5j_^n%R(3e6`yY}KwgcW%U*wcs;&oP~vj;dIL>xXvAdowkV)M36-R z5|xUi$l~^oTA9Z$0AYLeC&9bhQ2y?If7ajO$gjq~ zX=Sk6gFz9zqDV?ge+o_<{~V(o`-u!b&$$Fhg7%&e8kKGdgvKUuGaLU0uiK2Y$}YU{ zaxu!w%encHR#8!b7q_Hh=0cl!m^_!sEhhdDZI*x_x$kE%AkdvoE&dFrT3V5omUe&l zvahbLF5LS4EOa_QPD+0Gh8UKBYy1l57VhRBU1t*$KORBbf9Ym$d_2nP>+8u$x-n}r zVTiJi+|NU7s`r+EH6hB|-!9mtATu)gUWd?T+6)bUbRNKl2m$^5{ct*+59uT&B|&;- z59GLP+|hO1)hOsRO0={h&yC@;)(U_-n(B4yl(;xUsst}NqLNpsB}XA{c^}bn2`DQo zgH9yN?dsL5f0+30AQnAtiex~exy->y&=~5d^9w*9>Nud%WSzsE25|T@774O50Z&z) z!7npWP?R7vG&BS>_{xrrjbXB>oSd@eGr6XD7vUPe6cE7W?@y?j*Q0W$Nlwe8(z6VX zjF*tL_Z;?r+KR}?NQ{h(m_o_P$vAQBDCW99G*{rIfAp;ld{NAu{xh&Va;9V|uhn0+ ziHaHS(y|EUVB-7E_nR+*>bZ>@omI$5iA7&uANVmUDk{PcH^ZT=%ei25S3S?9_dl6; zXaCk!@3aw@S;V2j`m|fnsHPDqogZaS&YV=z8(_Pe*udT$w z#jYZne=
@@ -98,6 +105,7 @@ Dir.entries("./weapons/").each do | name | popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" end badge = generate_badge(data['platform']) + badge = generate_tags(data['tags']) line = "|#{data['type']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" case data['category'] when 'tool' From 7b42a6b45bd73c7e7b7958e12e6c5e7de4ac6a97 Mon Sep 17 00:00:00 2001 From: hahwul Date: Thu, 18 Aug 2022 01:17:00 +0900 Subject: [PATCH 35/42] Update erb --- README.md | 596 +++++++++++++++++------------------ scripts/erb.rb | 8 +- weapons/CSP_Evaluator.yaml | 2 +- weapons/Chaos_Web.yaml | 2 +- weapons/DNSDumpster.yaml | 2 +- weapons/Phoenix.yaml | 2 +- weapons/SQLNinja.yaml | 2 +- weapons/SecurityTrails.yaml | 2 +- weapons/SequenceDiagram.yaml | 2 +- weapons/Shodan.yaml | 2 +- 10 files changed, 310 insertions(+), 310 deletions(-) diff --git a/README.md b/README.md index b384567..0fa4124 100644 --- a/README.md +++ b/README.md @@ -29,314 +29,314 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - Tool-Addon: ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) ### Tools -| Type | Name | Description | Badges | Popularity | +| Type | Name | Description | Star | Badges | | --- | --- | --- | --- | --- | -||[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/jwt-hack)| -||[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info||![](https://img.shields.io/github/stars/edoardottt/longtongue)| -||[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.||![](https://img.shields.io/github/stars/0xsapra/fuzzparam)| -||[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/burl)| -||[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dstotijn/hetty)| -||[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/scilla)| -||[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[grc](https://github.com/garabik/grc)|generic colouriser||![](https://img.shields.io/github/stars/garabik/grc)| -||[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Arjun)| -||[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.||![](https://img.shields.io/github/stars/lc/subjs)| -||[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ssl/ezXSS)| -||[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.||![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS)| -||[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly||![](https://img.shields.io/github/stars/1N3/Findsploit)| -||[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/aboul3la/Sublist3r)| -||[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump)| -||[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|x| -||[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Edu4rdSHL/findomain)| -||[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sensepost/gowitness)| -||[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/IAmStoxe/urlgrab)| -||[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/qsreplace)| -||[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.||![](https://img.shields.io/github/stars/BountyStrike/Emissary)| -||[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/h2csmuggler)| -||[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner||x| -||[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/hinject)| -||[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.||![](https://img.shields.io/github/stars/d3mondev/puredns)| -||[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Shivangx01b/CorsMe)| -||[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues||![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX)| -||[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/hacks)| -||[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap)| -||[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner||![](https://img.shields.io/github/stars/the-robot/sqliv)| -||[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/UnkL4b/GitMiner)| -||[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool||![](https://img.shields.io/github/stars/zmap/zdns)| -||[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Silver)| -||[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool||![](https://img.shields.io/github/stars/assetnote/kiterunner)| -||[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/robertdavidgraham/masscan)| -||[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pwntester/ysoserial.net)| -||[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.||![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver)| -||[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/riza/medusa)| -||[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OWASP/Amass)| -||[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org||![](https://img.shields.io/github/stars/hahwul/gitls)| -||[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.||![](https://img.shields.io/github/stars/devploit/dontgo403)| -||[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/intrigueio/intrigue-core)| -||[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/cf-check)| -||[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Arachni/arachni)| -||[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac||![](https://img.shields.io/github/stars/httptoolkit/httptoolkit)| -||[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/XSpear)| -||[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1||![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads)| -||[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data||![](https://img.shields.io/github/stars/hakluke/haktrails)| -||[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ffuf/ffuf)| -||[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/unfurl)| -||[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features||![](https://img.shields.io/github/stars/curl/curl)| -||[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap)| -||[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/s3reverse)| -||[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/recon_profile)| -||[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/frohoff/ysoserial)| -||[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh)| -||[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.||![](https://img.shields.io/github/stars/evilcos/xssor2)| -||[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/yogeshojha/rengine)| -||[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/gau)| -||[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/nuclei)| -||[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.||![](https://img.shields.io/github/stars/nccgroup/wssip)| -||[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/asciimoo/wuzz)| -||[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/meg)| -||[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wireghoul/dotdotpwn)| -||[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli)| -||[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.||![](https://img.shields.io/github/stars/Orange-OpenSource/hurl)| -||[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching||![](https://img.shields.io/github/stars/opsdisk/pagodo)| -||[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting||![](https://img.shields.io/github/stars/s0md3v/uro)| -||[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrawler)| -||[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler||![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler)| -||[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager)| -||[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker)| -||[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/SecretFinder)| -||[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning||![](https://img.shields.io/github/stars/tismayil/fockcache)| -||[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).||![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner)| -||[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler||![](https://img.shields.io/github/stars/hahwul/ws-smuggler)| -||[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library||![](https://img.shields.io/github/stars/projectdiscovery/interactsh)| -||[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite||![](https://img.shields.io/github/stars/Sh1Yo/x8)| -||[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.||![](https://img.shields.io/github/stars/vortexau/dnsvalidator)| -||[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/aquatone)| -||[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Striker)| -||[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility ||![](https://img.shields.io/github/stars/hashcat/hashcat/)| -||[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/pry0cc/axiom)| -||[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.||![](https://img.shields.io/github/stars/epi052/feroxbuster)| -||[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe)| -||[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/waybackurls)| -||[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. ||![](https://img.shields.io/github/stars/allyomalley/dnsobserver)| -||[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.||![](https://img.shields.io/github/stars/neex/http2smugl)| -||[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Parth)| -||[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!||![](https://img.shields.io/github/stars/pry0cc/subgen)| -||[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/ParamSpider)| -||[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/megplus)| -||[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool||![](https://img.shields.io/github/stars/dpnishant/jsprime)| -||[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sa7mon/S3Scanner)| -||[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan)| -||[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.||![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub)| -||[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Grunny/zap-cli)| -||[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.||![](https://img.shields.io/github/stars/evilsocket/ditto)| -||[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/a2sv)| -||[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fcavallarin/domdig)| -||[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/findom-xss)| -||[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/skavngr/rapidscan)| -||[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.||![](https://img.shields.io/github/stars/projectdiscovery/dnsx)| -||[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/cytopia/pwncat)| -||[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/VHostScan)| -||[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/j3ssie/Osmedeus)| -||[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/pentest-tools)| -||[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/gospider)| -||[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.||![](https://img.shields.io/github/stars/0xInfection/XSRFProbe)| -||[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/template-generator)| -||[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hakluke/hakrevdns)| -||[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters||![](https://img.shields.io/github/stars/aemkei/jsfuck)| -||[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)||![](https://img.shields.io/github/stars/whitel1st/docem)| -||[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool||![](https://img.shields.io/github/stars/epinna/tplmap)| -||[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/chaos-client)| -||[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/devanshbatham/FavFreak)| -||[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder)| -||[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities||![](https://img.shields.io/github/stars/six2dez/reconftw)| -||[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Corsy)| -||[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.||![](https://img.shields.io/github/stars/nccgroup/autochrome)| -||[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/naabu)| -||[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions||![](https://img.shields.io/github/stars/spoofzu/DeepViolet)| -||[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/httprobe)| -||[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tarunkant/Gopherus)| -||[CSP Evaluator](https://csp-evaluator.withgoogle.com)| Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it||![](https://img.shields.io/github/stars/M4DM0e/DirDar)| -||[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.||![](https://img.shields.io/github/stars/gwen001/github-regexp)| -||[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager||![](https://img.shields.io/github/stars/kpcyrd/sn0int)| -||[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.||![](https://img.shields.io/github/stars/gwen001/github-endpoints)| -||[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra)| -||[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lc/230-OOB)| -||[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/urlprobe)| -||[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑||![](https://img.shields.io/github/stars/zricethezav/gitleaks)| -||[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/maurosoria/dirsearch)| -||[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/D35m0nd142/LFISuite)| -||[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/emadshanab/subs_all)| -||[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy)| -||[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/infosec-au/altdns)| -||[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/michenriksen/gitrob)| -||[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite||![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com)| -||[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/Qianlitp/crawlergo)| -||[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/knqyf263/pet)| -||[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![linux](./images/linux.png)![macos](./images/apple.png)|![](https://img.shields.io/github/stars/nmap/nmap)| -||[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.||![](https://img.shields.io/github/stars/kleiton0x00/ppmap)| -||[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/marcoagner/boast)| -||[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/codingo/NoSQLMap)| -||[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/edoardottt/cariddi)| -||[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.||![](https://img.shields.io/github/stars/blackcrw/wprecon)| -||[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack||![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack)| -||[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool||![](https://img.shields.io/github/stars/Ice3man543/SubOver)| -||[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack||![](https://img.shields.io/github/stars/bcicen/slackcat)| -||[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads||![](https://img.shields.io/github/stars/staaldraad/xxeserv)| -||[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/htcat/htcat)| -||[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/brandonskerritt/RustScan)| -||[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.||![](https://img.shields.io/github/stars/enjoiz/XXEinjector)| -||[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses||![](https://img.shields.io/github/stars/wallarm/gotestwaf)| -||[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome||![](https://img.shields.io/github/stars/raverrr/plution)| -||[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz)| -||[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/subfinder)| -||[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.||![](https://img.shields.io/github/stars/Josue87/gotator)| -||[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.||![](https://img.shields.io/github/stars/projectdiscovery/uncover)| -||[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go||![](https://img.shields.io/github/stars/hahwul/gee)| -||[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes||![](https://img.shields.io/github/stars/hakluke/hakcheckurl)| -||[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/assetnote/wordlists)| -||[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/go-dork)| -||[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.||![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking)| -||[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/wpscanteam/wpscan)| -||[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection||![](https://img.shields.io/github/stars/mlcsec/headi)| -||[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) ||x| -||[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool||![](https://img.shields.io/github/stars/aufzayed/HydraRecon)| -||[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub||![](https://img.shields.io/github/stars/gwen001/github-subdomains)| -||[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap)| -||[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/shuffledns)| -||[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/fransr/bountyplz)| -||[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:||![](https://img.shields.io/github/stars/cure53/DOMPurify)| -||[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/defparam/smuggler)| -||[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/commixproject/commix)| -||[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data)| -||[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns)| -||[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services||![](https://img.shields.io/github/stars/utkusen/urlhunter)| -||[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sullo/nikto)| -||[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks)| -||[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe)| -||[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.||![](https://img.shields.io/github/stars/smicallef/spiderfoot)| -||[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hahwul/dalfox)| -||[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/ArturSS7/TukTuk)| -||[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/drwetter/testssl.sh)| -||[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/BruteX)| -||[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/haccer/subjack)| -||[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/m4ll0k/Atlas)| -||[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project||![](https://img.shields.io/github/stars/zaproxy/zaproxy)| -||[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/epsylon/xsser)| -||[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis ||![](https://img.shields.io/github/stars/gchq/CyberChef)| -||[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs ||![](https://img.shields.io/github/stars/internetwache/CT_subdomains)| -||[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker||![](https://img.shields.io/github/stars/LukaSikic/subzy)| -||[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/projectdiscovery/httpx)| -||[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.||![](https://img.shields.io/github/stars/Edu4rdSHL/fhc)| -||[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay||![](https://img.shields.io/github/stars/projectdiscovery/proxify)| -||[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.||![](https://img.shields.io/github/stars/nccgroup/singularity)| -||[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019||![](https://img.shields.io/github/stars/fngoo/web_cache_poison)| -||[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.||![](https://img.shields.io/github/stars/google/security-research-pocs)| -||[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/Photon)| -||[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/visma-prodsec/confused)| -||[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gron)| -||[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets||![](https://img.shields.io/github/stars/PalindromeLabs/STEWS)| -||[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.||![](https://img.shields.io/github/stars/samyk/quickjack)| -||[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀||![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz)| -||[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/gf)| -||[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/OJ/gobuster)| -||[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/s0md3v/XSStrike)| -||[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|x| -||[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.||![](https://img.shields.io/github/stars/bp0lr/gauplus)| -||[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/anew)| -||[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner||![](https://img.shields.io/github/stars/msrkp/PPScan)| -||[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff)| -||[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/gwen001/github-search)| -||[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/xmendez/wfuzz)| -||[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.||![](https://img.shields.io/github/stars/google/security-crawl-maze)| -||[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/danielmiessler/SecLists)| -||[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files||![](https://img.shields.io/github/stars/003random/getJS)| -||[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz)| -||[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/eslam3kl/3klCon)| -||[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner||![](https://img.shields.io/github/stars/stamparm/DSSS)| -||[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF ||![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings)| -||[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/shmilylty/OneForAll)| -||[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.||![](https://img.shields.io/github/stars/bp0lr/dmut)| -||[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz)| -||[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/tomnomnom/assetfinder)| -||[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/1N3/Sn1per)| -||[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters||![](https://img.shields.io/github/stars/maK-/parameth)| -||[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/sharkdp/bat)| -||[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts||![](https://img.shields.io/github/stars/defparam/tiscripts)| -||[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/si9int/cc.py)| -||[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/jaeles-project/jaeles)| -||[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases||![](https://img.shields.io/github/stars/pemistahl/grex)| -||[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner||![](https://img.shields.io/github/stars/enkomio/Taipan)| -||[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/lmammino/jwt-cracker)| -||[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool||![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling)| -||[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/hisxo/gitGraber)| -||[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie||![](https://img.shields.io/github/stars/httpie/httpie)| -||[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r)| -||[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/guelfoweb/knock)| -||[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/nahamsec/lazyrecon)| -||[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)|![](https://img.shields.io/github/stars/junegunn/fzf)| +||[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)|| +||[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|| +||[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|x|| +||[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)|| +||[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|| +||[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)|| +||[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|| +||[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|x|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|| +||[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|x|| +||[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|| +||[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)|| +||[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|x|| +||[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| +||[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|| +||[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|| +||[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)|| +||[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|| +||[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)|| +||[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|| +||[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)|| +||[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|| +||[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)|| +||[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)|| +||[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|x|| +||[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| +||[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|| +||[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)|| +||[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)|| +||[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)|| +||[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|| +||[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|| +||[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|| +||[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|| +||[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|| +||[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|| +||[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)|| +||[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|| +||[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)|| +||[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)|| +||[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|| +||[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)|| +||[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|| +||[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|| +||[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|x|| +||[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)|| +||[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)|| +||[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|| +||[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| +||[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)|| +||[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|| +||[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|| +||[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)|| +||[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)|| +||[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)|| +||[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|| +||[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|x|| +||[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|| +||[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)|| +||[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|| +||[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)|| +||[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)|| +||[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)|| +||[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| +||[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| +||[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|| +||[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|x|| +||[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)|| +||[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|| +||[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|| +||[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|| +||[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)|| +||[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|| +||[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)|| +||[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|| +||[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)|| +||[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)|| +||[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)|| +||[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)|| +||[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|| +||[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|| +||[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|x|| +||[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)|| +||[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|| +||[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|| +||[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|| +||[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|| +||[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|| +||[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)|| +||[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|| +||[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|| +||[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)|| +||[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|| +||[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)|| +||[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|| +||[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)|| +||[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)|| +||[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)|| +||[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|| +||[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|x|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|| +||[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|| +||[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|| +||[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|| +||[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|| +||[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)|| +||[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|| +||[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)|| +||[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)|| +||[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)|| +||[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)|| +||[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)|| +||[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|| +||[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +||[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| ### Bookmarklets -| Type | Name | Description | Badges | Popularity | +| Type | Name | Description | Star | Badges | | --- | --- | --- | --- | --- | ### Browser Addons -| Type | Name | Description | Badges | Popularity | +| Type | Name | Description | Star | Badges | | --- | --- | --- | --- | --- | -||[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io)| -||[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager)| -||[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/LasCC/Hack-Tools)| -||[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|![safari](./images/safari.png)|x| -||[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|![chrome](./images/chrome.png)|x| -||[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie)| -||[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| -||[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|![safari](./images/safari.png)|x| -||[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|x| -||[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![chrome](./images/chrome.png)![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/davtur19/DotGit)| -||[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![chrome](./images/chrome.png)|![](https://img.shields.io/github/stars/fransr/postMessage-tracker)| -||[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/TenSoja/clear-cache)| -||[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![firefox](./images/firefox.png)|![](https://img.shields.io/github/stars/swoops/eval_villain)| +||[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +||[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|![firefox](./images/firefox.png)| +||[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +||[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|x|![safari](./images/safari.png)| +||[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|x|![chrome](./images/chrome.png)| +||[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|![chrome](./images/chrome.png)| +||[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|x|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +||[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|x|![safari](./images/safari.png)| +||[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|x|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +||[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +||[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|![chrome](./images/chrome.png)| +||[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)|![firefox](./images/firefox.png)| +||[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|![firefox](./images/firefox.png)| ### Burpsuite and ZAP Addons -| Type | Name | Description | Badges | Popularity | +| Type | Name | Description | Star | Badges | | --- | --- | --- | --- | --- | -||[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder)| -||[param-miner](https://github.com/PortSwigger/param-miner)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/param-miner)| -||[HUNT](https://github.com/bugcrowd/HUNT)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/bugcrowd/HUNT)| -||[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bit4woo/knife)| -||[Autorize](https://github.com/Quitten/Autorize)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/Quitten/Autorize)| -||[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap)| -||[taborator](https://github.com/hackvertor/taborator)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/hackvertor/taborator)| -||[BurpBounty](https://github.com/wagiro/BurpBounty)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wagiro/BurpBounty)| -||[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder)| -||[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus)| -||[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/1N3/IntruderPayloads)| -||[safecopy](https://github.com/yashrs/safecopy)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/yashrs/safecopy)| -||[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer)| -||[http-script-generator](https://github.com/h3xstream/http-script-generator)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/http-script-generator)| -||[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler)| -||[femida](https://github.com/wish-i-was/femida)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/wish-i-was/femida)| -||[burp-exporter](https://github.com/artssec/burp-exporter)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/artssec/burp-exporter)| -||[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix)| -||[zap-hud](https://github.com/zaproxy/zap-hud)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/zap-hud)| -||[Stepper](https://github.com/CoreyD97/Stepper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/CoreyD97/Stepper)| -||[inql](https://github.com/doyensec/inql)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/doyensec/inql)| -||[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder)| -||[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/bytebutcher/burp-send-to)| -||[csp-auditor](https://github.com/GoSecure/csp-auditor)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/GoSecure/csp-auditor)| -||[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters)| -||[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere)| -||[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![burp](./images/burp.png)![zap](./images/zap.png)|![](https://img.shields.io/github/stars/h3xstream/burp-retire-js)| -||[reflect](https://github.com/TypeError/reflect)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/TypeError/reflect)| -||[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon)| -||[burp-piper](https://github.com/silentsignal/burp-piper)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/silentsignal/burp-piper)| -||[community-scripts](https://github.com/zaproxy/community-scripts)||![zap](./images/zap.png)|![](https://img.shields.io/github/stars/zaproxy/community-scripts)| -||[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler)| -||[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![burp](./images/burp.png)|![](https://img.shields.io/github/stars/PortSwigger/auto-repeater)| +||[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|![burp](./images/burp.png)| +||[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|![burp](./images/burp.png)| +||[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| +||[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)|![burp](./images/burp.png)| +||[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|![burp](./images/burp.png)| +||[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|![zap](./images/zap.png)| +||[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|![burp](./images/burp.png)| +||[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)|![burp](./images/burp.png)| +||[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)|![burp](./images/burp.png)| +||[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)|![burp](./images/burp.png)| +||[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)|![burp](./images/burp.png)| +||[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)|![burp](./images/burp.png)| +||[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)|![burp](./images/burp.png)| +||[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| +||[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|![burp](./images/burp.png)| +||[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)|![burp](./images/burp.png)| +||[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)|![burp](./images/burp.png)| +||[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|![burp](./images/burp.png)| +||[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)|![zap](./images/zap.png)| +||[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)|![burp](./images/burp.png)| +||[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)|![burp](./images/burp.png)| +||[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)|![burp](./images/burp.png)| +||[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)|![burp](./images/burp.png)| +||[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| +||[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|![burp](./images/burp.png)| +||[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|![burp](./images/burp.png)| +||[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| +||[reflect](https://github.com/TypeError/reflect)||![](https://img.shields.io/github/stars/TypeError/reflect?label=%20)|![zap](./images/zap.png)| +||[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|![zap](./images/zap.png)| +||[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)|![burp](./images/burp.png)| +||[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)|![zap](./images/zap.png)| +||[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|![burp](./images/burp.png)| +||[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)|![burp](./images/burp.png)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 diff --git a/scripts/erb.rb b/scripts/erb.rb index feae345..71c4e5a 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -82,7 +82,7 @@ I would like to thank everyone who helped with this project 👍😎 }.gsub(/^ /, '') -head = "| Type | Name | Description | Badges | Popularity |\n" +head = "| Type | Name | Description | Star | Badges |\n" head = head + "| --- | --- | --- | --- | --- |" tools = head + "\n" bookmarklets = head + "\n" @@ -102,11 +102,11 @@ Dir.entries("./weapons/").each do | name | if data['url'].include? "github.com" split_result = data['url'].split "//github.com/" - popularity = "![](https://img.shields.io/github/stars/#{split_result[1]})" + popularity = "![](https://img.shields.io/github/stars/#{split_result[1]}?label=%20)" end badge = generate_badge(data['platform']) - badge = generate_tags(data['tags']) - line = "|#{data['type']}|#{name}|#{data['description']}|#{badge}|#{popularity}|" + badge = badge + generate_tags(data['tags']) + line = "|#{data['type']}|#{name}|#{data['description']}|#{popularity}|#{badge}|" case data['category'] when 'tool' tools = tools + line + "\n" diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml index daee20b..90a42f5 100644 --- a/weapons/CSP_Evaluator.yaml +++ b/weapons/CSP_Evaluator.yaml @@ -1,6 +1,6 @@ --- name: CSP Evaluator -description: " Online CSP Evaluator from google|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: "Online CSP Evaluator from google" url: https://csp-evaluator.withgoogle.com category: tool type: diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml index 670ef46..7120bad 100644 --- a/weapons/Chaos_Web.yaml +++ b/weapons/Chaos_Web.yaml @@ -1,7 +1,7 @@ --- name: Chaos Web description: " actively scan and maintain internet-wide assets' data. enhance research - and analyse changes around DNS for better insights.|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray)" + and analyse changes around DNS for better insights." url: https://chaos.projectdiscovery.io category: tool type: diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml index 21baf35..3d0ccc7 100644 --- a/weapons/DNSDumpster.yaml +++ b/weapons/DNSDumpster.yaml @@ -1,6 +1,6 @@ --- name: DNSDumpster -description: " Online dns recon & research, find & lookup dns records|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: " Online dns recon & research, find & lookup dns records" url: https://dnsdumpster.com category: tool type: diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml index 8c1d0aa..66fbffd 100644 --- a/weapons/Phoenix.yaml +++ b/weapons/Phoenix.yaml @@ -1,6 +1,6 @@ --- name: Phoenix -description: " hahwul's online tools|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: " hahwul's online tools" url: https://www.hahwul.com/p/phoenix.html category: tool type: diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml index 00e8d6d..52bf1bb 100644 --- a/weapons/SQLNinja.yaml +++ b/weapons/SQLNinja.yaml @@ -1,6 +1,6 @@ --- name: SQLNinja -description: " SQL Injection scanner|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: " SQL Injection scanner" url: https://gitlab.com/kalilinux/packages/sqlninja category: tool type: diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml index 199a442..0c2b8b6 100644 --- a/weapons/SecurityTrails.yaml +++ b/weapons/SecurityTrails.yaml @@ -1,6 +1,6 @@ --- name: SecurityTrails -description: " Online dns / subdomain / recon tool|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: " Online dns / subdomain / recon tool" url: https://securitytrails.com category: tool type: diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml index 442c45e..20f0235 100644 --- a/weapons/SequenceDiagram.yaml +++ b/weapons/SequenceDiagram.yaml @@ -1,6 +1,6 @@ --- name: SequenceDiagram -description: " Online tool for creating UML sequence diagrams|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: " Online tool for creating UML sequence diagrams" url: https://sequencediagram.org category: tool type: diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml index 746898e..7c3dbc0 100644 --- a/weapons/Shodan.yaml +++ b/weapons/Shodan.yaml @@ -1,6 +1,6 @@ --- name: Shodan -description: " World's first search engine for Internet-connected devices|![](https://img.shields.io/static/v1?label=&message=it%27s%20not%20github&color=gray) " +description: " World's first search engine for Internet-connected devices" url: https://www.shodan.io/ category: tool type: From db3372eaaa165e3c6c43b5e6a00214692443afbf Mon Sep 17 00:00:00 2001 From: hahwul Date: Thu, 18 Aug 2022 23:55:54 +0900 Subject: [PATCH 36/42] Update --- scripts/fetch_lang.rb | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 scripts/fetch_lang.rb diff --git a/scripts/fetch_lang.rb b/scripts/fetch_lang.rb new file mode 100644 index 0000000..6eb359e --- /dev/null +++ b/scripts/fetch_lang.rb @@ -0,0 +1,30 @@ +# https://api.github.com/repos/hahwul/dalfox/languages +# +# +require 'yaml' + +langs = [] +Dir.entries("./weapons").each do | name | + if name.strip != "." || name != ".." + begin + data = YAML.load(File.open("./weapons/#{name}")) + if data['url'].include? "//github.com" + t = data['url'].split("/") + lang = `curl -s https://api.github.com/repos/#{t[3]}/#{t[4]}/languages | jq 'to_entries | max_by(.value) | .key'` + lang_str = lang.gsub("\"","").gsub("\n","") + if lang_str != "documentation_url" + puts 'hit' + data['lang'] = lang_str + yaml_data = YAML.dump(data) + File.write("./weapons/#{filename}", yaml_data) + langs.push lang_str + else + puts 'denied' + end + sleep(1.5.minutes) + end + rescue + end + end + end +puts langs.uniq \ No newline at end of file From 2ad89e76452272f8407109483565643114a30358 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 09:07:59 +0900 Subject: [PATCH 37/42] Update --- scripts/fetch_lang.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/fetch_lang.rb b/scripts/fetch_lang.rb index 6eb359e..8934997 100644 --- a/scripts/fetch_lang.rb +++ b/scripts/fetch_lang.rb @@ -13,15 +13,15 @@ Dir.entries("./weapons").each do | name | lang = `curl -s https://api.github.com/repos/#{t[3]}/#{t[4]}/languages | jq 'to_entries | max_by(.value) | .key'` lang_str = lang.gsub("\"","").gsub("\n","") if lang_str != "documentation_url" - puts 'hit' + puts "hit #{filename}" data['lang'] = lang_str yaml_data = YAML.dump(data) File.write("./weapons/#{filename}", yaml_data) langs.push lang_str else - puts 'denied' + puts "denied #{filename}" end - sleep(1.5.minutes) + sleep(90) end rescue end From 6915ffba4a350c32f45f3eeb6231d7c125ecda48 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 14:33:44 +0900 Subject: [PATCH 38/42] Update erb script --- scripts/erb.rb | 99 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 70 insertions(+), 29 deletions(-) diff --git a/scripts/erb.rb b/scripts/erb.rb index 71c4e5a..8ad58dc 100644 --- a/scripts/erb.rb +++ b/scripts/erb.rb @@ -60,9 +60,12 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons -- OS: Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) -- Browser-Addon: Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) -- Tool-Addon: ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) +*Attributes* +| | Attributes | +|-------|---------------------------------------------------| +| Types | `Recon` `Fuzzer` `Scanner` `Exploit` `Utils` `Etc`| +| Tags | <%= tags.uniq.join ' ' %> | +| Langs | <%= langs.uniq.join ' ' %> | ### Tools <%= tools %> @@ -82,48 +85,86 @@ I would like to thank everyone who helped with this project 👍😎 }.gsub(/^ /, '') -head = "| Type | Name | Description | Star | Badges |\n" -head = head + "| --- | --- | --- | --- | --- |" +tags = [] +langs = [] +head = "| Type | Name | Description | Star | Tags | Badges |\n" +head = head + "| --- | --- | --- | --- | --- | --- |" tools = head + "\n" bookmarklets = head + "\n" browser_addons = head + "\n" tool_addons = head + "\n" +weapons = [] +weapons_obj = { + "recon"=> [], + "fuzzer"=> [], + "scanner"=> [], + "exploit"=> [], + "utils"=> [], + "etc"=> [] +} + Dir.entries("./weapons/").each do | name | if name != '.' && name != '..' begin data = YAML.load(File.open("./weapons/#{name}")) - name = data['name'] - popularity = "x" - - if data['url'].length > 0 - name = "[#{name}](#{data['url']})" - end - - if data['url'].include? "github.com" - split_result = data['url'].split "//github.com/" - popularity = "![](https://img.shields.io/github/stars/#{split_result[1]}?label=%20)" - end - badge = generate_badge(data['platform']) - badge = badge + generate_tags(data['tags']) - line = "|#{data['type']}|#{name}|#{data['description']}|#{popularity}|#{badge}|" - case data['category'] - when 'tool' - tools = tools + line + "\n" - when 'tool-addon' - tool_addons = tool_addons + line + "\n" - when 'browser-addon' - browser_addons = browser_addons + line + "\n" - when 'bookmarklet' - bookmarklets = bookmarklets + line + "\n" + if data['type'] != "" && data['type'] != nil + weapons_obj[data['type'].downcase].push data else - puts name + weapons_obj['etc'].push data end rescue => e puts e end end end +weapons_obj.each do |key,value| + weapons.concat value +end + +weapons.each do | data | + begin + name = data['name'] + temp_tags = [] + data['tags'].each do |t| + temp_tags.push "`#{t}`" + end + tags.concat temp_tags + lang_badge = "" + if data['lang'].length > 0 && data['lang'] != "null" + langs.push "`#{data['lang']}`" + lang_badge = "![](./images/#{data['lang'].downcase}.png)" + end + + popularity = "" + + if data['url'].length > 0 + name = "[#{name}](#{data['url']})" + end + + if data['url'].include? "github.com" + split_result = data['url'].split "//github.com/" + popularity = "![](https://img.shields.io/github/stars/#{split_result[1]}?label=%20)" + end + badge = generate_badge(data['platform']) + badge = badge + generate_tags(data['tags']) + line = "|#{data['type']}|#{name}|#{data['description']}|#{popularity}|#{temp_tags.join ' '}|#{badge}#{lang_badge}|" + case data['category'].downcase + when 'tool' + tools = tools + line + "\n" + when 'tool-addon' + tool_addons = tool_addons + line + "\n" + when 'browser-addon' + browser_addons = browser_addons + line + "\n" + when 'bookmarklet' + bookmarklets = bookmarklets + line + "\n" + else + puts name + end + rescue => e + puts e + end +end markdown = ERB.new(template, trim_mode: "%<>") #puts markdown.result From 4d191bb9df0b806306bf21a87ddedb5de0a29364 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 14:33:52 +0900 Subject: [PATCH 39/42] Update fetch_lang --- scripts/fetch_lang.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/fetch_lang.rb b/scripts/fetch_lang.rb index 8934997..0001a74 100644 --- a/scripts/fetch_lang.rb +++ b/scripts/fetch_lang.rb @@ -13,17 +13,18 @@ Dir.entries("./weapons").each do | name | lang = `curl -s https://api.github.com/repos/#{t[3]}/#{t[4]}/languages | jq 'to_entries | max_by(.value) | .key'` lang_str = lang.gsub("\"","").gsub("\n","") if lang_str != "documentation_url" - puts "hit #{filename}" + puts "hit #{name}" data['lang'] = lang_str yaml_data = YAML.dump(data) - File.write("./weapons/#{filename}", yaml_data) + File.write("./weapons/#{name}", yaml_data) langs.push lang_str else - puts "denied #{filename}" + puts "denied #{name}" end sleep(90) end - rescue + rescue => e + puts e end end end From f613267a87447745c2d58fc558d29608978b7258 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 16:26:26 +0900 Subject: [PATCH 40/42] Update --- CONTRIBUTING.md | 22 +- README.md | 613 +++++++++--------- images/c#.png | Bin 0 -> 1002 bytes images/c.png | Bin 0 -> 1118 bytes images/go.png | Bin 0 -> 629 bytes images/html.png | Bin 0 -> 813 bytes images/java.png | Bin 0 -> 898 bytes images/javascript.png | Bin 0 -> 759 bytes images/kotlin.png | Bin 0 -> 1064 bytes images/perl.png | Bin 0 -> 872 bytes images/php.png | Bin 0 -> 780 bytes images/python.png | Bin 0 -> 757 bytes images/ruby.png | Bin 0 -> 1192 bytes images/rust.png | Bin 0 -> 1223 bytes images/shell.png | Bin 0 -> 592 bytes images/typescript.png | Bin 0 -> 757 bytes scripts/erb.rb | 4 +- scripts/for_migration/apply_platform.rb | 14 + scripts/{ => for_migration}/fetch_lang.rb | 0 scripts/{ => for_migration}/migration.rb | 0 scripts/validate_weapons.rb | 22 + weapons/230-OOB.yaml | 7 +- weapons/3klCon.yaml | 6 +- weapons/AWSBucketDump.yaml | 7 +- weapons/Amass.yaml | 7 +- weapons/Arjun.yaml | 7 +- weapons/Assetnote_Wordlists.yaml | 7 +- weapons/Atlas.yaml | 4 +- weapons/AuthMatrix.yaml | 11 +- weapons/Autorize.yaml | 11 +- weapons/Blacklist3r.yaml | 4 +- weapons/BruteX.yaml | 4 +- weapons/Bug-Bounty-Toolz.yaml | 4 +- weapons/BurpBounty.yaml | 8 +- weapons/BurpCustomizer.yaml | 8 +- weapons/BurpJSLinkFinder.yaml | 8 +- weapons/BurpSuite-Secret_Finder.yaml | 6 +- weapons/BurpSuite.yaml | 4 +- weapons/BurpSuiteHTTPSmuggler.yaml | 8 +- weapons/BurpSuiteLoggerPlusPlus.yaml | 8 +- weapons/CSP_Evaluator.yaml | 9 +- weapons/CT_subdomains.yaml | 9 +- weapons/Chaos_Web.yaml | 2 +- .../Chromium-based-XSS-Taint-Tracking.yaml | 9 +- weapons/CorsMe.yaml | 4 +- weapons/Corsy.yaml | 4 +- weapons/CyberChef.yaml | 9 +- weapons/DNSDumpster.yaml | 7 +- weapons/DOMPurify.yaml | 12 +- weapons/DSSS.yaml | 9 +- weapons/Dark_Reader.yaml | 7 +- weapons/Dark_Reader_for_Safari.yaml | 6 +- weapons/DeepViolet.yaml | 12 +- weapons/DirDar.yaml | 12 +- weapons/DotGit.yaml | 9 +- weapons/Edit-This-Cookie.yaml | 8 +- weapons/Emissary.yaml | 9 +- weapons/FavFreak.yaml | 4 +- weapons/Findsploit.yaml | 9 +- weapons/Gf-Patterns.yaml | 4 +- weapons/GitMiner.yaml | 4 +- weapons/Gopherus.yaml | 4 +- weapons/GraphQLmap.yaml | 4 +- weapons/HRS.yaml | 9 +- weapons/HUNT.yaml | 9 +- weapons/Hack-Tools.yaml | 9 +- weapons/HydraRecon.yaml | 9 +- weapons/IntruderPayloads.yaml | 8 +- weapons/JSFScan.sh.yaml | 5 +- weapons/LFISuite.yaml | 4 +- weapons/LinkFinder.yaml | 4 +- weapons/MM3_ProxySwitch.yaml | 7 +- weapons/NoSQLMap.yaml | 4 +- weapons/OneForAll.yaml | 4 +- weapons/OpenRedireX.yaml | 9 +- weapons/Osmedeus.yaml | 4 +- weapons/PPScan.yaml | 9 +- weapons/ParamSpider.yaml | 7 +- weapons/Parth.yaml | 7 +- weapons/PayloadsAllTheThings.yaml | 9 +- weapons/Phoenix.yaml | 7 +- weapons/Photon.yaml | 4 +- weapons/PoC-in-GitHub.yaml | 9 +- weapons/RustScan.yaml | 4 +- weapons/S3Scanner.yaml | 7 +- weapons/SQLNinja.yaml | 7 +- weapons/SQL_Ninja.yaml | 7 +- weapons/SSRFmap.yaml | 7 +- weapons/STEWS.yaml | 9 +- weapons/SecLists.yaml | 4 +- weapons/SecretFinder.yaml | 4 +- weapons/SecurityTrails.yaml | 7 +- weapons/SequenceDiagram.yaml | 7 +- weapons/Shodan.yaml | 7 +- weapons/Silver.yaml | 4 +- weapons/Sn1per.yaml | 4 +- weapons/Stepper.yaml | 8 +- weapons/Striker.yaml | 4 +- weapons/SubOver.yaml | 12 +- weapons/Sublist3r.yaml | 7 +- weapons/Taipan.yaml | 9 +- weapons/TukTuk.yaml | 7 +- weapons/User-Agent_Switcher.yaml | 6 +- weapons/VHostScan.yaml | 4 +- weapons/Wayback_Machine.yaml | 6 +- weapons/Web-Cache-Vulnerability-Scanner.yaml | 9 +- weapons/XSRFProbe.yaml | 9 +- weapons/XSStrike.yaml | 7 +- weapons/XSpear.yaml | 7 +- weapons/XXEinjector.yaml | 12 +- weapons/a2sv.yaml | 7 +- weapons/altdns.yaml | 7 +- weapons/anew.yaml | 4 +- weapons/apkleaks.yaml | 7 +- weapons/aquatone.yaml | 7 +- weapons/arachni.yaml | 4 +- weapons/assetfinder.yaml | 7 +- weapons/attack-surface-detector-zap.yaml | 8 +- weapons/auto-repeater.yaml | 8 +- weapons/autochrome.yaml | 9 +- weapons/axiom.yaml | 7 +- weapons/bat.yaml | 4 +- weapons/boast.yaml | 7 +- weapons/bountyplz.yaml | 7 +- weapons/burl.yaml | 7 +- weapons/burp-exporter.yaml | 8 +- weapons/burp-piper.yaml | 8 +- weapons/burp-retire-js.yaml | 9 +- weapons/burp-send-to.yaml | 8 +- weapons/c-jwt-cracker.yaml | 7 +- weapons/can-i-take-over-xyz.yaml | 4 +- weapons/cariddi.yaml | 4 +- weapons/cc.py.yaml | 4 +- weapons/cf-check.yaml | 4 +- weapons/chaos-client.yaml | 4 +- weapons/clear-cache.yaml | 8 +- weapons/collaborator-everywhere.yaml | 8 +- weapons/commix.yaml | 4 +- weapons/community-scripts.yaml | 8 +- weapons/confused.yaml | 4 +- weapons/cookie-quick-manager.yaml | 8 +- weapons/corsair_scan.yaml | 4 +- weapons/crawlergo.yaml | 4 +- weapons/crlfuzz.yaml | 4 +- weapons/csp-auditor.yaml | 12 +- weapons/curl.yaml | 9 +- weapons/dalfox.yaml | 7 +- weapons/dirsearch.yaml | 4 +- weapons/ditto.yaml | 9 +- weapons/dmut.yaml | 12 +- weapons/dnsobserver.yaml | 13 +- weapons/dnsprobe.yaml | 7 +- weapons/dnsvalidator.yaml | 12 +- weapons/dnsx.yaml | 12 +- weapons/docem.yaml | 13 +- weapons/domdig.yaml | 7 +- weapons/dontgo403.yaml | 12 +- weapons/dotdotpwn.yaml | 4 +- weapons/eval_villain.yaml | 11 +- weapons/ezXSS.yaml | 7 +- weapons/femida.yaml | 8 +- weapons/feroxbuster.yaml | 9 +- weapons/ffuf.yaml | 4 +- weapons/fhc.yaml | 9 +- weapons/findom-xss.yaml | 7 +- weapons/findomain.yaml | 7 +- weapons/fockcache.yaml | 9 +- weapons/fuzzparam.yaml | 9 +- weapons/fzf.yaml | 4 +- weapons/gau.yaml | 4 +- weapons/gauplus.yaml | 9 +- weapons/gee.yaml | 9 +- weapons/getJS.yaml | 9 +- weapons/gf.yaml | 4 +- weapons/gitGraber.yaml | 4 +- weapons/github-endpoints.yaml | 9 +- weapons/github-regexp.yaml | 9 +- weapons/github-search.yaml | 4 +- weapons/github-subdomains.yaml | 9 +- weapons/gitleaks.yaml | 9 +- weapons/gitls.yaml | 9 +- weapons/gitrob.yaml | 4 +- weapons/go-dork.yaml | 4 +- weapons/gobuster.yaml | 4 +- weapons/gospider.yaml | 4 +- weapons/gotator.yaml | 9 +- weapons/gotestwaf.yaml | 9 +- weapons/gowitness.yaml | 4 +- weapons/graphql-voyager.yaml | 4 +- weapons/grc.yaml | 9 +- weapons/grex.yaml | 9 +- weapons/gron.yaml | 4 +- weapons/h2csmuggler.yaml | 4 +- weapons/hacks.yaml | 4 +- weapons/hakcheckurl.yaml | 9 +- weapons/hakrawler.yaml | 4 +- weapons/hakrevdns.yaml | 4 +- weapons/haktrails.yaml | 9 +- weapons/hashcat.yaml | 9 +- weapons/headi.yaml | 9 +- weapons/hetty.yaml | 4 +- weapons/hinject.yaml | 4 +- weapons/htcat.yaml | 4 +- weapons/http-request-smuggler.yaml | 8 +- weapons/http-request-smuggling.yaml | 9 +- weapons/http-script-generator.yaml | 9 +- weapons/http2smugl.yaml | 9 +- weapons/httpie.yaml | 9 +- weapons/httprobe.yaml | 4 +- weapons/httptoolkit.yaml | 9 +- weapons/httpx.yaml | 4 +- weapons/hurl.yaml | 9 +- weapons/inql.yaml | 8 +- weapons/interactsh.yaml | 12 +- weapons/intrigue-core.yaml | 4 +- weapons/jaeles.yaml | 4 +- weapons/jsfuck.yaml | 12 +- weapons/jsonwebtoken.github.io.yaml | 12 +- weapons/jsprime.yaml | 9 +- weapons/jwt-cracker.yaml | 7 +- weapons/jwt-hack.yaml | 7 +- weapons/kiterunner.yaml | 9 +- weapons/knife.yaml | 8 +- weapons/knock.yaml | 7 +- weapons/lazyrecon.yaml | 4 +- weapons/longtongue.yaml | 9 +- weapons/masscan.yaml | 4 +- weapons/medusa.yaml | 4 +- weapons/meg.yaml | 4 +- weapons/megplus.yaml | 4 +- weapons/naabu.yaml | 4 +- weapons/nikto.yaml | 4 +- weapons/nmap.yaml | 5 +- weapons/nosqli.yaml | 4 +- weapons/nuclei.yaml | 4 +- weapons/ob_hacky_slack.yaml | 9 +- weapons/owasp-zap-jwt-addon.yaml | 11 +- weapons/oxml_xxe.yaml | 4 +- weapons/pagodo.yaml | 9 +- weapons/param-miner.yaml | 11 +- weapons/parameth.yaml | 9 +- weapons/pentest-tools.yaml | 4 +- weapons/pet.yaml | 5 +- weapons/plution.yaml | 9 +- weapons/postMessage-tracker.yaml | 8 +- weapons/ppfuzz.yaml | 9 +- weapons/ppmap.yaml | 9 +- weapons/proxify.yaml | 9 +- weapons/puredns.yaml | 9 +- weapons/pwncat.yaml | 5 +- weapons/qsreplace.yaml | 4 +- weapons/quickjack.yaml | 9 +- weapons/rapidscan.yaml | 4 +- weapons/recon_profile.yaml | 4 +- weapons/reconftw.yaml | 9 +- weapons/reflect.yaml | 10 +- weapons/reflected-parameters.yaml | 8 +- weapons/rengine.yaml | 4 +- weapons/rusolver.yaml | 12 +- weapons/s3reverse.yaml | 7 +- weapons/safecopy.yaml | 8 +- weapons/scilla.yaml | 4 +- weapons/security-crawl-maze.yaml | 9 +- weapons/security-research-pocs.yaml | 9 +- weapons/shuffledns.yaml | 4 +- weapons/singularity.yaml | 9 +- weapons/slackcat.yaml | 9 +- weapons/smuggler.yaml | 4 +- weapons/sn0int.yaml | 9 +- weapons/spiderfoot.yaml | 9 +- weapons/sqliv.yaml | 12 +- weapons/sqlmap.yaml | 5 +- weapons/ssrf-sheriff.yaml | 4 +- weapons/subfinder.yaml | 7 +- weapons/subgen.yaml | 12 +- weapons/subjack.yaml | 7 +- weapons/subjs.yaml | 9 +- weapons/subs_all.yaml | 7 +- weapons/subzy.yaml | 12 +- weapons/taborator.yaml | 11 +- weapons/template-generator.yaml | 4 +- weapons/testssl.sh.yaml | 4 +- weapons/thc-hydra.yaml | 4 +- weapons/tiscripts.yaml | 9 +- weapons/tplmap.yaml | 9 +- weapons/turbo-intruder.yaml | 8 +- weapons/uncover.yaml | 9 +- weapons/unfurl.yaml | 4 +- weapons/urlgrab.yaml | 4 +- weapons/urlhunter.yaml | 9 +- weapons/urlprobe.yaml | 4 +- weapons/uro.yaml | 9 +- weapons/waybackurls.yaml | 4 +- weapons/weaponised-XSS-payloads.yaml | 9 +- weapons/web_cache_poison.yaml | 9 +- weapons/websocket-connection-smuggler.yaml | 9 +- weapons/wfuzz.yaml | 4 +- weapons/wprecon.yaml | 9 +- weapons/wpscan.yaml | 4 +- weapons/ws-smuggler.yaml | 9 +- weapons/wssip.yaml | 9 +- weapons/wuzz.yaml | 4 +- weapons/x8.yaml | 9 +- weapons/xsinator.com.yaml | 9 +- weapons/xss-cheatsheet-data.yaml | 7 +- weapons/xsscrapy.yaml | 7 +- weapons/xsser.yaml | 7 +- weapons/xssor2.yaml | 12 +- weapons/xxeserv.yaml | 9 +- weapons/ysoserial.net.yaml | 4 +- weapons/ysoserial.yaml | 4 +- weapons/zap-cli.yaml | 4 +- weapons/zap-hud.yaml | 8 +- weapons/zaproxy.yaml | 9 +- weapons/zdns.yaml | 12 +- 315 files changed, 1634 insertions(+), 1121 deletions(-) create mode 100644 images/c#.png create mode 100644 images/c.png create mode 100644 images/go.png create mode 100644 images/html.png create mode 100644 images/java.png create mode 100644 images/javascript.png create mode 100644 images/kotlin.png create mode 100644 images/perl.png create mode 100644 images/php.png create mode 100644 images/python.png create mode 100644 images/ruby.png create mode 100644 images/rust.png create mode 100644 images/shell.png create mode 100644 images/typescript.png create mode 100644 scripts/for_migration/apply_platform.rb rename scripts/{ => for_migration}/fetch_lang.rb (100%) rename scripts/{ => for_migration}/migration.rb (100%) create mode 100644 scripts/validate_weapons.rb diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 53e663f..a7e24c5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,19 +10,19 @@ name: App Name description: App Description url: App URL # https://github.com/hahwul/dalfox category: tool # tool / tool-addon / browser-addon / bookmarklet -type: # fuzzer / scanner / enum / etc... +type: # recon / fuzzer / scanner / exploit / utils / etc platform: -- linux # linux -- macos # macos application -- windows # windows application -- firefox # firefox addon -- safari # safari addon -- chrome # chrome addon -- zap # zap addon -- burpsuite # burpsuite addon +- linux # linux +- macos # macos application +- windows # windows application +- firefox # firefox addon +- safari # safari addon +- chrome # chrome addon +- zap # zap addon +- burpsuite # burpsuite addon # If supported crossplatform, you write out all three (linux/macos/windows) -lang: [] -tags: [] +lang: [] # go / python / ruby / rust / etc... +tags: [] # xss / sqli / ssrf / oast / etc... ``` ![1415](https://user-images.githubusercontent.com/13212227/98445635-00db1e00-215c-11eb-8a59-d7d21dd98db0.png) diff --git a/README.md b/README.md index 0fa4124..40317ac 100644 --- a/README.md +++ b/README.md @@ -24,319 +24,322 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun - [Thanks to contributor](#thanks-to-contributor) ## Weapons -- OS: Linux(![](./images/linux.png)) macOS(![](./images/apple.png)) Windows(![](./images/windows.png)) -- Browser-Addon: Firefox(![](./images/firefox.png)) Safari(![](./images/safari.png)) Chrome(![](./images/chrome.png)) -- Tool-Addon: ZAP(![](./images/zap.png)) BurpSuite(![](./images/burp.png)) +*Attributes* +| | Attributes | +|-------|---------------------------------------------------| +| Types | `Army-Knife` `Recon` `Fuzzer` `Scanner` `Exploit` `Utils` `Etc`| +| Tags | `infra` `param` `subdomains` `dns` `domain` `apk` `jwt` `ssrf` `s3` `sqli` `aaa` `403` `xss` `ssl` `csp` `xxe` `url` `oast` `wordlist` `report` | +| Langs | `Go` `Shell` `Java` `Python` `C` `Rust` `Ruby` `JavaScript` `Perl` `PHP` `C#` `TypeScript` `BlitzBasic` `Kotlin` `HTML` `CSS` `C++` | ### Tools -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | -||[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)|| -||[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)|| -||[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|x|| -||[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)|| -||[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)|| -||[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)|| -||[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)|| -||[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|x|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)|| -||[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|x|| -||[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)|| -||[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)|| -||[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|x|| -||[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|| -||[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|| -||[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)|| -||[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|| -||[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)|| -||[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|| -||[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)|| -||[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)|| -||[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)|| -||[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)|| -||[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|x|| -||[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|| -||[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)|| -||[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)|| -||[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)|| -||[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)|| -||[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)|| -||[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)|| -||[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)|| -||[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)|| -||[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|| -||[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)|| -||[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|| -||[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)|| -||[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)|| -||[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|| -||[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)|| -||[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|| -||[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)|| -||[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|x|| -||[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)|| -||[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)|| -||[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|| -||[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)|| -||[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|| -||[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|| -||[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)|| -||[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)|| -||[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)|| -||[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|| -||[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|x|| -||[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|| -||[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)|| -||[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)|| -||[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)|| -||[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)|| -||[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)|| -||[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)| -||[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|| -||[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|x|| -||[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)|| -||[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)|| -||[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|| -||[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)|| -||[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)|| -||[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|| -||[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)|| -||[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)|| -||[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)|| -||[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)|| -||[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)|| -||[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)|| -||[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)|| -||[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)|| -||[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|x|| -||[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)|| -||[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)|| -||[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|| -||[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)|| -||[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)|| -||[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|| -||[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)|| -||[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)|| -||[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|| -||[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)|| -||[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|| -||[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)|| -||[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)|| -||[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)|| -||[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)|| -||[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)|| -||[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)|| -||[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|x|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)|| -||[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)|| -||[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)|| -||[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)|| -||[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)|| -||[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)|| -||[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|| -||[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)|| -||[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)|| -||[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)|| -||[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)|| -||[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)|| -||[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)|| -||[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -||[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | +|Army-Knife|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Army-Knife|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|`infra`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Army-Knife|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)||![](./images/java.png)| +|Army-Knife|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)||![](./images/go.png)| +|Army-Knife|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![](./images/python.png)| +|Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)||![](./images/go.png)| +|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|||| +|Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|`dns`|![](./images/go.png)| +|Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|`dns`|![](./images/rust.png)| +|Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![](./images/go.png)| +|Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/shell.png)| +|Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![](./images/python.png)| +|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)||![](./images/python.png)| +|Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![](./images/rust.png)| +|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|`dns`|![](./images/python.png)| +|Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|`domain`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Parth](https://github.com/s0md3v/Parth)|Heuristic Vulnerable Parameter Scanner |![](https://img.shields.io/github/stars/s0md3v/Parth?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|`dns`|![](./images/go.png)| +|Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![](./images/shell.png)| +|Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)||![](./images/rust.png)| +|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![](./images/go.png)| +|Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|||| +|Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![](./images/go.png)| +|Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|||| +|Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![](./images/python.png)| +|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)||![](./images/go.png)| +|Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)||![](./images/go.png)| +|Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|`apk`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)||![](./images/python.png)| +|Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)||| +|Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![](./images/rust.png)| +|Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![](./images/python.png)| +|Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)||![](./images/go.png)| +|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)||| +|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|`subdomains`|| +|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||| +|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)||![](./images/go.png)| +|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![](./images/go.png)| +|Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|`ssrf`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| +|Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![](./images/c.png)| +|Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![](./images/rust.png)| +|Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)||![](./images/rust.png)| +|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![](./images/perl.png)| +|Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![](./images/python.png)| +|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)| +|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|`sqli`|![](./images/python.png)| +|Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|`403`|![](./images/go.png)| +|Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)||![](./images/go.png)| +|Scanner|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)||![](./images/go.png)| +|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)||![](./images/go.png)| +|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)||![](./images/go.png)| +|Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![](./images/go.png)| +|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)||![](./images/javascript.png)| +|Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![](./images/go.png)| +|Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|`ssl`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Scanner|[rapidscan](https://github.com/skavngr/rapidscan)|The Multi-Tool Web Vulnerability Scanner. |![](https://img.shields.io/github/stars/skavngr/rapidscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|`ssl`|![](./images/java.png)| +|Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|`403`|![](./images/go.png)| +|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![](./images/go.png)| +|Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![](./images/javascript.png)| +|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/c.png)| +|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)||![](./images/go.png)| +|Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![](./images/go.png)| +|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)||![](./images/go.png)| +|Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)||| +|Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)||![](./images/go.png)| +|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|`xss`|![](./images/javascript.png)| +|Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| +|Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)||![](./images/shell.png)| +|Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)||![](./images/javascript.png)| +|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)||| +|Scanner|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)||| +|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||| +|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Exploit|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|||| +|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|||| +|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![](./images/python.png)| +|Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![](./images/go.png)| +|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|`xxe`|![](./images/ruby.png)| +|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![](./images/javascript.png)| +|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|`url`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|||| +|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![](./images/python.png)| +|Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/php.png)| +|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)||![](./images/shell.png)| +|Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)||![](./images/go.png)| +|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c#.png)| +|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![](./images/go.png)| +|Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)||| +|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)||![](./images/javascript.png)| +|Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![](./images/c.png)| +|Utils|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|||| +|Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|`xss`|![](./images/javascript.png)| +|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![](./images/javascript.png)| +|Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![](./images/rust.png)| +|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|`oast`|![](./images/go.png)| +|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|`oast` `dns`|![](./images/go.png)| +|Utils|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)||| +|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/shell.png)| +|Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|`xss`|![](./images/javascript.png)| +|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|`xxe` `xss`|![](./images/python.png)| +|Utils|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)||![](./images/html.png)| +|Utils|[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|||| +|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![](./images/go.png)| +|Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|`xxe`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/go.png)| +|Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)||![](./images/shell.png)| +|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)||![](./images/go.png)| +|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![](./images/go.png)| +|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![](./images/go.png)| +|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![](./images/go.png)| +|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![](./images/go.png)| +|Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|`wordlist`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/css.png)| +|Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|`report`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[Gf-Patterns](https://github.com/1ndianl33t/Gf-Patterns)|GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep |![](https://img.shields.io/github/stars/1ndianl33t/Gf-Patterns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![](./images/javascript.png)| +|Utils|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)||![](./images/c++.png)| +|Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![](./images/javascript.png)| +|Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)||| +|Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||| +|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||| +|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||| +|Utils|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)||| +|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| ### Bookmarklets -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | ### Browser Addons -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | -||[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)|![firefox](./images/firefox.png)| -||[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|x|![safari](./images/safari.png)| -||[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|x|![chrome](./images/chrome.png)| -||[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)|![chrome](./images/chrome.png)| -||[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|x|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|x|![safari](./images/safari.png)| -||[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|x|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)|![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -||[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)|![chrome](./images/chrome.png)| -||[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)|![firefox](./images/firefox.png)| -||[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|![firefox](./images/firefox.png)| +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | +|Recon|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|||![safari](./images/safari.png)| +|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|`jwt`|![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)||![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/typescript.png)| +|Utils|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|||![safari](./images/safari.png)| +|Utils|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|||![chrome](./images/chrome.png)| +|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)||![chrome](./images/chrome.png)![](./images/javascript.png)| +|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +|Utils|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|||![chrome](./images/chrome.png)![firefox](./images/firefox.png)| +|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)||![chrome](./images/chrome.png)![](./images/javascript.png)| +|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![firefox](./images/firefox.png)![](./images/javascript.png)| +|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|`xss`|![firefox](./images/firefox.png)![](./images/javascript.png)| ### Burpsuite and ZAP Addons -| Type | Name | Description | Star | Badges | -| --- | --- | --- | --- | --- | -||[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)|![burp](./images/burp.png)| -||[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|![burp](./images/burp.png)| -||[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)|![burp](./images/burp.png)| -||[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|![burp](./images/burp.png)| -||[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)|![zap](./images/zap.png)| -||[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|![burp](./images/burp.png)| -||[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)|![burp](./images/burp.png)| -||[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)|![burp](./images/burp.png)| -||[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)|![burp](./images/burp.png)| -||[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)|![burp](./images/burp.png)| -||[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)|![burp](./images/burp.png)| -||[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)|![burp](./images/burp.png)| -||[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)|![burp](./images/burp.png)| -||[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)|![burp](./images/burp.png)| -||[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)|![burp](./images/burp.png)| -||[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|![burp](./images/burp.png)| -||[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)|![zap](./images/zap.png)| -||[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)|![burp](./images/burp.png)| -||[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)|![burp](./images/burp.png)| -||[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)|![burp](./images/burp.png)| -||[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)|![burp](./images/burp.png)| -||[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)|![burp](./images/burp.png)| -||[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)|![burp](./images/burp.png)| -||[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)|![burp](./images/burp.png)![zap](./images/zap.png)| -||[reflect](https://github.com/TypeError/reflect)||![](https://img.shields.io/github/stars/TypeError/reflect?label=%20)|![zap](./images/zap.png)| -||[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|![zap](./images/zap.png)| -||[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)|![burp](./images/burp.png)| -||[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)|![zap](./images/zap.png)| -||[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)|![burp](./images/burp.png)| -||[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)|![burp](./images/burp.png)| +| Type | Name | Description | Star | Tags | Badges | +| --- | --- | --- | --- | --- | --- | +|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Recon|[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/python.png)| +|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)||![zap](./images/zap.png)![](./images/java.png)| +|Recon|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)||![burp](./images/burp.png)| +|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/javascript.png)| +|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|`param`|![burp](./images/burp.png)![](./images/java.png)| +|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|`aaa`|![burp](./images/burp.png)![](./images/python.png)| +|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|`aaa`|![burp](./images/burp.png)![](./images/python.png)| +|Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|`csp`|![burp](./images/burp.png)![zap](./images/zap.png)![](./images/java.png)| +|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)||![burp](./images/burp.png)| +|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|`oast`|![burp](./images/burp.png)![](./images/java.png)| +|Utils|[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)||![burp](./images/burp.png)![](./images/blitzbasic.png)| +|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![burp](./images/burp.png)![](./images/kotlin.png)| +|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![burp](./images/burp.png)| +|Utils|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)||![burp](./images/burp.png)![](./images/blitzbasic.png)| +|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/java.png)| +|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![zap](./images/zap.png)![](./images/java.png)| +|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![burp](./images/burp.png)![](./images/python.png)| +|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![burp](./images/burp.png)![](./images/java.png)| +|Utils|[reflect](https://github.com/TypeError/reflect)||![](https://img.shields.io/github/stars/TypeError/reflect?label=%20)||![zap](./images/zap.png)| +|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|`jwt`|![zap](./images/zap.png)![](./images/java.png)| +|Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![burp](./images/burp.png)![](./images/kotlin.png)| +|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![zap](./images/zap.png)![](./images/javascript.png)| +|Utils|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)||![burp](./images/burp.png)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 diff --git a/images/c#.png b/images/c#.png new file mode 100644 index 0000000000000000000000000000000000000000..46ca24ffe1f1ed68fcd494c2fbdb06cc3c4dec6c GIT binary patch literal 1002 zcmVPx#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+1R7pfZR5%fJRBcF8Q5b&iwrZQ- z)6kk|RQe+{%FIGTGqePWipnVZp&13G_6_Bapg>R(`=s_G&61L=)CkG^WHLWenuOA9 z$|Tb@vox1mEA_5>uHJiho1Gu`yzlcq=Q;0r?|Tjf_aVKKQC+hlC}M|uNI*u$J~rjv zPbHig0R<>mXJ5jF?47a4Z@FTu&9Dg3>2!;rw)4Tc^2WR(F2V|~4%xIO_u!*WsYL3* z1s2IA*m@`kL8}y?T(xo^0=hsxQjxw9cW=_Dsa=Cz4_ zSeLAFh1_gY_fP1aeHGz)V?#0Z@X`RypnMKdDgKCv_Z1QU=ZqNbXe|B0hTEGBc;8`y z%vH?OPqv_#!!`>iv#r8QD$-VmD=|&kP?E1@;&TNig8WE1rsi#8{2ZS~bl+BoZUsx?(f(G8>TWqe1qyEs!miAR=xV zC&M0@bv#vzc#s&q+6j?Q9Fx(4`pS1~`&_L^K}>Q8@~czft&&5N+YWuxuplV+6xYXM z`o#-Q*=(pN*5Z#%XvE8DwRmDUjEj3}us%V}ijf8U868uzyZ|u*S1Mp0u;clQDh%|S z*q97Tcp-$bDV(|ykAP(!IDaP*{>*H%PUAy|MG%}~et_#Bt#e>ot}DdcF*_#Ehod=Z zxOut-UcO6Ec%m6$>z2aMHOg}NpF*yc-70jyL`tEy{|clsp2Bu(aeWTX-AqKY{RGOd z>oGG;^I}AiG&Wlpnx@gHdxJ7vmMAOYd>gf5c7{fv+P&e^x88+OOHMa;H%JYgt!*7t zi&jV0qNJz+N6sd(Hunh#^yW;_+*)tITWt@EDXgX0{PnVpUyyo$BM+&#~niv=R?j2|NTw~bptGA5eztk8#C><4-;TA(Z7e39Th zC=12@*9!QH3(2jRpMPV#We^pFBkH$>1lc8W_=YmVdJ0m}!{`J(`3Wzh92lMJ_J20| Y3%n;Ja`e!k=l}o!07*qoM6N<$g5Nv3(f|Me literal 0 HcmV?d00001 diff --git a/images/c.png b/images/c.png new file mode 100644 index 0000000000000000000000000000000000000000..02f73265dc4e1e2e8c41616e49c443d041bee01b GIT binary patch literal 1118 zcmV-k1flzhP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+1$Vo&&R5%fZRBdQmWfXqyN0T&3 z)1+&PttnQvZqrejI`-iosfZ){Q8wL%KUz=*but_q!yf}j3!{R#AqW$yAOky*mBA3^ z7swR$qt)TM)wQ}6*L3|%o2KcqG`YF=zMk{mM3dFc1Mkg!&pGe&KF>Ml2KXNfHf;`e z_6{HG?7ev`64_Kk>B^&yJT%zdE!4@!hu>C&(nA2%1(17+5M9a8A0PMc-*5dFu=b#H zT{P<6`0Vbjp3RXj=(YnC_m$+hp(rnTvf-Vc%D|WwZk}5jA2Lhg<@7syuX-)bbw;(7 zc1qF(1SP1b&>bOplRY;1q&49n{A6V@#R#<^#!|w_c}j>nfEEWLxY(ynAfc# zowe}&jd={*Ug9)tZw_MTGhz5W8s6Kp7G3?L`243~B=4_4war@2k$|e^(gba|LM*cg z_SugU7@11bpg1-BZfG78B(?4NT6}cr1}ur!m2JCECFrHu!x~-KwY&Xg_(^^ zr=?WBSsDR&=hKbhP)*TG96|@2;5Di@XJ^X z_g1o`;~&z6o7kaC3<>zJclFzfVc^=GDcqi0fMwaM6CUtLKw(=pv6ResG`O2v)&|gX z;TlG#=fDh0%|&E#CeLGu338B0n%orL@X*dKIrH^O%No>&R2mDL04XMyKuuGHP+h!E`b|-;1KKU8L zcasG$B`%CipFMT!G$sekvbv(}gDTBe+e;PON0;d~f$%VRoD$2DaOqX&RGx}{&I(wE z@abC_DS;m4fb3ltb)zb{U4Q!J_k}H3t25~wbIhPagXZWD$B`Gm;%2{54Dhd0lv2;) zn1$KjWA-_swG7r-tDV}(H+Z2nf)ke)*Hfb`eZ6LBB`+NSw{Ezm`kN^MY5%1q@_-L*`+x;hh|pQ>uR$?KaSe(UY+BNMJ~ovx^`bW&^L z1fhLEtk@?)jvtR!oFxbN&l92k~sc7Ph+dHInwmthLZy-BOmjAlx>j#w^W|W5r ztn+xtp!I|A+K2Dw!wt@!Idt~J+t7y%;>pr~#ap8mw3{MMxw#;p~7x?m^026~o;iS|jmW}+NDED;rb6Mw<&;$TQ CC<9#p literal 0 HcmV?d00001 diff --git a/images/html.png b/images/html.png new file mode 100644 index 0000000000000000000000000000000000000000..1cae86df3762d2237ccdc35b13c560cbeea3c50f GIT binary patch literal 813 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VV{wqX6T`Z5GB1G~m(&Q)G+$o^ zEg+kNfw4W4fd!-lh^2s-fq{7eBLg##W(0{XV1mnvEMP{kK?*nB{qUE8foZy@i(`m| z;M^&`8N!Yt$NwA8_6>V19_IAtfYe9kRV#J5oU~XkI)4ms`Jfi$s`6;*yuFozHlANs z*>cWu-m8%jVDp2Ki=;DHoXF z{%h0j_q~06YdEFnfgMjBb374&c6;IWlywyJNXZ?gI2fH1dfmK46T#uf} zZc=VK(P{Xiak0boHixrKRy9mXWn7Ow-|o1V6V=#s>R0ZxOFmBdH(4{hjQ50ZUJj`z&(z(z>_1eHJe)KHP0EdE1r+ZEn+g&g|K0J3*J{M8x*Xt>+dy%(I-# z#joee68eApxlPO|3{$52A7f?K46QfpVYhZWW;ey^RNtD-CwkxRIJxBVr7r0th9}a3 zx3@5tW;J=NYYUTm^M)~E<=KMe@xKDA=D+AUrs=qKZG9zs=+B4t4|UAQG#YB&*rR{quo7nY}`5oL(!!%>vn6`$0R}5d< z?32D=wdjr8zyAKZwrt+-=YPZ*O7Cc1pXcXL&7xVqT)8RW$W&?ZzrS>C_C0k!>-X-A o%7aP~ThqQx0cDHMRK?XZ$Td9unRxAKCn%|Uy85}Sb4q9e07Ow)lmGw# literal 0 HcmV?d00001 diff --git a/images/java.png b/images/java.png new file mode 100644 index 0000000000000000000000000000000000000000..481d970d99702403872d721079d2d0241fd34efe GIT binary patch literal 898 zcmV-|1AY97P)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+0>`6pHR5%f(lwU|wQ5?s==iIGL z=NglxCM6c3g>Hrh^tFLA_WnJ@n8+ZxLidLHdx{OPZo6sfi2h zk0wzqG5<|XolV`{?&)`D>SEKheh<6n{?70FIp6d9T_#}zA=1*cI?l~aF4x>@GQQeI zsJvrhLMk*{vO?`GT%&Ay{a--Cu(Ojun#BHoHy9h0 zxqPbv(5wYr(_w^jxPeLRNk>xBj)K9#VruwlcT`m7zW^C5iAEAKOHa?!U7W{8Oiqr` zdlwC6a1q$8MNzj2aaMES0l`zg(tLm>S_nnlNBzAw_)z0f1p?4LK6WNNf6qlN_>37- z17CnN6E;sbp}pz^+8=&a>w^0syL4d2ui#!QvM(gzXt9oPF2exURDH?&sD zq@O~0qe2EuDs1(LkJqETsRY^C1oI!N-h`p7-hh(UE&jEtE^Ro3vgWI(s92sw@Rij< zzqlnA@TGu>t@KWAm;}KFAjB&ec^7`l+c7%qMpeNO?Ndh#~-J$h?D;%)0B z7H0f?gz=pPsb@z}S2s^(pMEp`cmz8vZQKb+9L%!-rny1iUpg6xBo+M!vOaSB2)DB; zS15uQY}w%oaDQPm4(8v5P+t14)l%(%HC92)zA%jW!eG$K(9F)F{h1aTT?B+2iHvib zu)qhkIO2{+Dc}n%-T86`en#U)oC|c+27fmv;4mM zxnc2)`~1Z}7CzT{{KkMmeXZ9M>-0Zy{ql zx*vQ=>yQhN9%D@C&;O0fihdSl-G2VUCQX!gUzl-@8Qa3yULu1283k7jE3VHfnR`%k zcF{(TIdA+I*4E2RIl!3Oc*s{NedEFvjLM6( zn8Yt{h-y6jTqdJvcERtuu=58Trup71FnYIGF!cVO#dq5_+m^j~yCqR}sm|%P<6KHt zR-`S;+jQo_wv$}tdwVVzv)(GkLBiJO1M`Q4*Qh;nDwQ^}*Tdz81xc#L~Kco$BRzXB#Fay;J2YbY02P= zuM8L7)O{SG(0bk3l4tMfhXLWdPUl5sUzB((`0V9$x$XbHO^@U19&VW%{Je#K`}&C$ z7FSMu4%GkuYhP=A{_0C#54qh}y?;0H@y3VKT#s#f?7hU?Y@L#S?~3wMA54VjmMDGo z33GmO+Gg2gSBp17f24IbM0nK;$W9Vs{wBqHBY0`W|F>T0d?z{!o`pU?xGU<|j{bse kToX0dd74-6R{vec)Y$#jA@Sf%PEexrboFyt=akR{05OL?D*ylh literal 0 HcmV?d00001 diff --git a/images/kotlin.png b/images/kotlin.png new file mode 100644 index 0000000000000000000000000000000000000000..1dd25d995c0426aba9e8b5813c05782d118eabc2 GIT binary patch literal 1064 zcmV+@1lRkCP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+1l1W5CR5%fhRZVDBM-={M=3al2 zCO%(ce695bOd_#QNkYK3v=pj^(p7O0cq`qAVnl)jMJ0Ow&a=_V=&g+h_gSV?J# z3$?g&(M^3~sUYYk5XJZxllwE{cjiV7@gY6rzL`67<~!f{&Y2rPtW;XU-yj=%Lx9hs zwO$}BmEiqkl=p>ey}jT$K*_#PBJc4WYGzbr#wN z0OznaHkcb4nVlY&Ba)_0HDcv57y%+P57_J;Voy4P5A;id1!O}oOEB&``LVExQb&fP z`)4W@zR}2VnM*VbgTg6^sN@fA@dNChyNCuR<3u{ebso?JvUH$JoQBJeesuWeX)X&J zZ{!UoLw`D^a)O|F`x3imej^x}X=*Le{FX3u(8jsMgeQK#_u>?n-++k^Q=V01m`cW$ zpdE9Q7XDGK6qO1KbI*`q^o`Q+WU(@FjGI{`L7KO$C<>v3DJ0LZ_wjW!IC9oO zmZD>F)J=p_tj3%+rw)$&ca-k$fC*++6ovT1=sAWauc6T;)Q|~(UrCEvTYuoeRRO0-`^)V*wn?KHkuY(G^`j2(P1JvG=uf zmqov!>S(2=j=F@B<}HXFQL_>3-ykf zB8vL^jb9Bge$MYQ=gUp4xX{wcYOAbkMF+8Ll&<`A-8Wx1B>A=*Pj64KQQsQlN=Ibu zgymRM5f@gsiDtqmd+3wMoTFzdEos$2N6&Z17c=!m*|zE1en!n-TD=NqKVIv>B+wgM z$WU%T_Aagd+2TT(DNL!Ir5*b(u35R_T(QOXpa3nzSU8srd1nIDn^T9)^@WXf^-axx zN%aFM%2*+H_iSrUdN|@8l<%t?k_^ky8?9f-}DL-K4f8-h3 iqR)M;e*yn*4R{3u5N}Lc{1nRo0000Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+0(n&-?R5%f(RP9SsVH7{--s`T* z-Uvk*hK7a{$2CLmX17uaj&8Gc0?~ez zTY?4%JO<#(&&*qb4%fI_Lpr2L1R7$oW)=S#si@KCyU3iSV>y__7!xxKjkt;Zl?!n; zkIvS5ceg9n613axlK>P|1fvwo*n$iu!{t|#ShKpMRi!M!Q0UbprQ|z-DMkJT;^G2yjI4*^VS1r0?*x zJw(7(UZ?Y{aEWtsEcBL}YHUVgYhupqC8W`jukSk|k--mAbkT$|F>it~sR7E5geCeI5AZi#^ViI!-hC-1EK4(uL zaP!OTO!RcYs=_WHTo(>M{UnMPv4PD%xj z$5&6F?P1sYPsl3hbb9Lq(qRMjkZjiV*eq(3r>0}W2ggQ(Ju;U9-N6%16&HK0-*dLL yF&dlN?(lalx0~_3e*b;BlmBf7D_BQauG%kLR_c6#!uT}+0000X#WBP} zaP1V|4B-KmE=w!7A$scCquW0&urG7)TS);KH z>-L+hCLP(y2mWXIGI~y1HhCStN?^@ey%XowXWZ8@WsPMH5f$uO=YyW!rCX6j=Vg_cW+F8&uOtFH^DVh*Z9Gm7^!_` z_9cs(-rrAq__1Q5*VzM)-#V;JNwD1R6Y3QZI<-b)hPGp%$fRSztsC>gwM4u;&h9yW z+x&8Yg_|Hp$)g(|?T#b|hWN}hxuRe>_r%j84Y6(s?=O>0gw`E(o2Z}T*t#n9SnR%E zlhQn;iy6!FzCS*8!s65}hI!$ETGJ;+|6<&J-2WgGt8Su}Wt;3=#T;H4CEm(U6B7d5 zO;?9`+`7aP`{J!F_u3@^)j3%@%KS&)y0`u@J*zOk?9Kgh2HAgiBO=z=E*6z&juO2j z)^uR)$zw9FdO6Qu3XKruJ#$Im%YVb3V}7e2-w2L8e|pxZR||UINE+-GbcoHFw*1%p zYq7WNCT)A%^ex>?l0#<6^iG9|BD1&Xq(2HQGOBy2@A&!1w;i2JmV#2Er>mdKI;Vst E0L4p1S^xk5 literal 0 HcmV?d00001 diff --git a/images/python.png b/images/python.png new file mode 100644 index 0000000000000000000000000000000000000000..992962b19dd1540a4efac515c24c6d93b8c93f43 GIT binary patch literal 757 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VV{wqX6T`Z5GB1G~m(&Q)G+$o^ zEg+kNfw4W4fd!-lh^2s-fq{7eBLg##W(0{XV1mnvEMP{kK?*nB{qUE8fhpe8#WBP} z@M^GchOnbZo$=(mOENN}1nO7Gb>$v(KDw>rR#w0TZ&8n=|XiYCaz0&wJnhe)hI{ zGsFL13H9C^wtoM4a@RClTb_-Q2cB}&RQ>bLy0XRiyP6#Tt*Ki=d9B$$iCgr`vG?tl z*ubo~v1HQw_G_|SiAR~&vuO1cFJ7OZU*ph{u5EG1g5yHsngg62AxzT^+v0m8{;<4# z{?d4v;DU+Y7HRF5;E;T`Yl{35YrUWzqvt|`p<;zb!8Ye+gex9gV*R=3@baq7)w7lF zPIUL*Ki8_f`jS$gP*rm9qW>C?FKYL2Pflw&5;*IW%i5-8@%f!fLD^BfP8&SVh#ZfK z&N`PNf4|`KzsAE-F}bD(eoBa5<3H#)c$~1PTfA8LXj`mgjedVThydm4tqJF=*C&bDfgNu^Q<1!|g7&?nw`~5uBY~`6n z>%Y#PR9#!UQ}#v_;hl%VWs6~2;N^+jAelF{r5}E)hPD8x_ literal 0 HcmV?d00001 diff --git a/images/ruby.png b/images/ruby.png new file mode 100644 index 0000000000000000000000000000000000000000..fd0830079efab043bfceec9b8ac93c78f12249ed GIT binary patch literal 1192 zcmV;Z1XufsP)Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+25=lfsR5%fpR9$FXMHoFZcXsdo z8uBNh!S=xxL@J0W)gY80NI@t_O#&KUWPKDYXi+JIJSY??eTbDJ_}B;OlPD?`eM_D~ zECq?gn3!#|>t>Vg-@SYPXU1=KQ!!K@IxyUsoo~*ZbH49e;1R|QU{N@u$q&9}eP}%N z!=clIP3`L&&j`mW$xiz@_ikAS>%T|dpPQmp-O=qN-e`O3YAM9J3IAWf#l=N??)0g- z%C*bqy_MxNA`Xg~l)y;oT|{F?_3cX+nd3NciL}r8hLcTZ<}2|X@n4Llrl!Qp-NvV@ zZ@uL53u12^QFF-Xo&usHPr5YIit@M@_vblTtjtp3xj z*O^Kf*FcJ*(wrefpo6ELCtw%;eiOBQS8clq_vtN~Tk{R~sY47WCnvKLLG60==UcN} z$(|oX011IYX>e{KVkxxNHpwh{Kxv+*M_QUAR4kw<{SV;6!U8`(XkYvF^873a%pxG8 z5(bRcu>!`Y-$Zk54J|K(q6f@TUTciO(tA==X{&m7Xo2z8{+X482PS!SVO!b-lW)+ObAk0u9Mf)fO6xvw|PrI|NuPZ@%5!yPxq1$*}o1D6$zm{oy>= z?iRBPIcQ>Km>7nd=vz{ONm-+9Uscd(oXgdBrX{n`O@J-|Ml@*&mM`Gs>@?)^x2Syn z3DQvqA^F!~99@d{3BnE)Qh;HIo`=$DzVdi6Z@U8p+-*4sNTX?q!Lc!%c-byeHF0 zjJ4*H*ik{zWU#FSg7XB7Z-e~rG2H$5y(5L05{_N?2%|e?@R1S7ziN8v=1qoJYQc;d z#x3%eP#IMxxyA%1X0*@Qsi0`-I-G+hZ>;?$cYgRD+2JDcrkPfM#O4>*A*nokDOrxnW4mD8r_QHD&caCDx(7 z%xDAy;DN2-PmGSXH#~R6uruR)>>niTa1V=SRY z-N-8DcQmRZ5njb{x&uJC(0Al8U~kudz*uEU&P+q{k;dOTkpf8x{ZL*20000Px#L}ge>W=%~1DgXcg2mk?xX#fNO00031000^Q000001E2u_0{{R30RRC20H6W@ z1ONa40RR916rckD1ONa40RR916aWAK0J7ci{Qv+2F-b&0R5%fhR9kG6RS=$Y&VSqO zZo787rBq8V)LuZXAZTbIVvHA(LL_*L#>ChNL{T4nFdCnH(S#U%@P>^KCMGIsNP~tq zsZy|k`ckb3)ItdbdfP3#-T!(n&RIegE#f36|D1DXzJKPMGXwDdgrJ#T*OhA;?b%!# z&$xxyeB9b8sLWA>QdCuygLr?MC%ql}&%2AE8~;4q)C{(1I(Jz#*j`AOjSAE{LdcL( zV1gtac}4HTyYa1UPOs1X!2_cZ{2k+}2oG)qV?0$|PZU3-0G8;WFw;{?sb18R2>dvH zTQmRxHK~ZPp?+>^{GNW``b>+?q$E1BbD2y7D1H=CQWEGZ-;HLgclXV9L~(Mu+@(WW z|NcT)?UvQP<|b}Rg?7c!KhQ_}Ucq5kloe^GtF6*Ffcvyk`C7gcnmJ%KxCiXh_JM zPTMVU=oXCUaMOt)ctNcCw3k@+sqa*&(5?h-rTT|s8+Ij^)V&}KV^A>*BsD|?-cm)4 z4heFaNU_ePbO&OTib4#0XPAAF+liJhj}*FjqGp0y4iN&w zXo+xw7}9^D8Nhz#q2{#d=a*6$p(PUCloLaEX2yuh)O{wrY_7i#+^58GP}}tCzFmhgPh1(je#9>Hs>dNKpHRq0Z%u# zCGPIN{l>kaovy@U{EEx%A0FL4Hb+j4jErFOfaXX(c3Z{jO-;tzSei=QufUbN72#!E1Si9{sbS0*O_^fxnBSP002ovPDHLkV1l4BAHV)zg!d&qPU35_DaVjX&0}Pg)dfWtgLBy!sRhdhBZ*Z)k$p9NAr9$ zLp3&O=c!Y}?%kYO`MJ_s?bmy6rzWrU*Q=+d{xtLrw)B_ybm{Y+n^{|boq0d2M)k6Z z{I0w2CN-Ysi=4Js@xBpD!D}0xSxyLh2t<^}eqVhx%hpiAT`@L&_vUWV)TM#jcn*Ki>r3`#l~`qF zEKy+3dC_Cik&SPHwT;=5PkK)Ju|Y&NdYbFsy7>WqYl~Zh5>9q4x?$jPQ-gy^s@Kg# zuHSW;XkX}c&E%5`Dh;hG1aDqS+PL6gf&xP%+v+3t*}Rk1*l(3=b3FWT!m`VnrBraqeI)HajF8V&czfXMFY1ArY$#fT@*ZH(d}XK^BbT36x&3x$ zt>Mx`52j3UD!=@4%9Pm&Ty`^{ zZ&eZ$!!}-aD^Q%o`&z!)HD>e4x@XUK8qYi-A)I=hx%}Okx!=#-`F*Z7pTV(y|H;*I zKNy)8n2Ius)IWMz?Z0qEtxE0%lUWBAPLvUQn{OyQ&$?fIvU;fqm)@}}GU}ZtlsN1Q$!e}T9spTW-emM+UAwPG5yOu zx4<2%xNIsO&D>uhze?n=#C+TTOKn&T@BLh~Ay?zn4gEkL--CB+_`j7OxiImbj=r=> z5$mii>VE601Z|Dk;dnE;;}GLNg}TV+yVl-{*|PQP?Amxot#uC{R`5-3wiYzL7G1#| z_$Q{R`>c;}OjBx_(h~Eu{f8Fpx4G1MF~+*@>$c=ag`88{e&<`eCT~;n;F!KAe15&- zvtQXUbAEOhvzI@((l}+$y_hKlpWerL?VWtT`{hL*9<7ga4{H&2fifaZwR*8eu6pdgfjb^*+*A7cFSxqy=@#<7uS2l!k_QPqg(49 hCkG$@JHJl!fd8bJM | | Langs | <%= langs.uniq.join ' ' %> | @@ -96,6 +96,7 @@ tool_addons = head + "\n" weapons = [] weapons_obj = { + "army-knife" => [], "recon"=> [], "fuzzer"=> [], "scanner"=> [], @@ -147,7 +148,6 @@ weapons.each do | data | popularity = "![](https://img.shields.io/github/stars/#{split_result[1]}?label=%20)" end badge = generate_badge(data['platform']) - badge = badge + generate_tags(data['tags']) line = "|#{data['type']}|#{name}|#{data['description']}|#{popularity}|#{temp_tags.join ' '}|#{badge}#{lang_badge}|" case data['category'].downcase when 'tool' diff --git a/scripts/for_migration/apply_platform.rb b/scripts/for_migration/apply_platform.rb new file mode 100644 index 0000000..3bb8fe1 --- /dev/null +++ b/scripts/for_migration/apply_platform.rb @@ -0,0 +1,14 @@ +require 'yaml' + +Dir.entries("./weapons").each do | name | + if name.strip != "." || name != ".." + begin + data = YAML.load(File.open("./weapons/#{name}")) + data['platform'] = ['linux','macos','windows'] + yaml_data = YAML.dump(data) + File.write("./weapons/#{name}", yaml_data) + rescue => e + puts e + end + end +end \ No newline at end of file diff --git a/scripts/fetch_lang.rb b/scripts/for_migration/fetch_lang.rb similarity index 100% rename from scripts/fetch_lang.rb rename to scripts/for_migration/fetch_lang.rb diff --git a/scripts/migration.rb b/scripts/for_migration/migration.rb similarity index 100% rename from scripts/migration.rb rename to scripts/for_migration/migration.rb diff --git a/scripts/validate_weapons.rb b/scripts/validate_weapons.rb new file mode 100644 index 0000000..27e9aed --- /dev/null +++ b/scripts/validate_weapons.rb @@ -0,0 +1,22 @@ +require 'yaml' + +Dir.entries("./weapons").each do | name | + if name.strip != "." || name != ".." + begin + data = YAML.load(File.open("./weapons/#{name}")) + if data['type'] == "" || data['type'] == nil + puts "./weapons/#{name} :: none-type" + end + if data['lang'] == "" || data['lang'] == nil || data['lang'].length == 0 + if data['url'].include? "github.com" + puts "./weapons/#{name} :: none-lang" + end + end + if data['tags'].length == 0 || data['tags'] == nil + #puts "#{name} :: none-tags" + end + rescue => e + puts e + end + end +end \ No newline at end of file diff --git a/weapons/230-OOB.yaml b/weapons/230-OOB.yaml index 3ed2664..9555b1d 100644 --- a/weapons/230-OOB.yaml +++ b/weapons/230-OOB.yaml @@ -3,10 +3,11 @@ name: 230-OOB description: An Out-of-Band XXE server for retrieving file contents over FTP. url: https://github.com/lc/230-OOB category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xxe diff --git a/weapons/3klCon.yaml b/weapons/3klCon.yaml index 0e0409a..bdd1647 100644 --- a/weapons/3klCon.yaml +++ b/weapons/3klCon.yaml @@ -4,10 +4,10 @@ description: Automation Recon tool which works with Large & Medium scopes. It pe more than 20 tasks and gets back all the results in separated files. url: https://github.com/eslam3kl/3klCon category: tool -type: -platform: +type: Recon +platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/AWSBucketDump.yaml b/weapons/AWSBucketDump.yaml index fc276a4..e0c7269 100644 --- a/weapons/AWSBucketDump.yaml +++ b/weapons/AWSBucketDump.yaml @@ -3,10 +3,11 @@ name: AWSBucketDump description: Security Tool to Look For Interesting Files in S3 Buckets url: https://github.com/jordanpotti/AWSBucketDump category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- s3 diff --git a/weapons/Amass.yaml b/weapons/Amass.yaml index 275fcc5..23faaf2 100644 --- a/weapons/Amass.yaml +++ b/weapons/Amass.yaml @@ -3,10 +3,11 @@ name: Amass description: 'In-depth Attack Surface Mapping and Asset Discovery ' url: https://github.com/OWASP/Amass category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/Arjun.yaml b/weapons/Arjun.yaml index 51e68e4..ae193f4 100644 --- a/weapons/Arjun.yaml +++ b/weapons/Arjun.yaml @@ -3,10 +3,11 @@ name: Arjun description: 'HTTP parameter discovery suite. ' url: https://github.com/s0md3v/Arjun category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- param diff --git a/weapons/Assetnote_Wordlists.yaml b/weapons/Assetnote_Wordlists.yaml index 7ea78a2..cc92dca 100644 --- a/weapons/Assetnote_Wordlists.yaml +++ b/weapons/Assetnote_Wordlists.yaml @@ -3,10 +3,11 @@ name: Assetnote Wordlists description: Automated & Manual Wordlists provided by Assetnote url: https://github.com/assetnote/wordlists category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: CSS +tags: +- wordlist diff --git a/weapons/Atlas.yaml b/weapons/Atlas.yaml index 9b0ee6d..b7a216f 100644 --- a/weapons/Atlas.yaml +++ b/weapons/Atlas.yaml @@ -3,10 +3,10 @@ name: Atlas description: 'Quick SQLMap Tamper Suggester ' url: https://github.com/m4ll0k/Atlas category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/AuthMatrix.yaml b/weapons/AuthMatrix.yaml index 86fda63..3196ec1 100644 --- a/weapons/AuthMatrix.yaml +++ b/weapons/AuthMatrix.yaml @@ -3,8 +3,11 @@ name: AuthMatrix description: url: https://github.com/SecurityInnovation/AuthMatrix category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Python +tags: +- aaa diff --git a/weapons/Autorize.yaml b/weapons/Autorize.yaml index e73e1a5..708b528 100644 --- a/weapons/Autorize.yaml +++ b/weapons/Autorize.yaml @@ -3,8 +3,11 @@ name: Autorize description: url: https://github.com/Quitten/Autorize category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Python +tags: +- aaa diff --git a/weapons/Blacklist3r.yaml b/weapons/Blacklist3r.yaml index 317493c..7d980e0 100644 --- a/weapons/Blacklist3r.yaml +++ b/weapons/Blacklist3r.yaml @@ -3,10 +3,10 @@ name: Blacklist3r description: 'project-blacklist3r ' url: https://github.com/NotSoSecure/Blacklist3r category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: C# tags: [] diff --git a/weapons/BruteX.yaml b/weapons/BruteX.yaml index 1fde598..bae8821 100644 --- a/weapons/BruteX.yaml +++ b/weapons/BruteX.yaml @@ -3,10 +3,10 @@ name: BruteX description: Automatically brute force all services running on a target. url: https://github.com/1N3/BruteX category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/Bug-Bounty-Toolz.yaml b/weapons/Bug-Bounty-Toolz.yaml index 28c4e0f..028db79 100644 --- a/weapons/Bug-Bounty-Toolz.yaml +++ b/weapons/Bug-Bounty-Toolz.yaml @@ -3,10 +3,10 @@ name: Bug-Bounty-Toolz description: 'BBT - Bug Bounty Tools ' url: https://github.com/m4ll0k/Bug-Bounty-Toolz category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/BurpBounty.yaml b/weapons/BurpBounty.yaml index 7e07818..e7956ec 100644 --- a/weapons/BurpBounty.yaml +++ b/weapons/BurpBounty.yaml @@ -3,8 +3,10 @@ name: BurpBounty description: url: https://github.com/wagiro/BurpBounty category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: BlitzBasic tags: [] diff --git a/weapons/BurpCustomizer.yaml b/weapons/BurpCustomizer.yaml index cd2d029..70d5876 100644 --- a/weapons/BurpCustomizer.yaml +++ b/weapons/BurpCustomizer.yaml @@ -3,8 +3,10 @@ name: BurpCustomizer description: Because just a dark theme wasn't enough! url: https://github.com/CoreyD97/BurpCustomizer category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/BurpJSLinkFinder.yaml b/weapons/BurpJSLinkFinder.yaml index 556ac96..e6573f0 100644 --- a/weapons/BurpJSLinkFinder.yaml +++ b/weapons/BurpJSLinkFinder.yaml @@ -3,8 +3,10 @@ name: BurpJSLinkFinder description: url: https://github.com/InitRoot/BurpJSLinkFinder category: tool-addon -type: +type: Recon platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/BurpSuite-Secret_Finder.yaml b/weapons/BurpSuite-Secret_Finder.yaml index ac9a4af..336cca8 100644 --- a/weapons/BurpSuite-Secret_Finder.yaml +++ b/weapons/BurpSuite-Secret_Finder.yaml @@ -3,8 +3,10 @@ name: BurpSuite-Secret_Finder description: url: https://github.com/m4ll0k/BurpSuite-Secret_Finder category: tool-addon -type: +type: Recon platform: -- burpsuite +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/BurpSuite.yaml b/weapons/BurpSuite.yaml index 1caab35..85fa8b9 100644 --- a/weapons/BurpSuite.yaml +++ b/weapons/BurpSuite.yaml @@ -3,10 +3,10 @@ name: BurpSuite description: the BurpSuite Project url: https://portswigger.net/burp category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Java tags: [] diff --git a/weapons/BurpSuiteHTTPSmuggler.yaml b/weapons/BurpSuiteHTTPSmuggler.yaml index 7952c28..f1312ed 100644 --- a/weapons/BurpSuiteHTTPSmuggler.yaml +++ b/weapons/BurpSuiteHTTPSmuggler.yaml @@ -3,8 +3,10 @@ name: BurpSuiteHTTPSmuggler description: url: https://github.com/nccgroup/BurpSuiteHTTPSmuggler category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/BurpSuiteLoggerPlusPlus.yaml b/weapons/BurpSuiteLoggerPlusPlus.yaml index 1a496a0..b763350 100644 --- a/weapons/BurpSuiteLoggerPlusPlus.yaml +++ b/weapons/BurpSuiteLoggerPlusPlus.yaml @@ -3,8 +3,10 @@ name: BurpSuiteLoggerPlusPlus description: url: https://github.com/nccgroup/BurpSuiteLoggerPlusPlus category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/CSP_Evaluator.yaml b/weapons/CSP_Evaluator.yaml index 90a42f5..4dc9aa4 100644 --- a/weapons/CSP_Evaluator.yaml +++ b/weapons/CSP_Evaluator.yaml @@ -1,9 +1,12 @@ --- name: CSP Evaluator -description: "Online CSP Evaluator from google" +description: Online CSP Evaluator from google url: https://csp-evaluator.withgoogle.com category: tool -type: -platform: [] +type: Utils +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/CT_subdomains.yaml b/weapons/CT_subdomains.yaml index 22782a4..f64212d 100644 --- a/weapons/CT_subdomains.yaml +++ b/weapons/CT_subdomains.yaml @@ -4,7 +4,10 @@ description: 'An hourly updated list of subdomains gathered from certificate tra logs ' url: https://github.com/internetwache/CT_subdomains category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/Chaos_Web.yaml b/weapons/Chaos_Web.yaml index 7120bad..cf49ebb 100644 --- a/weapons/Chaos_Web.yaml +++ b/weapons/Chaos_Web.yaml @@ -4,7 +4,7 @@ description: " actively scan and maintain internet-wide assets' data. enhance re and analyse changes around DNS for better insights." url: https://chaos.projectdiscovery.io category: tool -type: +type: Recon platform: - linux - macos diff --git a/weapons/Chromium-based-XSS-Taint-Tracking.yaml b/weapons/Chromium-based-XSS-Taint-Tracking.yaml index faf61f0..e5f8f10 100644 --- a/weapons/Chromium-based-XSS-Taint-Tracking.yaml +++ b/weapons/Chromium-based-XSS-Taint-Tracking.yaml @@ -4,7 +4,10 @@ description: Cyclops is a web browser with XSS detection feature, it is chromium xss detection that used to find the flows from a source to a sink. url: https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/CorsMe.yaml b/weapons/CorsMe.yaml index df42b31..c0581f7 100644 --- a/weapons/CorsMe.yaml +++ b/weapons/CorsMe.yaml @@ -3,10 +3,10 @@ name: CorsMe description: 'Cross Origin Resource Sharing MisConfiguration Scanner ' url: https://github.com/Shivangx01b/CorsMe category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/Corsy.yaml b/weapons/Corsy.yaml index 0ba303b..747f22b 100644 --- a/weapons/Corsy.yaml +++ b/weapons/Corsy.yaml @@ -3,10 +3,10 @@ name: Corsy description: 'CORS Misconfiguration Scanner ' url: https://github.com/s0md3v/Corsy category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/CyberChef.yaml b/weapons/CyberChef.yaml index b98c5b0..6782c1a 100644 --- a/weapons/CyberChef.yaml +++ b/weapons/CyberChef.yaml @@ -4,7 +4,10 @@ description: 'The Cyber Swiss Army Knife - a web app for encryption, encoding, c and data analysis ' url: https://github.com/gchq/CyberChef category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/DNSDumpster.yaml b/weapons/DNSDumpster.yaml index 3d0ccc7..c91f9e8 100644 --- a/weapons/DNSDumpster.yaml +++ b/weapons/DNSDumpster.yaml @@ -3,7 +3,10 @@ name: DNSDumpster description: " Online dns recon & research, find & lookup dns records" url: https://dnsdumpster.com category: tool -type: -platform: [] +type: Recon +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/DOMPurify.yaml b/weapons/DOMPurify.yaml index dec97ff..15ca57b 100644 --- a/weapons/DOMPurify.yaml +++ b/weapons/DOMPurify.yaml @@ -5,7 +5,11 @@ description: 'DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer fo configurability and hooks. Demo:' url: https://github.com/cure53/DOMPurify category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/DSSS.yaml b/weapons/DSSS.yaml index 4508b8c..a4e5903 100644 --- a/weapons/DSSS.yaml +++ b/weapons/DSSS.yaml @@ -3,7 +3,10 @@ name: DSSS description: Damn Small SQLi Scanner url: https://github.com/stamparm/DSSS category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Dark_Reader.yaml b/weapons/Dark_Reader.yaml index 7c2d0a6..0994c3d 100644 --- a/weapons/Dark_Reader.yaml +++ b/weapons/Dark_Reader.yaml @@ -3,9 +3,10 @@ name: Dark Reader description: Dark mode to any site url: https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh category: browser-addon -type: +type: Utils platform: -- chrome -- firefox +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Dark_Reader_for_Safari.yaml b/weapons/Dark_Reader_for_Safari.yaml index 26fb6d2..342be92 100644 --- a/weapons/Dark_Reader_for_Safari.yaml +++ b/weapons/Dark_Reader_for_Safari.yaml @@ -3,8 +3,10 @@ name: Dark Reader for Safari description: Dark mode to any site url: https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180 category: browser-addon -type: +type: Utils platform: -- safari +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/DeepViolet.yaml b/weapons/DeepViolet.yaml index 6ab741a..059a4e0 100644 --- a/weapons/DeepViolet.yaml +++ b/weapons/DeepViolet.yaml @@ -3,7 +3,11 @@ name: DeepViolet description: Tool for introspection of SSL\TLS sessions url: https://github.com/spoofzu/DeepViolet category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Java +tags: +- ssl diff --git a/weapons/DirDar.yaml b/weapons/DirDar.yaml index b378091..4a73582 100644 --- a/weapons/DirDar.yaml +++ b/weapons/DirDar.yaml @@ -4,7 +4,11 @@ description: DirDar is a tool that searches for (403-Forbidden) directories to b it and get dir listing on it url: https://github.com/M4DM0e/DirDar category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go +tags: +- 403 diff --git a/weapons/DotGit.yaml b/weapons/DotGit.yaml index b5df387..6dcb1f4 100644 --- a/weapons/DotGit.yaml +++ b/weapons/DotGit.yaml @@ -3,9 +3,10 @@ name: DotGit description: An extension for checking if .git is exposed in visited websites url: https://github.com/davtur19/DotGit category: browser-addon -type: +type: Recon platform: -- chrome -- firefox -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/Edit-This-Cookie.yaml b/weapons/Edit-This-Cookie.yaml index a3b6110..66f54b7 100644 --- a/weapons/Edit-This-Cookie.yaml +++ b/weapons/Edit-This-Cookie.yaml @@ -4,8 +4,10 @@ description: EditThisCookie is the famous Google Chrome/Chromium extension for e cookies url: https://github.com/ETCExtensions/Edit-This-Cookie category: browser-addon -type: +type: Utils platform: -- chrome -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/Emissary.yaml b/weapons/Emissary.yaml index 9bf0bfd..3e6b0f7 100644 --- a/weapons/Emissary.yaml +++ b/weapons/Emissary.yaml @@ -4,7 +4,10 @@ description: Send notifications on different channels such as Slack, Telegram, D etc. url: https://github.com/BountyStrike/Emissary category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/FavFreak.yaml b/weapons/FavFreak.yaml index 2e1fcba..32346a8 100644 --- a/weapons/FavFreak.yaml +++ b/weapons/FavFreak.yaml @@ -3,10 +3,10 @@ name: FavFreak description: 'Making Favicon.ico based Recon Great again ! ' url: https://github.com/devanshbatham/FavFreak category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Findsploit.yaml b/weapons/Findsploit.yaml index db5e3b3..99d8b03 100644 --- a/weapons/Findsploit.yaml +++ b/weapons/Findsploit.yaml @@ -3,7 +3,10 @@ name: Findsploit description: Find exploits in local and online databases instantly url: https://github.com/1N3/Findsploit category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/Gf-Patterns.yaml b/weapons/Gf-Patterns.yaml index 2ae6822..170319e 100644 --- a/weapons/Gf-Patterns.yaml +++ b/weapons/Gf-Patterns.yaml @@ -4,10 +4,10 @@ description: 'GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_ parameters grep ' url: https://github.com/1ndianl33t/Gf-Patterns category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: 'null' tags: [] diff --git a/weapons/GitMiner.yaml b/weapons/GitMiner.yaml index 3d7fd64..082af2a 100644 --- a/weapons/GitMiner.yaml +++ b/weapons/GitMiner.yaml @@ -3,10 +3,10 @@ name: GitMiner description: 'Tool for advanced mining for content on Github ' url: https://github.com/UnkL4b/GitMiner category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Gopherus.yaml b/weapons/Gopherus.yaml index 80e5192..8cf9e61 100644 --- a/weapons/Gopherus.yaml +++ b/weapons/Gopherus.yaml @@ -4,10 +4,10 @@ description: 'This tool generates gopher link for exploiting SSRF and gaining RC in various servers ' url: https://github.com/tarunkant/Gopherus category: tool -type: +type: Exploit platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/GraphQLmap.yaml b/weapons/GraphQLmap.yaml index 67a1426..f5e3fd8 100644 --- a/weapons/GraphQLmap.yaml +++ b/weapons/GraphQLmap.yaml @@ -4,10 +4,10 @@ description: 'GraphQLmap is a scripting engine to interact with a graphql endpoi for pentesting purposes. ' url: https://github.com/swisskyrepo/GraphQLmap category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/HRS.yaml b/weapons/HRS.yaml index e136421..9de40f2 100644 --- a/weapons/HRS.yaml +++ b/weapons/HRS.yaml @@ -4,7 +4,10 @@ description: HTTP Request Smuggling demonstration Perl script, for variants 1, 2 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020. url: https://github.com/SafeBreach-Labs/HRS category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Perl tags: [] diff --git a/weapons/HUNT.yaml b/weapons/HUNT.yaml index e51c48c..0939c8e 100644 --- a/weapons/HUNT.yaml +++ b/weapons/HUNT.yaml @@ -3,9 +3,10 @@ name: HUNT description: url: https://github.com/bugcrowd/HUNT category: tool-addon -type: +type: Recon platform: -- burpsuite -- zap -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Hack-Tools.yaml b/weapons/Hack-Tools.yaml index 8a81641..73f9947 100644 --- a/weapons/Hack-Tools.yaml +++ b/weapons/Hack-Tools.yaml @@ -3,9 +3,10 @@ name: Hack-Tools description: "The all-in-one Red Team extension for Web Pentester \U0001F6E0" url: https://github.com/LasCC/Hack-Tools category: browser-addon -type: +type: Utils platform: -- chrome -- firefox -lang: [] +- linux +- macos +- windows +lang: TypeScript tags: [] diff --git a/weapons/HydraRecon.yaml b/weapons/HydraRecon.yaml index 7642aac..d001c43 100644 --- a/weapons/HydraRecon.yaml +++ b/weapons/HydraRecon.yaml @@ -3,7 +3,10 @@ name: HydraRecon description: All In One, Fast, Easy Recon Tool url: https://github.com/aufzayed/HydraRecon category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/IntruderPayloads.yaml b/weapons/IntruderPayloads.yaml index 02df0f1..b12cb54 100644 --- a/weapons/IntruderPayloads.yaml +++ b/weapons/IntruderPayloads.yaml @@ -3,8 +3,10 @@ name: IntruderPayloads description: url: https://github.com/1N3/IntruderPayloads category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: BlitzBasic tags: [] diff --git a/weapons/JSFScan.sh.yaml b/weapons/JSFScan.sh.yaml index aab7b35..c2da753 100644 --- a/weapons/JSFScan.sh.yaml +++ b/weapons/JSFScan.sh.yaml @@ -3,9 +3,10 @@ name: JSFScan.sh description: 'Automation for javascript recon in bug bounty. ' url: https://github.com/KathanP19/JSFScan.sh category: tool -type: +type: Recon platform: - linux - macos -lang: [] +- windows +lang: Shell tags: [] diff --git a/weapons/LFISuite.yaml b/weapons/LFISuite.yaml index 3fa0c08..135fb90 100644 --- a/weapons/LFISuite.yaml +++ b/weapons/LFISuite.yaml @@ -3,10 +3,10 @@ name: LFISuite description: 'Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner ' url: https://github.com/D35m0nd142/LFISuite category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/LinkFinder.yaml b/weapons/LinkFinder.yaml index 0565ab1..798073b 100644 --- a/weapons/LinkFinder.yaml +++ b/weapons/LinkFinder.yaml @@ -3,10 +3,10 @@ name: LinkFinder description: 'A python script that finds endpoints in JavaScript files ' url: https://github.com/GerbenJavado/LinkFinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/MM3_ProxySwitch.yaml b/weapons/MM3_ProxySwitch.yaml index d9d195b..ab4994a 100644 --- a/weapons/MM3_ProxySwitch.yaml +++ b/weapons/MM3_ProxySwitch.yaml @@ -3,9 +3,10 @@ name: MM3 ProxySwitch description: Proxy Switch in Firefox and Chrome url: https://proxy-offline-browser.com/ProxySwitch/ category: browser-addon -type: +type: Utils platform: -- chrome -- firefox +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/NoSQLMap.yaml b/weapons/NoSQLMap.yaml index b571303..16cfa5a 100644 --- a/weapons/NoSQLMap.yaml +++ b/weapons/NoSQLMap.yaml @@ -4,10 +4,10 @@ description: 'Automated NoSQL database enumeration and web application exploitat tool. ' url: https://github.com/codingo/NoSQLMap category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/OneForAll.yaml b/weapons/OneForAll.yaml index 38937ea..0055c40 100644 --- a/weapons/OneForAll.yaml +++ b/weapons/OneForAll.yaml @@ -3,10 +3,10 @@ name: OneForAll description: 'OneForAll是一款功能强大的子域收集工具 ' url: https://github.com/shmilylty/OneForAll category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/OpenRedireX.yaml b/weapons/OpenRedireX.yaml index 2634a9a..c30d23a 100644 --- a/weapons/OpenRedireX.yaml +++ b/weapons/OpenRedireX.yaml @@ -3,7 +3,10 @@ name: OpenRedireX description: A Fuzzer for OpenRedirect issues url: https://github.com/devanshbatham/OpenRedireX category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Osmedeus.yaml b/weapons/Osmedeus.yaml index 3836ad4..952f579 100644 --- a/weapons/Osmedeus.yaml +++ b/weapons/Osmedeus.yaml @@ -4,10 +4,10 @@ description: 'Fully automated offensive security framework for reconnaissance an vulnerability scanning ' url: https://github.com/j3ssie/Osmedeus category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/PPScan.yaml b/weapons/PPScan.yaml index f84cda2..9c4239b 100644 --- a/weapons/PPScan.yaml +++ b/weapons/PPScan.yaml @@ -3,7 +3,10 @@ name: PPScan description: Client Side Prototype Pollution Scanner url: https://github.com/msrkp/PPScan category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/ParamSpider.yaml b/weapons/ParamSpider.yaml index 7ee674f..746a4d7 100644 --- a/weapons/ParamSpider.yaml +++ b/weapons/ParamSpider.yaml @@ -3,10 +3,11 @@ name: ParamSpider description: 'Mining parameters from dark corners of Web Archives ' url: https://github.com/devanshbatham/ParamSpider category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- param diff --git a/weapons/Parth.yaml b/weapons/Parth.yaml index 2a3efc1..02a4178 100644 --- a/weapons/Parth.yaml +++ b/weapons/Parth.yaml @@ -3,10 +3,11 @@ name: Parth description: 'Heuristic Vulnerable Parameter Scanner ' url: https://github.com/s0md3v/Parth category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- param diff --git a/weapons/PayloadsAllTheThings.yaml b/weapons/PayloadsAllTheThings.yaml index 1f8299f..b14d3a6 100644 --- a/weapons/PayloadsAllTheThings.yaml +++ b/weapons/PayloadsAllTheThings.yaml @@ -4,7 +4,10 @@ description: 'A list of useful payloads and bypass for Web Application Security Pentest/CTF ' url: https://github.com/swisskyrepo/PayloadsAllTheThings category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/Phoenix.yaml b/weapons/Phoenix.yaml index 66fbffd..f029e8b 100644 --- a/weapons/Phoenix.yaml +++ b/weapons/Phoenix.yaml @@ -3,7 +3,10 @@ name: Phoenix description: " hahwul's online tools" url: https://www.hahwul.com/p/phoenix.html category: tool -type: -platform: [] +type: Utils +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Photon.yaml b/weapons/Photon.yaml index b3fddb6..2d8c188 100644 --- a/weapons/Photon.yaml +++ b/weapons/Photon.yaml @@ -3,10 +3,10 @@ name: Photon description: 'Incredibly fast crawler designed for OSINT. ' url: https://github.com/s0md3v/Photon category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/PoC-in-GitHub.yaml b/weapons/PoC-in-GitHub.yaml index ede7bf5..fd0aca2 100644 --- a/weapons/PoC-in-GitHub.yaml +++ b/weapons/PoC-in-GitHub.yaml @@ -3,7 +3,10 @@ name: PoC-in-GitHub description: "\U0001F4E1 PoC auto collect from GitHub. Be careful malware." url: https://github.com/nomi-sec/PoC-in-GitHub category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/RustScan.yaml b/weapons/RustScan.yaml index b5b5383..d37116c 100644 --- a/weapons/RustScan.yaml +++ b/weapons/RustScan.yaml @@ -3,10 +3,10 @@ name: RustScan description: 'Faster Nmap Scanning with Rust ' url: https://github.com/brandonskerritt/RustScan category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Rust tags: [] diff --git a/weapons/S3Scanner.yaml b/weapons/S3Scanner.yaml index 635cf53..4a66cc6 100644 --- a/weapons/S3Scanner.yaml +++ b/weapons/S3Scanner.yaml @@ -3,10 +3,11 @@ name: S3Scanner description: 'Scan for open AWS S3 buckets and dump the contents ' url: https://github.com/sa7mon/S3Scanner category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- s3 diff --git a/weapons/SQLNinja.yaml b/weapons/SQLNinja.yaml index 52bf1bb..ce1365e 100644 --- a/weapons/SQLNinja.yaml +++ b/weapons/SQLNinja.yaml @@ -3,7 +3,10 @@ name: SQLNinja description: " SQL Injection scanner" url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -type: -platform: [] +type: Exploit +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/SQL_Ninja.yaml b/weapons/SQL_Ninja.yaml index 30f3f09..7fd2ec1 100644 --- a/weapons/SQL_Ninja.yaml +++ b/weapons/SQL_Ninja.yaml @@ -3,7 +3,10 @@ name: SQL Ninja description: SQL Injection scanner url: https://gitlab.com/kalilinux/packages/sqlninja category: tool -type: -platform: [] +type: Exploit +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/SSRFmap.yaml b/weapons/SSRFmap.yaml index 77dc7b6..27a8f62 100644 --- a/weapons/SSRFmap.yaml +++ b/weapons/SSRFmap.yaml @@ -3,10 +3,11 @@ name: SSRFmap description: 'Automatic SSRF fuzzer and exploitation tool ' url: https://github.com/swisskyrepo/SSRFmap category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- ssrf diff --git a/weapons/STEWS.yaml b/weapons/STEWS.yaml index 102c178..9d1c11c 100644 --- a/weapons/STEWS.yaml +++ b/weapons/STEWS.yaml @@ -3,7 +3,10 @@ name: STEWS description: A Security Tool for Enumerating WebSockets url: https://github.com/PalindromeLabs/STEWS category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/SecLists.yaml b/weapons/SecLists.yaml index d9e63fa..7e0fab9 100644 --- a/weapons/SecLists.yaml +++ b/weapons/SecLists.yaml @@ -6,10 +6,10 @@ description: 'SecLists is the security tester''s companion. It''s a collection o payloads, web shells, and many more. ' url: https://github.com/danielmiessler/SecLists category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: PHP tags: [] diff --git a/weapons/SecretFinder.yaml b/weapons/SecretFinder.yaml index b86c7a4..dcfcb5b 100644 --- a/weapons/SecretFinder.yaml +++ b/weapons/SecretFinder.yaml @@ -4,10 +4,10 @@ description: 'SecretFinder - A python script for find sensitive data (apikeys, a and search anything on javascript files ' url: https://github.com/m4ll0k/SecretFinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/SecurityTrails.yaml b/weapons/SecurityTrails.yaml index 0c2b8b6..14e7382 100644 --- a/weapons/SecurityTrails.yaml +++ b/weapons/SecurityTrails.yaml @@ -3,7 +3,10 @@ name: SecurityTrails description: " Online dns / subdomain / recon tool" url: https://securitytrails.com category: tool -type: -platform: [] +type: Recon +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/SequenceDiagram.yaml b/weapons/SequenceDiagram.yaml index 20f0235..ad52886 100644 --- a/weapons/SequenceDiagram.yaml +++ b/weapons/SequenceDiagram.yaml @@ -3,7 +3,10 @@ name: SequenceDiagram description: " Online tool for creating UML sequence diagrams" url: https://sequencediagram.org category: tool -type: -platform: [] +type: Utils +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Shodan.yaml b/weapons/Shodan.yaml index 7c3dbc0..7e8b11d 100644 --- a/weapons/Shodan.yaml +++ b/weapons/Shodan.yaml @@ -3,7 +3,10 @@ name: Shodan description: " World's first search engine for Internet-connected devices" url: https://www.shodan.io/ category: tool -type: -platform: [] +type: Recon +platform: +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Silver.yaml b/weapons/Silver.yaml index 1a17081..852e2f8 100644 --- a/weapons/Silver.yaml +++ b/weapons/Silver.yaml @@ -3,10 +3,10 @@ name: Silver description: 'Mass scan IPs for vulnerable services ' url: https://github.com/s0md3v/Silver category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Sn1per.yaml b/weapons/Sn1per.yaml index e8de3b0..dc4695e 100644 --- a/weapons/Sn1per.yaml +++ b/weapons/Sn1per.yaml @@ -3,10 +3,10 @@ name: Sn1per description: 'Automated pentest framework for offensive security experts ' url: https://github.com/1N3/Sn1per category: tool -type: +type: Exploit platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/Stepper.yaml b/weapons/Stepper.yaml index 144b40e..db3759b 100644 --- a/weapons/Stepper.yaml +++ b/weapons/Stepper.yaml @@ -3,8 +3,10 @@ name: Stepper description: url: https://github.com/CoreyD97/Stepper category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/Striker.yaml b/weapons/Striker.yaml index ceb24d4..e3c4574 100644 --- a/weapons/Striker.yaml +++ b/weapons/Striker.yaml @@ -3,10 +3,10 @@ name: Striker description: 'Striker is an offensive information and vulnerability scanner. ' url: https://github.com/s0md3v/Striker category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/SubOver.yaml b/weapons/SubOver.yaml index 3002d26..ff6eb05 100644 --- a/weapons/SubOver.yaml +++ b/weapons/SubOver.yaml @@ -3,7 +3,11 @@ name: SubOver description: A Powerful Subdomain Takeover Tool url: https://github.com/Ice3man543/SubOver category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/Sublist3r.yaml b/weapons/Sublist3r.yaml index b7d24dd..4ccc96a 100644 --- a/weapons/Sublist3r.yaml +++ b/weapons/Sublist3r.yaml @@ -3,10 +3,11 @@ name: Sublist3r description: 'Fast subdomains enumeration tool for penetration testers ' url: https://github.com/aboul3la/Sublist3r category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- subdomains diff --git a/weapons/Taipan.yaml b/weapons/Taipan.yaml index 077c48f..d33e51f 100644 --- a/weapons/Taipan.yaml +++ b/weapons/Taipan.yaml @@ -3,7 +3,10 @@ name: Taipan description: Web application vulnerability scanner url: https://github.com/enkomio/Taipan category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/TukTuk.yaml b/weapons/TukTuk.yaml index 70b89ee..7ae4ddf 100644 --- a/weapons/TukTuk.yaml +++ b/weapons/TukTuk.yaml @@ -3,10 +3,11 @@ name: TukTuk description: 'Tool for catching and logging different types of requests. ' url: https://github.com/ArturSS7/TukTuk category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- oast diff --git a/weapons/User-Agent_Switcher.yaml b/weapons/User-Agent_Switcher.yaml index a8ee6f9..1232f2f 100644 --- a/weapons/User-Agent_Switcher.yaml +++ b/weapons/User-Agent_Switcher.yaml @@ -3,8 +3,10 @@ name: User-Agent Switcher description: quick and easy way to switch between user-agents. url: https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae category: browser-addon -type: +type: Utils platform: -- chrome +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/VHostScan.yaml b/weapons/VHostScan.yaml index 84aae21..8a43587 100644 --- a/weapons/VHostScan.yaml +++ b/weapons/VHostScan.yaml @@ -5,10 +5,10 @@ description: 'A virtual host scanner that performs reverse lookups, can be used default pages. ' url: https://github.com/codingo/VHostScan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/Wayback_Machine.yaml b/weapons/Wayback_Machine.yaml index 41ee9af..d15c821 100644 --- a/weapons/Wayback_Machine.yaml +++ b/weapons/Wayback_Machine.yaml @@ -3,8 +3,10 @@ name: Wayback Machine description: History of website url: https://apps.apple.com/us/app/wayback-machine/id1472432422 category: browser-addon -type: +type: Recon platform: -- safari +- linux +- macos +- windows lang: [] tags: [] diff --git a/weapons/Web-Cache-Vulnerability-Scanner.yaml b/weapons/Web-Cache-Vulnerability-Scanner.yaml index efe619c..d5d3b43 100644 --- a/weapons/Web-Cache-Vulnerability-Scanner.yaml +++ b/weapons/Web-Cache-Vulnerability-Scanner.yaml @@ -4,7 +4,10 @@ description: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/). url: https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/XSRFProbe.yaml b/weapons/XSRFProbe.yaml index a41f391..d8a675a 100644 --- a/weapons/XSRFProbe.yaml +++ b/weapons/XSRFProbe.yaml @@ -3,7 +3,10 @@ name: XSRFProbe description: The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit. url: https://github.com/0xInfection/XSRFProbe category: tool -type: -platform: [] -lang: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/XSStrike.yaml b/weapons/XSStrike.yaml index 49a3800..f0afba7 100644 --- a/weapons/XSStrike.yaml +++ b/weapons/XSStrike.yaml @@ -3,10 +3,11 @@ name: XSStrike description: 'Most advanced XSS scanner. ' url: https://github.com/s0md3v/XSStrike category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xss diff --git a/weapons/XSpear.yaml b/weapons/XSpear.yaml index bde6169..b2ccfbd 100644 --- a/weapons/XSpear.yaml +++ b/weapons/XSpear.yaml @@ -3,10 +3,11 @@ name: XSpear description: 'Powerfull XSS Scanning and Parameter analysis tool&gem ' url: https://github.com/hahwul/XSpear category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Ruby +tags: +- xss diff --git a/weapons/XXEinjector.yaml b/weapons/XXEinjector.yaml index 9b8b34e..8b95d04 100644 --- a/weapons/XXEinjector.yaml +++ b/weapons/XXEinjector.yaml @@ -4,7 +4,11 @@ description: Tool for automatic exploitation of XXE vulnerability using direct a different out of band methods. url: https://github.com/enjoiz/XXEinjector category: tool -type: -platform: [] -lang: [] -tags: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: Ruby +tags: +- xxe diff --git a/weapons/a2sv.yaml b/weapons/a2sv.yaml index 8a7ef78..9e6f284 100644 --- a/weapons/a2sv.yaml +++ b/weapons/a2sv.yaml @@ -3,10 +3,11 @@ name: a2sv description: 'Auto Scanning to SSL Vulnerability ' url: https://github.com/hahwul/a2sv category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- ssl diff --git a/weapons/altdns.yaml b/weapons/altdns.yaml index 9afb35b..1c66994 100644 --- a/weapons/altdns.yaml +++ b/weapons/altdns.yaml @@ -4,10 +4,11 @@ description: 'Generates permutations, alterations and mutations of subdomains an then resolves them ' url: https://github.com/infosec-au/altdns category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- dns diff --git a/weapons/anew.yaml b/weapons/anew.yaml index d562597..7a325e8 100644 --- a/weapons/anew.yaml +++ b/weapons/anew.yaml @@ -3,10 +3,10 @@ name: anew description: A tool for adding new lines to files, skipping duplicates url: https://github.com/tomnomnom/anew category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/apkleaks.yaml b/weapons/apkleaks.yaml index a9f137f..ae3e605 100644 --- a/weapons/apkleaks.yaml +++ b/weapons/apkleaks.yaml @@ -3,10 +3,11 @@ name: apkleaks description: 'Scanning APK file for URIs, endpoints & secrets. ' url: https://github.com/dwisiswant0/apkleaks category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- apk diff --git a/weapons/aquatone.yaml b/weapons/aquatone.yaml index 4eeac56..710bb3d 100644 --- a/weapons/aquatone.yaml +++ b/weapons/aquatone.yaml @@ -3,10 +3,11 @@ name: aquatone description: 'A Tool for Domain Flyovers ' url: https://github.com/michenriksen/aquatone category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- domain diff --git a/weapons/arachni.yaml b/weapons/arachni.yaml index a78eac0..3b8a27b 100644 --- a/weapons/arachni.yaml +++ b/weapons/arachni.yaml @@ -3,10 +3,10 @@ name: arachni description: 'Web Application Security Scanner Framework ' url: https://github.com/Arachni/arachni category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/assetfinder.yaml b/weapons/assetfinder.yaml index e0c22ad..4d4a75a 100644 --- a/weapons/assetfinder.yaml +++ b/weapons/assetfinder.yaml @@ -3,10 +3,11 @@ name: assetfinder description: 'Find domains and subdomains related to a given domain ' url: https://github.com/tomnomnom/assetfinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/attack-surface-detector-zap.yaml b/weapons/attack-surface-detector-zap.yaml index de27bd2..b156acd 100644 --- a/weapons/attack-surface-detector-zap.yaml +++ b/weapons/attack-surface-detector-zap.yaml @@ -3,8 +3,10 @@ name: attack-surface-detector-zap description: url: https://github.com/secdec/attack-surface-detector-zap category: tool-addon -type: +type: Recon platform: -- zap -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/auto-repeater.yaml b/weapons/auto-repeater.yaml index 7abafaa..4440522 100644 --- a/weapons/auto-repeater.yaml +++ b/weapons/auto-repeater.yaml @@ -3,8 +3,10 @@ name: auto-repeater description: url: https://github.com/PortSwigger/auto-repeater category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/autochrome.yaml b/weapons/autochrome.yaml index 1ba3a16..26bba11 100644 --- a/weapons/autochrome.yaml +++ b/weapons/autochrome.yaml @@ -3,7 +3,10 @@ name: autochrome description: This tool downloads, installs, and configures a shiny new copy of Chromium. url: https://github.com/nccgroup/autochrome category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: HTML tags: [] diff --git a/weapons/axiom.yaml b/weapons/axiom.yaml index 5d31727..1bc71ae 100644 --- a/weapons/axiom.yaml +++ b/weapons/axiom.yaml @@ -3,10 +3,11 @@ name: axiom description: 'A dynamic infrastructure toolkit for red teamers and bug bounty hunters! ' url: https://github.com/pry0cc/axiom category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] -tags: [] +lang: Shell +tags: +- infra diff --git a/weapons/bat.yaml b/weapons/bat.yaml index 4f156cf..41821bb 100644 --- a/weapons/bat.yaml +++ b/weapons/bat.yaml @@ -3,10 +3,10 @@ name: bat description: A cat(1) clone with wings. url: https://github.com/sharkdp/bat category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Rust tags: [] diff --git a/weapons/boast.yaml b/weapons/boast.yaml index 98896d3..6997403 100644 --- a/weapons/boast.yaml +++ b/weapons/boast.yaml @@ -3,10 +3,11 @@ name: boast description: The BOAST Outpost for AppSec Testing (v0.1.0) url: https://github.com/marcoagner/boast category: tool -types: OAST +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- oast diff --git a/weapons/bountyplz.yaml b/weapons/bountyplz.yaml index 53bccfe..e13ec03 100644 --- a/weapons/bountyplz.yaml +++ b/weapons/bountyplz.yaml @@ -4,10 +4,11 @@ description: 'Automated security reporting from markdown templates (HackerOne an Bugcrowd are currently the platforms supported) ' url: https://github.com/fransr/bountyplz category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Shell +tags: +- report diff --git a/weapons/burl.yaml b/weapons/burl.yaml index d7131fb..c0bf48e 100644 --- a/weapons/burl.yaml +++ b/weapons/burl.yaml @@ -3,10 +3,11 @@ name: burl description: 'A Broken-URL Checker ' url: https://github.com/tomnomnom/burl category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- url diff --git a/weapons/burp-exporter.yaml b/weapons/burp-exporter.yaml index 86f58f8..48a2bbb 100644 --- a/weapons/burp-exporter.yaml +++ b/weapons/burp-exporter.yaml @@ -3,8 +3,10 @@ name: burp-exporter description: url: https://github.com/artssec/burp-exporter category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/burp-piper.yaml b/weapons/burp-piper.yaml index 0926a13..90ebc92 100644 --- a/weapons/burp-piper.yaml +++ b/weapons/burp-piper.yaml @@ -3,8 +3,10 @@ name: burp-piper description: url: https://github.com/silentsignal/burp-piper category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Kotlin tags: [] diff --git a/weapons/burp-retire-js.yaml b/weapons/burp-retire-js.yaml index 4a06a03..7390d28 100644 --- a/weapons/burp-retire-js.yaml +++ b/weapons/burp-retire-js.yaml @@ -3,9 +3,10 @@ name: burp-retire-js description: url: https://github.com/h3xstream/burp-retire-js category: tool-addon -type: +type: Recon platform: -- burpsuite -- zap -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/burp-send-to.yaml b/weapons/burp-send-to.yaml index fc30cd9..4607176 100644 --- a/weapons/burp-send-to.yaml +++ b/weapons/burp-send-to.yaml @@ -3,8 +3,10 @@ name: burp-send-to description: url: https://github.com/bytebutcher/burp-send-to category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/c-jwt-cracker.yaml b/weapons/c-jwt-cracker.yaml index a0ceb03..3f7d4a2 100644 --- a/weapons/c-jwt-cracker.yaml +++ b/weapons/c-jwt-cracker.yaml @@ -3,10 +3,11 @@ name: c-jwt-cracker description: 'JWT brute force cracker written in C ' url: https://github.com/brendan-rius/c-jwt-cracker category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: C +tags: +- jwt diff --git a/weapons/can-i-take-over-xyz.yaml b/weapons/can-i-take-over-xyz.yaml index f981da2..3ab8019 100644 --- a/weapons/can-i-take-over-xyz.yaml +++ b/weapons/can-i-take-over-xyz.yaml @@ -4,10 +4,10 @@ description: '"Can I take over XYZ?" — a list of services and how to claim (su with dangling DNS records.' url: https://github.com/EdOverflow/can-i-take-over-xyz category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: 'null' tags: [] diff --git a/weapons/cariddi.yaml b/weapons/cariddi.yaml index 0f95d91..e693b4e 100644 --- a/weapons/cariddi.yaml +++ b/weapons/cariddi.yaml @@ -4,10 +4,10 @@ description: Take a list of domains and scan for endpoints, secrets, api keys, f extensions, tokens and more... url: https://github.com/edoardottt/cariddi category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/cc.py.yaml b/weapons/cc.py.yaml index c5ef3c3..7292da4 100644 --- a/weapons/cc.py.yaml +++ b/weapons/cc.py.yaml @@ -3,10 +3,10 @@ name: cc.py description: 'Extracting URLs of a specific target based on the results of "commoncrawl.org" ' url: https://github.com/si9int/cc.py category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/cf-check.yaml b/weapons/cf-check.yaml index 837cc83..a78e462 100644 --- a/weapons/cf-check.yaml +++ b/weapons/cf-check.yaml @@ -3,10 +3,10 @@ name: cf-check description: 'Cloudflare Checker written in Go ' url: https://github.com/dwisiswant0/cf-check category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/chaos-client.yaml b/weapons/chaos-client.yaml index 055bda0..d8740b2 100644 --- a/weapons/chaos-client.yaml +++ b/weapons/chaos-client.yaml @@ -3,10 +3,10 @@ name: chaos-client description: 'Go client to communicate with Chaos DNS API. ' url: https://github.com/projectdiscovery/chaos-client category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/clear-cache.yaml b/weapons/clear-cache.yaml index 6d9f6d2..c363f3f 100644 --- a/weapons/clear-cache.yaml +++ b/weapons/clear-cache.yaml @@ -3,8 +3,10 @@ name: clear-cache description: Add-on to clear browser cache with a single click or via the F9 key. url: https://github.com/TenSoja/clear-cache category: browser-addon -type: +type: Utils platform: -- firefox -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/collaborator-everywhere.yaml b/weapons/collaborator-everywhere.yaml index 9a9e5c1..382d571 100644 --- a/weapons/collaborator-everywhere.yaml +++ b/weapons/collaborator-everywhere.yaml @@ -3,8 +3,10 @@ name: collaborator-everywhere description: url: https://github.com/PortSwigger/collaborator-everywhere category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/commix.yaml b/weapons/commix.yaml index 98a18ae..34f11c8 100644 --- a/weapons/commix.yaml +++ b/weapons/commix.yaml @@ -3,10 +3,10 @@ name: commix description: Automated All-in-One OS Command Injection Exploitation Tool. url: https://github.com/commixproject/commix category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/community-scripts.yaml b/weapons/community-scripts.yaml index 3a1eb50..cc4e226 100644 --- a/weapons/community-scripts.yaml +++ b/weapons/community-scripts.yaml @@ -3,8 +3,10 @@ name: community-scripts description: url: https://github.com/zaproxy/community-scripts category: tool-addon -type: +type: Utils platform: -- zap -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/confused.yaml b/weapons/confused.yaml index 8461021..645690a 100644 --- a/weapons/confused.yaml +++ b/weapons/confused.yaml @@ -4,10 +4,10 @@ description: Tool to check for dependency confusion vulnerabilities in multiple management systems url: https://github.com/visma-prodsec/confused category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/cookie-quick-manager.yaml b/weapons/cookie-quick-manager.yaml index 906837d..613811e 100644 --- a/weapons/cookie-quick-manager.yaml +++ b/weapons/cookie-quick-manager.yaml @@ -4,8 +4,10 @@ description: An addon to manage (view, search, create, edit, remove, backup, res cookies on Firefox. url: https://github.com/ysard/cookie-quick-manager category: browser-addon -type: +type: Utils platform: -- firefox -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/corsair_scan.yaml b/weapons/corsair_scan.yaml index b1a1a32..47c8e76 100644 --- a/weapons/corsair_scan.yaml +++ b/weapons/corsair_scan.yaml @@ -4,10 +4,10 @@ description: Corsair_scan is a security tool to test Cross-Origin Resource Shari (CORS). url: https://github.com/Santandersecurityresearch/corsair_scan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/crawlergo.yaml b/weapons/crawlergo.yaml index 7b7000b..fd53276 100644 --- a/weapons/crawlergo.yaml +++ b/weapons/crawlergo.yaml @@ -3,10 +3,10 @@ name: crawlergo description: A powerful browser crawler for web vulnerability scanners url: https://github.com/Qianlitp/crawlergo category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/crlfuzz.yaml b/weapons/crlfuzz.yaml index 85596ed..ebe5968 100644 --- a/weapons/crlfuzz.yaml +++ b/weapons/crlfuzz.yaml @@ -3,10 +3,10 @@ name: crlfuzz description: 'A fast tool to scan CRLF vulnerability written in Go ' url: https://github.com/dwisiswant0/crlfuzz category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/csp-auditor.yaml b/weapons/csp-auditor.yaml index a1cf30a..d31177c 100644 --- a/weapons/csp-auditor.yaml +++ b/weapons/csp-auditor.yaml @@ -3,9 +3,11 @@ name: csp-auditor description: url: https://github.com/GoSecure/csp-auditor category: tool-addon -type: +type: Scanner platform: -- burpsuite -- zap -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- csp diff --git a/weapons/curl.yaml b/weapons/curl.yaml index 1ef1392..6522bf0 100644 --- a/weapons/curl.yaml +++ b/weapons/curl.yaml @@ -6,7 +6,10 @@ description: A command line tool and library for transferring data with URL synt features url: https://github.com/curl/curl category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: C tags: [] diff --git a/weapons/dalfox.yaml b/weapons/dalfox.yaml index 30a0652..405ab23 100644 --- a/weapons/dalfox.yaml +++ b/weapons/dalfox.yaml @@ -4,10 +4,11 @@ description: "\U0001F318\U0001F98A DalFox(Finder Of XSS) / Parameter Analysis an XSS Scanning tool based on golang " url: https://github.com/hahwul/dalfox category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- xss diff --git a/weapons/dirsearch.yaml b/weapons/dirsearch.yaml index 8e50b90..ad7de1c 100644 --- a/weapons/dirsearch.yaml +++ b/weapons/dirsearch.yaml @@ -3,10 +3,10 @@ name: dirsearch description: 'Web path scanner ' url: https://github.com/maurosoria/dirsearch category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/ditto.yaml b/weapons/ditto.yaml index 9116adb..0a0d956 100644 --- a/weapons/ditto.yaml +++ b/weapons/ditto.yaml @@ -3,7 +3,10 @@ name: ditto description: A tool for IDN homograph attacks and detection. url: https://github.com/evilsocket/ditto category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/dmut.yaml b/weapons/dmut.yaml index f445d70..1681f22 100644 --- a/weapons/dmut.yaml +++ b/weapons/dmut.yaml @@ -4,7 +4,11 @@ description: A tool to perform permutations, mutations and alteration of subdoma in golang. url: https://github.com/bp0lr/dmut category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/dnsobserver.yaml b/weapons/dnsobserver.yaml index dee816c..d298db4 100644 --- a/weapons/dnsobserver.yaml +++ b/weapons/dnsobserver.yaml @@ -5,7 +5,12 @@ description: 'A handy DNS service written in Go to aid in the detection of sever DNS interactions and sends lookup notifications via Slack. ' url: https://github.com/allyomalley/dnsobserver category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go +tags: +- oast +- dns diff --git a/weapons/dnsprobe.yaml b/weapons/dnsprobe.yaml index 74cd7ef..f633ae3 100644 --- a/weapons/dnsprobe.yaml +++ b/weapons/dnsprobe.yaml @@ -4,10 +4,11 @@ description: 'DNSProb (beta) is a tool built on top of retryabledns that allows to perform multiple dns queries of your choice with a list of user supplied resolvers. ' url: https://github.com/projectdiscovery/dnsprobe category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- dns diff --git a/weapons/dnsvalidator.yaml b/weapons/dnsvalidator.yaml index 450e2f1..b4bcdd0 100644 --- a/weapons/dnsvalidator.yaml +++ b/weapons/dnsvalidator.yaml @@ -4,7 +4,11 @@ description: Maintains a list of IPv4 DNS servers by verifying them against base servers, and ensuring accurate responses. url: https://github.com/vortexau/dnsvalidator category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python +tags: +- dns diff --git a/weapons/dnsx.yaml b/weapons/dnsx.yaml index d3f83f3..462b779 100644 --- a/weapons/dnsx.yaml +++ b/weapons/dnsx.yaml @@ -4,7 +4,11 @@ description: dnsx is a fast and multi-purpose DNS toolkit allow to run multiple queries of your choice with a list of user-supplied resolvers. url: https://github.com/projectdiscovery/dnsx category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- dns diff --git a/weapons/docem.yaml b/weapons/docem.yaml index 06086de..aa599dc 100644 --- a/weapons/docem.yaml +++ b/weapons/docem.yaml @@ -4,7 +4,12 @@ description: Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE steroids) url: https://github.com/whitel1st/docem category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python +tags: +- xxe +- xss diff --git a/weapons/domdig.yaml b/weapons/domdig.yaml index 34b93a6..9b67bc5 100644 --- a/weapons/domdig.yaml +++ b/weapons/domdig.yaml @@ -3,10 +3,11 @@ name: domdig description: 'DOM XSS scanner for Single Page Applications ' url: https://github.com/fcavallarin/domdig category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: JavaScript +tags: +- xss diff --git a/weapons/dontgo403.yaml b/weapons/dontgo403.yaml index f9c2d76..014a3ec 100644 --- a/weapons/dontgo403.yaml +++ b/weapons/dontgo403.yaml @@ -3,7 +3,11 @@ name: dontgo403 description: Tool to bypass 40X response codes. url: https://github.com/devploit/dontgo403 category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go +tags: +- 403 diff --git a/weapons/dotdotpwn.yaml b/weapons/dotdotpwn.yaml index 567ef35..4c7fa2f 100644 --- a/weapons/dotdotpwn.yaml +++ b/weapons/dotdotpwn.yaml @@ -3,10 +3,10 @@ name: dotdotpwn description: 'DotDotPwn - The Directory Traversal Fuzzer ' url: https://github.com/wireghoul/dotdotpwn category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Perl tags: [] diff --git a/weapons/eval_villain.yaml b/weapons/eval_villain.yaml index f18161e..a78e5f2 100644 --- a/weapons/eval_villain.yaml +++ b/weapons/eval_villain.yaml @@ -3,8 +3,11 @@ name: eval_villain description: A Firefox Web Extension to improve the discovery of DOM XSS. url: https://github.com/swoops/eval_villain category: browser-addon -type: +type: Utils platform: -- firefox -lang: [] -tags: [] +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/ezXSS.yaml b/weapons/ezXSS.yaml index 516912c..d8ee884 100644 --- a/weapons/ezXSS.yaml +++ b/weapons/ezXSS.yaml @@ -4,10 +4,11 @@ description: 'ezXSS is an easy way for penetration testers and bug bounty hunter to test (blind) Cross Site Scripting. ' url: https://github.com/ssl/ezXSS category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: PHP +tags: +- xss diff --git a/weapons/femida.yaml b/weapons/femida.yaml index 247db74..86eafff 100644 --- a/weapons/femida.yaml +++ b/weapons/femida.yaml @@ -3,8 +3,10 @@ name: femida description: url: https://github.com/wish-i-was/femida category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/feroxbuster.yaml b/weapons/feroxbuster.yaml index ff682f2..9a09909 100644 --- a/weapons/feroxbuster.yaml +++ b/weapons/feroxbuster.yaml @@ -3,7 +3,10 @@ name: feroxbuster description: A fast, simple, recursive content discovery tool written in Rust. url: https://github.com/epi052/feroxbuster category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/ffuf.yaml b/weapons/ffuf.yaml index 5483a73..a77803b 100644 --- a/weapons/ffuf.yaml +++ b/weapons/ffuf.yaml @@ -3,10 +3,10 @@ name: ffuf description: 'Fast web fuzzer written in Go ' url: https://github.com/ffuf/ffuf category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/fhc.yaml b/weapons/fhc.yaml index 13872f7..d2ecdf5 100644 --- a/weapons/fhc.yaml +++ b/weapons/fhc.yaml @@ -3,7 +3,10 @@ name: fhc description: Fast HTTP Checker. url: https://github.com/Edu4rdSHL/fhc category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/findom-xss.yaml b/weapons/findom-xss.yaml index 834bbe8..1371683 100644 --- a/weapons/findom-xss.yaml +++ b/weapons/findom-xss.yaml @@ -3,10 +3,11 @@ name: findom-xss description: 'A fast DOM based XSS vulnerability scanner with simplicity. ' url: https://github.com/dwisiswant0/findom-xss category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Shell +tags: +- xss diff --git a/weapons/findomain.yaml b/weapons/findomain.yaml index 8cfedfd..638900b 100644 --- a/weapons/findomain.yaml +++ b/weapons/findomain.yaml @@ -4,10 +4,11 @@ description: 'The fastest and cross-platform subdomain enumerator, do not waste time. ' url: https://github.com/Edu4rdSHL/findomain category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Rust +tags: +- subdomains diff --git a/weapons/fockcache.yaml b/weapons/fockcache.yaml index 9b4e5d0..b816e54 100644 --- a/weapons/fockcache.yaml +++ b/weapons/fockcache.yaml @@ -3,7 +3,10 @@ name: fockcache description: FockCache - Minimalized Test Cache Poisoning url: https://github.com/tismayil/fockcache category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/fuzzparam.yaml b/weapons/fuzzparam.yaml index e583bc2..b88bd0b 100644 --- a/weapons/fuzzparam.yaml +++ b/weapons/fuzzparam.yaml @@ -3,7 +3,10 @@ name: fuzzparam description: A fast go based param miner to fuzz possible parameters a URL can have. url: https://github.com/0xsapra/fuzzparam category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/fzf.yaml b/weapons/fzf.yaml index c71d013..0050443 100644 --- a/weapons/fzf.yaml +++ b/weapons/fzf.yaml @@ -3,10 +3,10 @@ name: fzf description: A command-line fuzzy finder url: https://github.com/junegunn/fzf category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gau.yaml b/weapons/gau.yaml index 2c8b5a8..d4ca1e0 100644 --- a/weapons/gau.yaml +++ b/weapons/gau.yaml @@ -4,10 +4,10 @@ description: Fetch known URLs from AlienVault's Open Threat Exchange, the Waybac Machine, and Common Crawl. url: https://github.com/lc/gau category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gauplus.yaml b/weapons/gauplus.yaml index 06a61ae..d9d1d66 100644 --- a/weapons/gauplus.yaml +++ b/weapons/gauplus.yaml @@ -4,7 +4,10 @@ description: A modified version of gau for personal usage. Support workers, prox and some extra things. url: https://github.com/bp0lr/gauplus category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gee.yaml b/weapons/gee.yaml index eef84c0..47c2a55 100644 --- a/weapons/gee.yaml +++ b/weapons/gee.yaml @@ -5,7 +5,10 @@ description: "\U0001F3F5 Gee is tool of stdin to each files and stdout. It is si was written as go" url: https://github.com/hahwul/gee category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/getJS.yaml b/weapons/getJS.yaml index 78bfa67..46a02de 100644 --- a/weapons/getJS.yaml +++ b/weapons/getJS.yaml @@ -3,7 +3,10 @@ name: getJS description: A tool to fastly get all javascript sources/files url: https://github.com/003random/getJS category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gf.yaml b/weapons/gf.yaml index 43626a6..fa305ab 100644 --- a/weapons/gf.yaml +++ b/weapons/gf.yaml @@ -3,10 +3,10 @@ name: gf description: 'A wrapper around grep, to help you grep for things ' url: https://github.com/tomnomnom/gf category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gitGraber.yaml b/weapons/gitGraber.yaml index 399384f..4b14166 100644 --- a/weapons/gitGraber.yaml +++ b/weapons/gitGraber.yaml @@ -3,10 +3,10 @@ name: gitGraber description: 'gitGraber ' url: https://github.com/hisxo/gitGraber category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/github-endpoints.yaml b/weapons/github-endpoints.yaml index d46f5f4..33134cd 100644 --- a/weapons/github-endpoints.yaml +++ b/weapons/github-endpoints.yaml @@ -3,7 +3,10 @@ name: github-endpoints description: Find endpoints on GitHub. url: https://github.com/gwen001/github-endpoints category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/github-regexp.yaml b/weapons/github-regexp.yaml index 49655e4..cbbf1f6 100644 --- a/weapons/github-regexp.yaml +++ b/weapons/github-regexp.yaml @@ -3,7 +3,10 @@ name: github-regexp description: Basically a regexp over a GitHub search. url: https://github.com/gwen001/github-regexp category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/github-search.yaml b/weapons/github-search.yaml index fbf5f03..8bc6f49 100644 --- a/weapons/github-search.yaml +++ b/weapons/github-search.yaml @@ -3,10 +3,10 @@ name: github-search description: 'Tools to perform basic search on GitHub. ' url: https://github.com/gwen001/github-search category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: JavaScript tags: [] diff --git a/weapons/github-subdomains.yaml b/weapons/github-subdomains.yaml index 6e9031a..7cf0df3 100644 --- a/weapons/github-subdomains.yaml +++ b/weapons/github-subdomains.yaml @@ -3,7 +3,10 @@ name: github-subdomains description: Find subdomains on GitHub url: https://github.com/gwen001/github-subdomains category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gitleaks.yaml b/weapons/gitleaks.yaml index fd1cc78..b331263 100644 --- a/weapons/gitleaks.yaml +++ b/weapons/gitleaks.yaml @@ -3,7 +3,10 @@ name: gitleaks description: "Scan git repos (or files) for secrets using regex and entropy \U0001F511" url: https://github.com/zricethezav/gitleaks category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gitls.yaml b/weapons/gitls.yaml index 4fea465..00860df 100644 --- a/weapons/gitls.yaml +++ b/weapons/gitls.yaml @@ -3,7 +3,10 @@ name: gitls description: Listing git repository from URL/User/Org url: https://github.com/hahwul/gitls category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gitrob.yaml b/weapons/gitrob.yaml index ee6b984..443232b 100644 --- a/weapons/gitrob.yaml +++ b/weapons/gitrob.yaml @@ -3,10 +3,10 @@ name: gitrob description: 'Reconnaissance tool for GitHub organizations ' url: https://github.com/michenriksen/gitrob category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/go-dork.yaml b/weapons/go-dork.yaml index 866316b..0330463 100644 --- a/weapons/go-dork.yaml +++ b/weapons/go-dork.yaml @@ -3,10 +3,10 @@ name: go-dork description: 'The fastest dork scanner written in Go. ' url: https://github.com/dwisiswant0/go-dork category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gobuster.yaml b/weapons/gobuster.yaml index b20c48e..6dd2c11 100644 --- a/weapons/gobuster.yaml +++ b/weapons/gobuster.yaml @@ -3,10 +3,10 @@ name: gobuster description: 'Directory/File, DNS and VHost busting tool written in Go ' url: https://github.com/OJ/gobuster category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gospider.yaml b/weapons/gospider.yaml index f3902f4..7739129 100644 --- a/weapons/gospider.yaml +++ b/weapons/gospider.yaml @@ -3,10 +3,10 @@ name: gospider description: 'Gospider - Fast web spider written in Go ' url: https://github.com/jaeles-project/gospider category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/gotator.yaml b/weapons/gotator.yaml index 34d243b..e926c1e 100644 --- a/weapons/gotator.yaml +++ b/weapons/gotator.yaml @@ -3,7 +3,10 @@ name: gotator description: Gotator is a tool to generate DNS wordlists through permutations. url: https://github.com/Josue87/gotator category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gotestwaf.yaml b/weapons/gotestwaf.yaml index 54cb25f..162db21 100644 --- a/weapons/gotestwaf.yaml +++ b/weapons/gotestwaf.yaml @@ -4,7 +4,10 @@ description: An open-source project in Golang to test different web application (WAF) for detection logic and bypasses url: https://github.com/wallarm/gotestwaf category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/gowitness.yaml b/weapons/gowitness.yaml index c857848..1953f8c 100644 --- a/weapons/gowitness.yaml +++ b/weapons/gowitness.yaml @@ -4,10 +4,10 @@ description: "\U0001F50D gowitness - a golang, web screenshot utility using Chro Headless " url: https://github.com/sensepost/gowitness category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/graphql-voyager.yaml b/weapons/graphql-voyager.yaml index 286a1cb..cc88d6d 100644 --- a/weapons/graphql-voyager.yaml +++ b/weapons/graphql-voyager.yaml @@ -3,10 +3,10 @@ name: graphql-voyager description: "\U0001F6F0️ Represent any GraphQL API as an interactive graph " url: https://github.com/APIs-guru/graphql-voyager category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Typescript tags: [] diff --git a/weapons/grc.yaml b/weapons/grc.yaml index 02c56e6..7a7946a 100644 --- a/weapons/grc.yaml +++ b/weapons/grc.yaml @@ -3,7 +3,10 @@ name: grc description: generic colouriser url: https://github.com/garabik/grc category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/grex.yaml b/weapons/grex.yaml index 29b4bba..515a061 100644 --- a/weapons/grex.yaml +++ b/weapons/grex.yaml @@ -4,7 +4,10 @@ description: A command-line tool and library for generating regular expressions user-provided test cases url: https://github.com/pemistahl/grex category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/gron.yaml b/weapons/gron.yaml index fbb0593..4364d46 100644 --- a/weapons/gron.yaml +++ b/weapons/gron.yaml @@ -3,10 +3,10 @@ name: gron description: 'Make JSON greppable! ' url: https://github.com/tomnomnom/gron category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/h2csmuggler.yaml b/weapons/h2csmuggler.yaml index 3aa2995..67b4834 100644 --- a/weapons/h2csmuggler.yaml +++ b/weapons/h2csmuggler.yaml @@ -3,10 +3,10 @@ name: h2csmuggler description: HTTP Request Smuggling Detection Tool url: https://github.com/assetnote/h2csmuggler category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hacks.yaml b/weapons/hacks.yaml index 6d8d328..593297e 100644 --- a/weapons/hacks.yaml +++ b/weapons/hacks.yaml @@ -3,10 +3,10 @@ name: hacks description: 'A collection of hacks and one-off scripts ' url: https://github.com/tomnomnom/hacks category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hakcheckurl.yaml b/weapons/hakcheckurl.yaml index 3ecb07a..8eecb9c 100644 --- a/weapons/hakcheckurl.yaml +++ b/weapons/hakcheckurl.yaml @@ -3,7 +3,10 @@ name: hakcheckurl description: Takes a list of URLs and returns their HTTP response codes url: https://github.com/hakluke/hakcheckurl category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/hakrawler.yaml b/weapons/hakrawler.yaml index 19e7c5a..6681319 100644 --- a/weapons/hakrawler.yaml +++ b/weapons/hakrawler.yaml @@ -4,10 +4,10 @@ description: 'Simple, fast web crawler designed for easy, quick discovery of end and assets within a web application ' url: https://github.com/hakluke/hakrawler category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hakrevdns.yaml b/weapons/hakrevdns.yaml index eb70eec..37d4578 100644 --- a/weapons/hakrevdns.yaml +++ b/weapons/hakrevdns.yaml @@ -3,10 +3,10 @@ name: hakrevdns description: 'Small, fast tool for performing reverse DNS lookups en masse. ' url: https://github.com/hakluke/hakrevdns category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/haktrails.yaml b/weapons/haktrails.yaml index 53cfe86..5f553da 100644 --- a/weapons/haktrails.yaml +++ b/weapons/haktrails.yaml @@ -3,7 +3,10 @@ name: haktrails description: Golang client for querying SecurityTrails API data url: https://github.com/hakluke/haktrails category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/hashcat.yaml b/weapons/hashcat.yaml index 28e6099..9555943 100644 --- a/weapons/hashcat.yaml +++ b/weapons/hashcat.yaml @@ -3,7 +3,10 @@ name: hashcat description: 'World''s fastest and most advanced password recovery utility ' url: https://github.com/hashcat/hashcat/ category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: C tags: [] diff --git a/weapons/headi.yaml b/weapons/headi.yaml index 70e550f..4af14d4 100644 --- a/weapons/headi.yaml +++ b/weapons/headi.yaml @@ -3,7 +3,10 @@ name: headi description: Customisable and automated HTTP header injection url: https://github.com/mlcsec/headi category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/hetty.yaml b/weapons/hetty.yaml index 65ef483..02ff272 100644 --- a/weapons/hetty.yaml +++ b/weapons/hetty.yaml @@ -5,10 +5,10 @@ description: Hetty is an HTTP toolkit for security research. It aims to become a features tailored to the needs of the infosec and bug bounty community. url: https://github.com/dstotijn/hetty category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hinject.yaml b/weapons/hinject.yaml index f95b7a5..38c0a28 100644 --- a/weapons/hinject.yaml +++ b/weapons/hinject.yaml @@ -3,10 +3,10 @@ name: hinject description: 'Host Header Injection Checker ' url: https://github.com/dwisiswant0/hinject category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/htcat.yaml b/weapons/htcat.yaml index 89e6c39..11ae040 100644 --- a/weapons/htcat.yaml +++ b/weapons/htcat.yaml @@ -3,10 +3,10 @@ name: htcat description: 'Parallel and Pipelined HTTP GET Utility ' url: https://github.com/htcat/htcat category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/http-request-smuggler.yaml b/weapons/http-request-smuggler.yaml index 4b5d09f..94e346e 100644 --- a/weapons/http-request-smuggler.yaml +++ b/weapons/http-request-smuggler.yaml @@ -3,8 +3,10 @@ name: http-request-smuggler description: url: https://github.com/PortSwigger/http-request-smuggler category: tool-addon -type: +type: Scanner platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/http-request-smuggling.yaml b/weapons/http-request-smuggling.yaml index dd63c11..a46cee8 100644 --- a/weapons/http-request-smuggling.yaml +++ b/weapons/http-request-smuggling.yaml @@ -3,7 +3,10 @@ name: http-request-smuggling description: HTTP Request Smuggling Detection Tool url: https://github.com/anshumanpattnaik/http-request-smuggling category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/http-script-generator.yaml b/weapons/http-script-generator.yaml index 5a20a45..1df0d12 100644 --- a/weapons/http-script-generator.yaml +++ b/weapons/http-script-generator.yaml @@ -3,9 +3,10 @@ name: http-script-generator description: url: https://github.com/h3xstream/http-script-generator category: tool-addon -type: +type: Utils platform: -- burpsuite -- zap -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/http2smugl.yaml b/weapons/http2smugl.yaml index be67019..3eab091 100644 --- a/weapons/http2smugl.yaml +++ b/weapons/http2smugl.yaml @@ -4,7 +4,10 @@ description: This tool helps to detect and exploit HTTP request smuggling in cas it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. url: https://github.com/neex/http2smugl category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/httpie.yaml b/weapons/httpie.yaml index eb4784a..1c30cb7 100644 --- a/weapons/httpie.yaml +++ b/weapons/httpie.yaml @@ -5,7 +5,10 @@ description: "As easy as /aitch-tee-tee-pie/ \U0001F967 Modern, user-friendly co & more. https://twitter.com/httpie" url: https://github.com/httpie/httpie category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/httprobe.yaml b/weapons/httprobe.yaml index 911f3f3..c1c8f81 100644 --- a/weapons/httprobe.yaml +++ b/weapons/httprobe.yaml @@ -3,10 +3,10 @@ name: httprobe description: 'Take a list of domains and probe for working HTTP and HTTPS servers ' url: https://github.com/tomnomnom/httprobe category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/httptoolkit.yaml b/weapons/httptoolkit.yaml index eb49a6e..102dc6d 100644 --- a/weapons/httptoolkit.yaml +++ b/weapons/httptoolkit.yaml @@ -4,7 +4,10 @@ description: HTTP Toolkit is a beautiful & open-source tool for debugging, testi and building with HTTP(S) on Windows, Linux & Mac url: https://github.com/httptoolkit/httptoolkit category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: 'null' tags: [] diff --git a/weapons/httpx.yaml b/weapons/httpx.yaml index 1ce18cc..dd3cab6 100644 --- a/weapons/httpx.yaml +++ b/weapons/httpx.yaml @@ -5,10 +5,10 @@ description: 'httpx is a fast and multi-purpose HTTP toolkit allow to run multip with increased threads. ' url: https://github.com/projectdiscovery/httpx category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/hurl.yaml b/weapons/hurl.yaml index c5e6bd5..7bb4a36 100644 --- a/weapons/hurl.yaml +++ b/weapons/hurl.yaml @@ -3,7 +3,10 @@ name: hurl description: Hurl, run and test HTTP requests. url: https://github.com/Orange-OpenSource/hurl category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/inql.yaml b/weapons/inql.yaml index 6cc1788..9965e27 100644 --- a/weapons/inql.yaml +++ b/weapons/inql.yaml @@ -3,8 +3,10 @@ name: inql description: url: https://github.com/doyensec/inql category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/interactsh.yaml b/weapons/interactsh.yaml index 2cfbdce..0dc5da4 100644 --- a/weapons/interactsh.yaml +++ b/weapons/interactsh.yaml @@ -3,7 +3,11 @@ name: interactsh description: An OOB interaction gathering server and client library url: https://github.com/projectdiscovery/interactsh category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go +tags: +- oast diff --git a/weapons/intrigue-core.yaml b/weapons/intrigue-core.yaml index b67af7d..1baafc3 100644 --- a/weapons/intrigue-core.yaml +++ b/weapons/intrigue-core.yaml @@ -3,10 +3,10 @@ name: intrigue-core description: 'Discover Your Attack Surface ' url: https://github.com/intrigueio/intrigue-core category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/jaeles.yaml b/weapons/jaeles.yaml index 193161f..d77a008 100644 --- a/weapons/jaeles.yaml +++ b/weapons/jaeles.yaml @@ -3,10 +3,10 @@ name: jaeles description: 'The Swiss Army knife for automated Web Application Testing ' url: https://github.com/jaeles-project/jaeles category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/jsfuck.yaml b/weapons/jsfuck.yaml index 4188b42..0cd137d 100644 --- a/weapons/jsfuck.yaml +++ b/weapons/jsfuck.yaml @@ -3,7 +3,11 @@ name: jsfuck description: Write any JavaScript with 6 Characters url: https://github.com/aemkei/jsfuck category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/jsonwebtoken.github.io.yaml b/weapons/jsonwebtoken.github.io.yaml index f915769..64676ce 100644 --- a/weapons/jsonwebtoken.github.io.yaml +++ b/weapons/jsonwebtoken.github.io.yaml @@ -3,9 +3,11 @@ name: jsonwebtoken.github.io description: JWT En/Decode and Verify url: https://github.com/jsonwebtoken/jsonwebtoken.github.io category: browser-addon -type: +type: Utils platform: -- chrome -- firefox -lang: [] -tags: [] +- linux +- macos +- windows +lang: JavaScript +tags: +- jwt diff --git a/weapons/jsprime.yaml b/weapons/jsprime.yaml index 25a9050..804386d 100644 --- a/weapons/jsprime.yaml +++ b/weapons/jsprime.yaml @@ -3,7 +3,10 @@ name: jsprime description: a javascript static security analysis tool url: https://github.com/dpnishant/jsprime category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/jwt-cracker.yaml b/weapons/jwt-cracker.yaml index 6e3c298..bf056ec 100644 --- a/weapons/jwt-cracker.yaml +++ b/weapons/jwt-cracker.yaml @@ -3,10 +3,11 @@ name: jwt-cracker description: 'Simple HS256 JWT token brute force cracker ' url: https://github.com/lmammino/jwt-cracker category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: JavaScript +tags: +- jwt diff --git a/weapons/jwt-hack.yaml b/weapons/jwt-hack.yaml index 13cce9c..05eadb3 100644 --- a/weapons/jwt-hack.yaml +++ b/weapons/jwt-hack.yaml @@ -4,10 +4,11 @@ description: "\U0001F529 jwt-hack is tool for hacking / security testing to JWT. for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)" url: https://github.com/hahwul/jwt-hack category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- jwt diff --git a/weapons/kiterunner.yaml b/weapons/kiterunner.yaml index 9e61a84..0e784c5 100644 --- a/weapons/kiterunner.yaml +++ b/weapons/kiterunner.yaml @@ -3,7 +3,10 @@ name: kiterunner description: Contextual Content Discovery Tool url: https://github.com/assetnote/kiterunner category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/knife.yaml b/weapons/knife.yaml index fb2808b..c4c55fc 100644 --- a/weapons/knife.yaml +++ b/weapons/knife.yaml @@ -3,8 +3,10 @@ name: knife description: A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅 url: https://github.com/bit4woo/knife category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/knock.yaml b/weapons/knock.yaml index 87cde91..4169f91 100644 --- a/weapons/knock.yaml +++ b/weapons/knock.yaml @@ -3,10 +3,11 @@ name: knock description: 'Knock Subdomain Scan ' url: https://github.com/guelfoweb/knock category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- subdomains diff --git a/weapons/lazyrecon.yaml b/weapons/lazyrecon.yaml index 0752c0d..6c07f0c 100644 --- a/weapons/lazyrecon.yaml +++ b/weapons/lazyrecon.yaml @@ -4,10 +4,10 @@ description: 'This script is intended to automate your reconnaissance process in organized fashion ' url: https://github.com/nahamsec/lazyrecon category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/longtongue.yaml b/weapons/longtongue.yaml index 29ae2c5..aadedcb 100644 --- a/weapons/longtongue.yaml +++ b/weapons/longtongue.yaml @@ -3,7 +3,10 @@ name: longtongue description: Customized Password/Passphrase List inputting Target Info url: https://github.com/edoardottt/longtongue category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/masscan.yaml b/weapons/masscan.yaml index 29ae625..bc9afc3 100644 --- a/weapons/masscan.yaml +++ b/weapons/masscan.yaml @@ -4,10 +4,10 @@ description: 'TCP port scanner, spews SYN packets asynchronously, scanning entir Internet in under 5 minutes. ' url: https://github.com/robertdavidgraham/masscan category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: C tags: [] diff --git a/weapons/medusa.yaml b/weapons/medusa.yaml index 0684780..708714e 100644 --- a/weapons/medusa.yaml +++ b/weapons/medusa.yaml @@ -3,10 +3,10 @@ name: medusa description: 'Fastest recursive HTTP fuzzer, like a Ferrari. ' url: https://github.com/riza/medusa category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/meg.yaml b/weapons/meg.yaml index 49ac20c..f2b6e0e 100644 --- a/weapons/meg.yaml +++ b/weapons/meg.yaml @@ -3,10 +3,10 @@ name: meg description: 'Fetch many paths for many hosts - without killing the hosts ' url: https://github.com/tomnomnom/meg category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/megplus.yaml b/weapons/megplus.yaml index 858468e..90d63b2 100644 --- a/weapons/megplus.yaml +++ b/weapons/megplus.yaml @@ -3,10 +3,10 @@ name: megplus description: 'Automated reconnaissance wrapper — TomNomNom''s meg on steroids. [DEPRECATED] ' url: https://github.com/EdOverflow/megplus category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/naabu.yaml b/weapons/naabu.yaml index 557ed7c..d387fd8 100644 --- a/weapons/naabu.yaml +++ b/weapons/naabu.yaml @@ -5,10 +5,10 @@ description: 'A fast port scanner written in go with focus on reliability and si in bug bounties and pentests ' url: https://github.com/projectdiscovery/naabu category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/nikto.yaml b/weapons/nikto.yaml index 228edd1..ea30071 100644 --- a/weapons/nikto.yaml +++ b/weapons/nikto.yaml @@ -3,10 +3,10 @@ name: nikto description: 'Nikto web server scanner ' url: https://github.com/sullo/nikto category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Perl tags: [] diff --git a/weapons/nmap.yaml b/weapons/nmap.yaml index 08344f4..25ecc60 100644 --- a/weapons/nmap.yaml +++ b/weapons/nmap.yaml @@ -3,9 +3,10 @@ name: nmap description: 'Nmap - the Network Mapper. Github mirror of official SVN repository. ' url: https://github.com/nmap/nmap category: tool -type: +type: Scanner platform: - linux - macos -lang: [] +- windows +lang: C tags: [] diff --git a/weapons/nosqli.yaml b/weapons/nosqli.yaml index 2dab1c8..a75b55b 100644 --- a/weapons/nosqli.yaml +++ b/weapons/nosqli.yaml @@ -3,10 +3,10 @@ name: nosqli description: NoSql Injection CLI tool url: https://github.com/Charlie-belmer/nosqli category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/nuclei.yaml b/weapons/nuclei.yaml index 8aef515..bf185d5 100644 --- a/weapons/nuclei.yaml +++ b/weapons/nuclei.yaml @@ -4,10 +4,10 @@ description: 'Nuclei is a fast tool for configurable targeted scanning based on offering massive extensibility and ease of use. ' url: https://github.com/projectdiscovery/nuclei category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/ob_hacky_slack.yaml b/weapons/ob_hacky_slack.yaml index 6abce65..98bea55 100644 --- a/weapons/ob_hacky_slack.yaml +++ b/weapons/ob_hacky_slack.yaml @@ -3,7 +3,10 @@ name: ob_hacky_slack description: Hacky Slack - a bash script that sends beautiful messages to Slack url: https://github.com/openbridge/ob_hacky_slack category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/owasp-zap-jwt-addon.yaml b/weapons/owasp-zap-jwt-addon.yaml index 8263679..4180238 100644 --- a/weapons/owasp-zap-jwt-addon.yaml +++ b/weapons/owasp-zap-jwt-addon.yaml @@ -3,8 +3,11 @@ name: owasp-zap-jwt-addon description: url: https://github.com/SasanLabs/owasp-zap-jwt-addon category: tool-addon -type: +type: utils platform: -- zap -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- jwt diff --git a/weapons/oxml_xxe.yaml b/weapons/oxml_xxe.yaml index 167c867..6de5dff 100644 --- a/weapons/oxml_xxe.yaml +++ b/weapons/oxml_xxe.yaml @@ -3,10 +3,10 @@ name: oxml_xxe description: 'A tool for embedding XXE/XML exploits into different filetypes ' url: https://github.com/BuffaloWill/oxml_xxe category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/pagodo.yaml b/weapons/pagodo.yaml index 88a1ab3..b421709 100644 --- a/weapons/pagodo.yaml +++ b/weapons/pagodo.yaml @@ -4,7 +4,10 @@ description: pagodo (Passive Google Dork) - Automate Google Hacking Database scr and searching url: https://github.com/opsdisk/pagodo category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/param-miner.yaml b/weapons/param-miner.yaml index b3a4760..282c0d1 100644 --- a/weapons/param-miner.yaml +++ b/weapons/param-miner.yaml @@ -3,8 +3,11 @@ name: param-miner description: url: https://github.com/PortSwigger/param-miner category: tool-addon -type: +type: Fuzzer platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- param diff --git a/weapons/parameth.yaml b/weapons/parameth.yaml index ca72e9e..8962571 100644 --- a/weapons/parameth.yaml +++ b/weapons/parameth.yaml @@ -3,7 +3,10 @@ name: parameth description: This tool can be used to brute discover GET and POST parameters url: https://github.com/maK-/parameth category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/pentest-tools.yaml b/weapons/pentest-tools.yaml index 0f96953..d27cd7b 100644 --- a/weapons/pentest-tools.yaml +++ b/weapons/pentest-tools.yaml @@ -3,10 +3,10 @@ name: pentest-tools description: 'Custom pentesting tools ' url: https://github.com/gwen001/pentest-tools category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/pet.yaml b/weapons/pet.yaml index b326659..85ab444 100644 --- a/weapons/pet.yaml +++ b/weapons/pet.yaml @@ -3,9 +3,10 @@ name: pet description: Simple command-line snippet manager, written in Go. url: https://github.com/knqyf263/pet category: tool -type: +type: Utils platform: - linux - macos -lang: [] +- windows +lang: Go tags: [] diff --git a/weapons/plution.yaml b/weapons/plution.yaml index 0a46894..6dfee2a 100644 --- a/weapons/plution.yaml +++ b/weapons/plution.yaml @@ -3,7 +3,10 @@ name: plution description: Prototype pollution scanner using headless chrome url: https://github.com/raverrr/plution category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/postMessage-tracker.yaml b/weapons/postMessage-tracker.yaml index e41a81a..c02699f 100644 --- a/weapons/postMessage-tracker.yaml +++ b/weapons/postMessage-tracker.yaml @@ -4,8 +4,10 @@ description: A Chrome Extension to track postMessage usage (url, domain and stac both by logging using CORS and also visually as an extension-icon url: https://github.com/fransr/postMessage-tracker category: browser-addon -type: +type: Utils platform: -- chrome -lang: [] +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/ppfuzz.yaml b/weapons/ppfuzz.yaml index 38a943c..22cad9b 100644 --- a/weapons/ppfuzz.yaml +++ b/weapons/ppfuzz.yaml @@ -4,7 +4,10 @@ description: "A fast tool to scan client-side prototype pollution vulnerability in Rust. \U0001F980" url: https://github.com/dwisiswant0/ppfuzz category: tool -type: -platform: [] -lang: [] +type: Fuzzer +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/ppmap.yaml b/weapons/ppmap.yaml index 5d9c111..9efc4da 100644 --- a/weapons/ppmap.yaml +++ b/weapons/ppmap.yaml @@ -4,7 +4,10 @@ description: A scanner/exploitation tool written in GO, which leverages client-s Prototype Pollution to XSS by exploiting known gadgets. url: https://github.com/kleiton0x00/ppmap category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/proxify.yaml b/weapons/proxify.yaml index 105b50b..f3b2d71 100644 --- a/weapons/proxify.yaml +++ b/weapons/proxify.yaml @@ -4,7 +4,10 @@ description: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipul and replay url: https://github.com/projectdiscovery/proxify category: tool -type: -platform: [] -lang: [] +type: Army-Knife +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/puredns.yaml b/weapons/puredns.yaml index 9cabfb2..1a47c6c 100644 --- a/weapons/puredns.yaml +++ b/weapons/puredns.yaml @@ -4,7 +4,10 @@ description: Puredns is a fast domain resolver and subdomain bruteforcing tool t can accurately filter out wildcard subdomains and DNS poisoned entries. url: https://github.com/d3mondev/puredns category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/pwncat.yaml b/weapons/pwncat.yaml index 26245e5..584b3fe 100644 --- a/weapons/pwncat.yaml +++ b/weapons/pwncat.yaml @@ -5,9 +5,10 @@ description: 'pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind a with Python (PSE) ' url: https://github.com/cytopia/pwncat category: tool -type: +type: Utils platform: - linux - macos -lang: [] +- windows +lang: Shell tags: [] diff --git a/weapons/qsreplace.yaml b/weapons/qsreplace.yaml index 17ab3ae..6c97253 100644 --- a/weapons/qsreplace.yaml +++ b/weapons/qsreplace.yaml @@ -4,10 +4,10 @@ description: 'Accept URLs on stdin, replace all query string values with a user- value ' url: https://github.com/tomnomnom/qsreplace category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/quickjack.yaml b/weapons/quickjack.yaml index b408483..1635584 100644 --- a/weapons/quickjack.yaml +++ b/weapons/quickjack.yaml @@ -4,7 +4,10 @@ description: Quickjack is a point-and-click tool for intuitively producing advan clickjacking and frame slicing attacks. url: https://github.com/samyk/quickjack category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/rapidscan.yaml b/weapons/rapidscan.yaml index 4cae278..b06aa8d 100644 --- a/weapons/rapidscan.yaml +++ b/weapons/rapidscan.yaml @@ -3,10 +3,10 @@ name: rapidscan description: 'The Multi-Tool Web Vulnerability Scanner. ' url: https://github.com/skavngr/rapidscan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/recon_profile.yaml b/weapons/recon_profile.yaml index 18e12fb..35957ea 100644 --- a/weapons/recon_profile.yaml +++ b/weapons/recon_profile.yaml @@ -3,10 +3,10 @@ name: recon_profile description: 'Recon profile (bash profile) for bugbounty ' url: https://github.com/nahamsec/recon_profile category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/reconftw.yaml b/weapons/reconftw.yaml index b3c80a6..3cced26 100644 --- a/weapons/reconftw.yaml +++ b/weapons/reconftw.yaml @@ -4,7 +4,10 @@ description: reconFTW is a tool designed to perform automated recon on a target by running the best set of tools to perform scanning and finding out vulnerabilities url: https://github.com/six2dez/reconftw category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/reflect.yaml b/weapons/reflect.yaml index 756cf38..be422fe 100644 --- a/weapons/reflect.yaml +++ b/weapons/reflect.yaml @@ -1,10 +1,12 @@ --- name: reflect description: -url: https://github.com/TypeError/reflect +url: https://github.com/cak/reflect category: tool-addon -type: +type: Utils platform: -- zap -lang: [] +- linux +- macos +- windows +lang: Kotiln tags: [] diff --git a/weapons/reflected-parameters.yaml b/weapons/reflected-parameters.yaml index f3e9547..acb19b8 100644 --- a/weapons/reflected-parameters.yaml +++ b/weapons/reflected-parameters.yaml @@ -3,8 +3,10 @@ name: reflected-parameters description: url: https://github.com/PortSwigger/reflected-parameters category: tool-addon -type: +type: Recon platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/rengine.yaml b/weapons/rengine.yaml index 2079239..cb29244 100644 --- a/weapons/rengine.yaml +++ b/weapons/rengine.yaml @@ -5,10 +5,10 @@ description: 'reNgine is an automated reconnaissance framework meant for gatheri scan engines, which can be used to scan the websites, endpoints, and gather information. ' url: https://github.com/yogeshojha/rengine category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: JavaScript tags: [] diff --git a/weapons/rusolver.yaml b/weapons/rusolver.yaml index f744407..c86667c 100644 --- a/weapons/rusolver.yaml +++ b/weapons/rusolver.yaml @@ -3,7 +3,11 @@ name: rusolver description: Fast and accurate DNS resolver. url: https://github.com/Edu4rdSHL/rusolver category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust +tags: +- dns diff --git a/weapons/s3reverse.yaml b/weapons/s3reverse.yaml index f41ef4b..297c74e 100644 --- a/weapons/s3reverse.yaml +++ b/weapons/s3reverse.yaml @@ -4,10 +4,11 @@ description: 'The format of various s3 buckets is convert in one format. for bug and security testing. ' url: https://github.com/hahwul/s3reverse category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- s3 diff --git a/weapons/safecopy.yaml b/weapons/safecopy.yaml index 48bded6..b72319b 100644 --- a/weapons/safecopy.yaml +++ b/weapons/safecopy.yaml @@ -3,8 +3,10 @@ name: safecopy description: url: https://github.com/yashrs/safecopy category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/scilla.yaml b/weapons/scilla.yaml index cd4cb49..7df3796 100644 --- a/weapons/scilla.yaml +++ b/weapons/scilla.yaml @@ -4,10 +4,10 @@ description: "\U0001F3F4‍☠️ Information Gathering tool \U0001F3F4‍☠️ enumeration" url: https://github.com/edoardottt/scilla category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/security-crawl-maze.yaml b/weapons/security-crawl-maze.yaml index a075bb4..e5507fb 100644 --- a/weapons/security-crawl-maze.yaml +++ b/weapons/security-crawl-maze.yaml @@ -5,7 +5,10 @@ description: Security Crawl Maze is a comprehensive testbed for web security cra valid HTML document. url: https://github.com/google/security-crawl-maze category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: HTML tags: [] diff --git a/weapons/security-research-pocs.yaml b/weapons/security-research-pocs.yaml index 431eaa1..0562407 100644 --- a/weapons/security-research-pocs.yaml +++ b/weapons/security-research-pocs.yaml @@ -4,7 +4,10 @@ description: Proof-of-concept codes created as part of security research done by Security Team. url: https://github.com/google/security-research-pocs category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: C++ tags: [] diff --git a/weapons/shuffledns.yaml b/weapons/shuffledns.yaml index 9df208a..6579e6c 100644 --- a/weapons/shuffledns.yaml +++ b/weapons/shuffledns.yaml @@ -5,10 +5,10 @@ description: 'shuffleDNS is a wrapper around massdns written in go that allows y with wildcard handling and easy input-output support. ' url: https://github.com/projectdiscovery/shuffledns category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/singularity.yaml b/weapons/singularity.yaml index a9a6d45..5703534 100644 --- a/weapons/singularity.yaml +++ b/weapons/singularity.yaml @@ -3,7 +3,10 @@ name: singularity description: A DNS rebinding attack framework. url: https://github.com/nccgroup/singularity category: tool -type: -platform: [] -lang: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/slackcat.yaml b/weapons/slackcat.yaml index 96eea41..7daa8b5 100644 --- a/weapons/slackcat.yaml +++ b/weapons/slackcat.yaml @@ -3,7 +3,10 @@ name: slackcat description: CLI utility to post files and command output to slack url: https://github.com/bcicen/slackcat category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/smuggler.yaml b/weapons/smuggler.yaml index b70ed28..5146405 100644 --- a/weapons/smuggler.yaml +++ b/weapons/smuggler.yaml @@ -4,10 +4,10 @@ description: 'Smuggler - An HTTP Request Smuggling / Desync testing tool written Python 3 ' url: https://github.com/defparam/smuggler category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/sn0int.yaml b/weapons/sn0int.yaml index 0108586..ca7b5f9 100644 --- a/weapons/sn0int.yaml +++ b/weapons/sn0int.yaml @@ -3,7 +3,10 @@ name: sn0int description: Semi-automatic OSINT framework and package manager url: https://github.com/kpcyrd/sn0int category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/spiderfoot.yaml b/weapons/spiderfoot.yaml index 32ed9a1..331ac1a 100644 --- a/weapons/spiderfoot.yaml +++ b/weapons/spiderfoot.yaml @@ -3,7 +3,10 @@ name: spiderfoot description: SpiderFoot automates OSINT collection so that you can focus on analysis. url: https://github.com/smicallef/spiderfoot category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/sqliv.yaml b/weapons/sqliv.yaml index 663f0cb..96669f9 100644 --- a/weapons/sqliv.yaml +++ b/weapons/sqliv.yaml @@ -3,7 +3,11 @@ name: sqliv description: massive SQL injection vulnerability scanner url: https://github.com/the-robot/sqliv category: tool -type: -platform: [] -lang: [] -tags: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python +tags: +- sqli diff --git a/weapons/sqlmap.yaml b/weapons/sqlmap.yaml index a723383..b2d813c 100644 --- a/weapons/sqlmap.yaml +++ b/weapons/sqlmap.yaml @@ -3,9 +3,10 @@ name: sqlmap description: Automatic SQL injection and database takeover tool url: https://github.com/sqlmapproject/sqlmap category: tool -type: +type: Scanner platform: - linux - macos -lang: [] +- windows +lang: Python tags: [] diff --git a/weapons/ssrf-sheriff.yaml b/weapons/ssrf-sheriff.yaml index e5db311..f0c3d4c 100644 --- a/weapons/ssrf-sheriff.yaml +++ b/weapons/ssrf-sheriff.yaml @@ -3,10 +3,10 @@ name: ssrf-sheriff description: 'A simple SSRF-testing sheriff written in Go ' url: https://github.com/teknogeek/ssrf-sheriff category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/subfinder.yaml b/weapons/subfinder.yaml index 86f148c..ad98aba 100644 --- a/weapons/subfinder.yaml +++ b/weapons/subfinder.yaml @@ -5,10 +5,11 @@ description: 'Subfinder is a subdomain discovery tool that discovers valid subdo safe for penetration testing. ' url: https://github.com/projectdiscovery/subfinder category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/subgen.yaml b/weapons/subgen.yaml index 307ff31..d3ef404 100644 --- a/weapons/subgen.yaml +++ b/weapons/subgen.yaml @@ -4,7 +4,11 @@ description: A really simple utility to concate wordlists to a domain name - to into your favourite resolver! url: https://github.com/pry0cc/subgen category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/subjack.yaml b/weapons/subjack.yaml index d69d5d6..e963899 100644 --- a/weapons/subjack.yaml +++ b/weapons/subjack.yaml @@ -3,10 +3,11 @@ name: subjack description: 'Subdomain Takeover tool written in Go ' url: https://github.com/haccer/subjack category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: Go +tags: +- subdomains diff --git a/weapons/subjs.yaml b/weapons/subjs.yaml index 74101b3..9b15bca 100644 --- a/weapons/subjs.yaml +++ b/weapons/subjs.yaml @@ -3,7 +3,10 @@ name: subjs description: Fetches javascript file from a list of URLS or subdomains. url: https://github.com/lc/subjs category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/subs_all.yaml b/weapons/subs_all.yaml index e348658..97abd17 100644 --- a/weapons/subs_all.yaml +++ b/weapons/subs_all.yaml @@ -3,10 +3,11 @@ name: subs_all description: 'Subdomain Enumeration Wordlist. 8956437 unique words. Updated. ' url: https://github.com/emadshanab/subs_all category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] -tags: [] +lang: 'null' +tags: +- subdomains diff --git a/weapons/subzy.yaml b/weapons/subzy.yaml index fc5f347..4599a77 100644 --- a/weapons/subzy.yaml +++ b/weapons/subzy.yaml @@ -3,7 +3,11 @@ name: subzy description: Subdomain takeover vulnerability checker url: https://github.com/LukaSikic/subzy category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- subdomains diff --git a/weapons/taborator.yaml b/weapons/taborator.yaml index 2ea9860..c24ad65 100644 --- a/weapons/taborator.yaml +++ b/weapons/taborator.yaml @@ -3,8 +3,11 @@ name: taborator description: url: https://github.com/hackvertor/taborator category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] -tags: [] +- linux +- macos +- windows +lang: Java +tags: +- oast diff --git a/weapons/template-generator.yaml b/weapons/template-generator.yaml index 0e46d7f..0b53cf2 100644 --- a/weapons/template-generator.yaml +++ b/weapons/template-generator.yaml @@ -6,10 +6,10 @@ description: 'A simple variable based template editor using handlebarjs+strapdow generate the list of files in the dropdown of templates. ' url: https://github.com/fransr/template-generator category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: JavaScript tags: [] diff --git a/weapons/testssl.sh.yaml b/weapons/testssl.sh.yaml index 6011d62..d754364 100644 --- a/weapons/testssl.sh.yaml +++ b/weapons/testssl.sh.yaml @@ -3,10 +3,10 @@ name: testssl.sh description: 'Testing TLS/SSL encryption anywhere on any port ' url: https://github.com/drwetter/testssl.sh category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Shell tags: [] diff --git a/weapons/thc-hydra.yaml b/weapons/thc-hydra.yaml index 86cfc14..2d8e54a 100644 --- a/weapons/thc-hydra.yaml +++ b/weapons/thc-hydra.yaml @@ -3,10 +3,10 @@ name: thc-hydra description: 'hydra ' url: https://github.com/vanhauser-thc/thc-hydra category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: C tags: [] diff --git a/weapons/tiscripts.yaml b/weapons/tiscripts.yaml index 30f8e97..026fe32 100644 --- a/weapons/tiscripts.yaml +++ b/weapons/tiscripts.yaml @@ -3,7 +3,10 @@ name: tiscripts description: Turbo Intruder Scripts url: https://github.com/defparam/tiscripts category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/tplmap.yaml b/weapons/tplmap.yaml index 967d5ff..fa4ee84 100644 --- a/weapons/tplmap.yaml +++ b/weapons/tplmap.yaml @@ -4,7 +4,10 @@ description: Server-Side Template Injection and Code Injection Detection and Exp Tool url: https://github.com/epinna/tplmap category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/turbo-intruder.yaml b/weapons/turbo-intruder.yaml index d577328..01afe40 100644 --- a/weapons/turbo-intruder.yaml +++ b/weapons/turbo-intruder.yaml @@ -3,8 +3,10 @@ name: turbo-intruder description: url: https://github.com/PortSwigger/turbo-intruder category: tool-addon -type: +type: Utils platform: -- burpsuite -lang: [] +- linux +- macos +- windows +lang: Kotlin tags: [] diff --git a/weapons/uncover.yaml b/weapons/uncover.yaml index c67a74f..ca36ecb 100644 --- a/weapons/uncover.yaml +++ b/weapons/uncover.yaml @@ -4,7 +4,10 @@ description: Quickly discover exposed hosts on the internet using multiple searc engine. url: https://github.com/projectdiscovery/uncover category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/unfurl.yaml b/weapons/unfurl.yaml index f058dcf..0898284 100644 --- a/weapons/unfurl.yaml +++ b/weapons/unfurl.yaml @@ -3,10 +3,10 @@ name: unfurl description: 'Pull out bits of URLs provided on stdin ' url: https://github.com/tomnomnom/unfurl category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/urlgrab.yaml b/weapons/urlgrab.yaml index 51aa54f..7117eda 100644 --- a/weapons/urlgrab.yaml +++ b/weapons/urlgrab.yaml @@ -4,10 +4,10 @@ description: 'A golang utility to spider through a website searching for additio links. ' url: https://github.com/IAmStoxe/urlgrab category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/urlhunter.yaml b/weapons/urlhunter.yaml index 0090924..b91cc0d 100644 --- a/weapons/urlhunter.yaml +++ b/weapons/urlhunter.yaml @@ -4,7 +4,10 @@ description: a recon tool that allows searching on URLs that are exposed via sho services url: https://github.com/utkusen/urlhunter category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/urlprobe.yaml b/weapons/urlprobe.yaml index 752d840..3c55af2 100644 --- a/weapons/urlprobe.yaml +++ b/weapons/urlprobe.yaml @@ -3,10 +3,10 @@ name: urlprobe description: 'Urls status code & content length checker ' url: https://github.com/1ndianl33t/urlprobe category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/uro.yaml b/weapons/uro.yaml index 2f7d1c0..c20b976 100644 --- a/weapons/uro.yaml +++ b/weapons/uro.yaml @@ -3,7 +3,10 @@ name: uro description: declutters url lists for crawling/pentesting url: https://github.com/s0md3v/uro category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Python tags: [] diff --git a/weapons/waybackurls.yaml b/weapons/waybackurls.yaml index 03341e5..45e899d 100644 --- a/weapons/waybackurls.yaml +++ b/weapons/waybackurls.yaml @@ -3,10 +3,10 @@ name: waybackurls description: 'Fetch all the URLs that the Wayback Machine knows about for a domain ' url: https://github.com/tomnomnom/waybackurls category: tool -type: +type: Recon platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/weaponised-XSS-payloads.yaml b/weapons/weaponised-XSS-payloads.yaml index b1bbffd..de563b3 100644 --- a/weapons/weaponised-XSS-payloads.yaml +++ b/weapons/weaponised-XSS-payloads.yaml @@ -3,7 +3,10 @@ name: weaponised-XSS-payloads description: XSS payloads designed to turn alert(1) into P1 url: https://github.com/hakluke/weaponised-XSS-payloads category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/web_cache_poison.yaml b/weapons/web_cache_poison.yaml index 4e0bcd3..d26e98c 100644 --- a/weapons/web_cache_poison.yaml +++ b/weapons/web_cache_poison.yaml @@ -3,7 +3,10 @@ name: web_cache_poison description: web cache poison - Top 1 web hacking technique of 2019 url: https://github.com/fngoo/web_cache_poison category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Shell tags: [] diff --git a/weapons/websocket-connection-smuggler.yaml b/weapons/websocket-connection-smuggler.yaml index 716fdad..04f973a 100644 --- a/weapons/websocket-connection-smuggler.yaml +++ b/weapons/websocket-connection-smuggler.yaml @@ -3,7 +3,10 @@ name: websocket-connection-smuggler description: websocket-connection-smuggler url: https://github.com/hahwul/websocket-connection-smuggler category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/wfuzz.yaml b/weapons/wfuzz.yaml index 8d6e491..2cc9d95 100644 --- a/weapons/wfuzz.yaml +++ b/weapons/wfuzz.yaml @@ -3,10 +3,10 @@ name: wfuzz description: 'Web application fuzzer ' url: https://github.com/xmendez/wfuzz category: tool -type: +type: Fuzzer platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/wprecon.yaml b/weapons/wprecon.yaml index 5bf0152..a2ab933 100644 --- a/weapons/wprecon.yaml +++ b/weapons/wprecon.yaml @@ -4,7 +4,10 @@ description: Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recog tool in CMS Wordpress, 100% developed in Go. url: https://github.com/blackcrw/wprecon category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/wpscan.yaml b/weapons/wpscan.yaml index 7fed8af..4e0268b 100644 --- a/weapons/wpscan.yaml +++ b/weapons/wpscan.yaml @@ -5,10 +5,10 @@ description: 'WPScan is a free, for non-commercial use, black box WordPress Vuln of their WordPress websites. ' url: https://github.com/wpscanteam/wpscan category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Ruby tags: [] diff --git a/weapons/ws-smuggler.yaml b/weapons/ws-smuggler.yaml index 71aaf4e..dca06dc 100644 --- a/weapons/ws-smuggler.yaml +++ b/weapons/ws-smuggler.yaml @@ -3,7 +3,10 @@ name: ws-smuggler description: WebSocket Connection Smuggler url: https://github.com/hahwul/ws-smuggler category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/wssip.yaml b/weapons/wssip.yaml index 4ac33f7..f6f190a 100644 --- a/weapons/wssip.yaml +++ b/weapons/wssip.yaml @@ -4,7 +4,10 @@ description: Application for capturing, modifying and sending custom WebSocket d from client to server and vice versa. url: https://github.com/nccgroup/wssip category: tool -type: -platform: [] -lang: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/wuzz.yaml b/weapons/wuzz.yaml index bf41784..907dad6 100644 --- a/weapons/wuzz.yaml +++ b/weapons/wuzz.yaml @@ -3,10 +3,10 @@ name: wuzz description: 'Interactive cli tool for HTTP inspection ' url: https://github.com/asciimoo/wuzz category: tool -type: +type: Army-Knife platform: - linux - macos - windows -lang: [] +lang: Go tags: [] diff --git a/weapons/x8.yaml b/weapons/x8.yaml index 278ec58..2cf591d 100644 --- a/weapons/x8.yaml +++ b/weapons/x8.yaml @@ -3,7 +3,10 @@ name: x8 description: Hidden parameters discovery suite url: https://github.com/Sh1Yo/x8 category: tool -type: -platform: [] -lang: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Rust tags: [] diff --git a/weapons/xsinator.com.yaml b/weapons/xsinator.com.yaml index e51c54b..3960af9 100644 --- a/weapons/xsinator.com.yaml +++ b/weapons/xsinator.com.yaml @@ -3,7 +3,10 @@ name: xsinator.com description: XS-Leak Browser Test Suite url: https://github.com/RUB-NDS/xsinator.com category: tool -type: -platform: [] -lang: [] +type: Scanner +platform: +- linux +- macos +- windows +lang: JavaScript tags: [] diff --git a/weapons/xss-cheatsheet-data.yaml b/weapons/xss-cheatsheet-data.yaml index 9f9ede0..b8764e4 100644 --- a/weapons/xss-cheatsheet-data.yaml +++ b/weapons/xss-cheatsheet-data.yaml @@ -4,10 +4,11 @@ description: 'This repository contains all the XSS cheatsheet data to allow cont from the community. ' url: https://github.com/PortSwigger/xss-cheatsheet-data category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] -tags: [] +lang: 'null' +tags: +- xss diff --git a/weapons/xsscrapy.yaml b/weapons/xsscrapy.yaml index 2fe0d91..1b1dbd3 100644 --- a/weapons/xsscrapy.yaml +++ b/weapons/xsscrapy.yaml @@ -4,10 +4,11 @@ description: 'XSS/SQLi spider. Give it a URL and it''ll test every link it finds XSS and some SQLi. ' url: https://github.com/DanMcInerney/xsscrapy category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xss diff --git a/weapons/xsser.yaml b/weapons/xsser.yaml index 54c05ec..d6b484d 100644 --- a/weapons/xsser.yaml +++ b/weapons/xsser.yaml @@ -4,10 +4,11 @@ description: 'Cross Site "Scripter" (aka XSSer) is an automatic -framework- to d exploit and report XSS vulnerabilities in web-based applications. ' url: https://github.com/epsylon/xsser category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] -tags: [] +lang: Python +tags: +- xss diff --git a/weapons/xssor2.yaml b/weapons/xssor2.yaml index ddfd33f..cab0da3 100644 --- a/weapons/xssor2.yaml +++ b/weapons/xssor2.yaml @@ -3,7 +3,11 @@ name: xssor2 description: XSS'OR - Hack with JavaScript. url: https://github.com/evilcos/xssor2 category: tool -type: -platform: [] -lang: [] -tags: [] +type: Utils +platform: +- linux +- macos +- windows +lang: JavaScript +tags: +- xss diff --git a/weapons/xxeserv.yaml b/weapons/xxeserv.yaml index 3980b54..0ae0ca3 100644 --- a/weapons/xxeserv.yaml +++ b/weapons/xxeserv.yaml @@ -3,7 +3,10 @@ name: xxeserv description: A mini webserver with FTP support for XXE payloads url: https://github.com/staaldraad/xxeserv category: tool -type: -platform: [] -lang: [] +type: Exploit +platform: +- linux +- macos +- windows +lang: Go tags: [] diff --git a/weapons/ysoserial.net.yaml b/weapons/ysoserial.net.yaml index 473989b..93bbc17 100644 --- a/weapons/ysoserial.net.yaml +++ b/weapons/ysoserial.net.yaml @@ -3,10 +3,10 @@ name: ysoserial.net description: 'Deserialization payload generator for a variety of .NET formatters ' url: https://github.com/pwntester/ysoserial.net category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: C# tags: [] diff --git a/weapons/ysoserial.yaml b/weapons/ysoserial.yaml index 5222bd4..8ec4571 100644 --- a/weapons/ysoserial.yaml +++ b/weapons/ysoserial.yaml @@ -4,10 +4,10 @@ description: 'A proof-of-concept tool for generating payloads that exploit unsaf Java object deserialization. ' url: https://github.com/frohoff/ysoserial category: tool -type: +type: Utils platform: - linux - macos - windows -lang: [] +lang: Java tags: [] diff --git a/weapons/zap-cli.yaml b/weapons/zap-cli.yaml index de8d172..bd4a077 100644 --- a/weapons/zap-cli.yaml +++ b/weapons/zap-cli.yaml @@ -3,10 +3,10 @@ name: zap-cli description: 'A simple tool for interacting with OWASP ZAP from the commandline. ' url: https://github.com/Grunny/zap-cli category: tool -type: +type: Scanner platform: - linux - macos - windows -lang: [] +lang: Python tags: [] diff --git a/weapons/zap-hud.yaml b/weapons/zap-hud.yaml index abe4482..7201287 100644 --- a/weapons/zap-hud.yaml +++ b/weapons/zap-hud.yaml @@ -3,8 +3,10 @@ name: zap-hud description: url: https://github.com/zaproxy/zap-hud category: tool-addon -type: +type: Utils platform: -- zap -lang: [] +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/zaproxy.yaml b/weapons/zaproxy.yaml index 8c3d4aa..5f84643 100644 --- a/weapons/zaproxy.yaml +++ b/weapons/zaproxy.yaml @@ -3,7 +3,10 @@ name: zaproxy description: The OWASP ZAP core project url: https://github.com/zaproxy/zaproxy category: tool -type: -platform: [] -lang: [] +type: Army-Knife +platform: +- linux +- macos +- windows +lang: Java tags: [] diff --git a/weapons/zdns.yaml b/weapons/zdns.yaml index b7db6ab..63665d9 100644 --- a/weapons/zdns.yaml +++ b/weapons/zdns.yaml @@ -3,7 +3,11 @@ name: zdns description: Fast CLI DNS Lookup Tool url: https://github.com/zmap/zdns category: tool -type: -platform: [] -lang: [] -tags: [] +type: Recon +platform: +- linux +- macos +- windows +lang: Go +tags: +- dns From 22b0e52998d73678c4c88d42264efae1b4fe28d8 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 16:27:59 +0900 Subject: [PATCH 41/42] Update --- README.md | 354 +++++++++++++++++++++++++++--------------------------- 1 file changed, 177 insertions(+), 177 deletions(-) diff --git a/README.md b/README.md index 40317ac..344d962 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun |-------|---------------------------------------------------| | Types | `Army-Knife` `Recon` `Fuzzer` `Scanner` `Exploit` `Utils` `Etc`| | Tags | `infra` `param` `subdomains` `dns` `domain` `apk` `jwt` `ssrf` `s3` `sqli` `aaa` `403` `xss` `ssl` `csp` `xxe` `url` `oast` `wordlist` `report` | -| Langs | `Go` `Shell` `Java` `Python` `C` `Rust` `Ruby` `JavaScript` `Perl` `PHP` `C#` `TypeScript` `BlitzBasic` `Kotlin` `HTML` `CSS` `C++` | +| Langs | `Go` `Shell` `Java` `Python` `Rust` `C` `Ruby` `JavaScript` `Perl` `PHP` `C#` `TypeScript` `BlitzBasic` `Kotlin` `Typescript` `HTML` `CSS` `C++` `Kotiln` | ### Tools | Type | Name | Description | Star | Tags | Badges | @@ -37,39 +37,39 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun |Army-Knife|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Army-Knife|[wuzz](https://github.com/asciimoo/wuzz)|Interactive cli tool for HTTP inspection |![](https://img.shields.io/github/stars/asciimoo/wuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Army-Knife|[axiom](https://github.com/pry0cc/axiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https://img.shields.io/github/stars/pry0cc/axiom?label=%20)|`infra`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| -|Army-Knife|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)||![](./images/java.png)| -|Army-Knife|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)||![](./images/go.png)| -|Army-Knife|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![](./images/python.png)| +|Army-Knife|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Army-Knife|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Army-Knife|[BurpSuite](https://portswigger.net/burp)|the BurpSuite Project|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Army-Knife|[jaeles](https://github.com/jaeles-project/jaeles)|The Swiss Army knife for automated Web Application Testing |![](https://img.shields.io/github/stars/jaeles-project/jaeles?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[longtongue](https://github.com/edoardottt/longtongue)|Customized Password/Passphrase List inputting Target Info|![](https://img.shields.io/github/stars/edoardottt/longtongue?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[scilla](https://github.com/edoardottt/scilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumeration|![](https://img.shields.io/github/stars/edoardottt/scilla?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[Arjun](https://github.com/s0md3v/Arjun)|HTTP parameter discovery suite. |![](https://img.shields.io/github/stars/s0md3v/Arjun?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[subjs](https://github.com/lc/subjs)|Fetches javascript file from a list of URLS or subdomains.|![](https://img.shields.io/github/stars/lc/subjs?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[Sublist3r](https://github.com/aboul3la/Sublist3r)|Fast subdomains enumeration tool for penetration testers |![](https://img.shields.io/github/stars/aboul3la/Sublist3r?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[Chaos Web](https://chaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[findomain](https://github.com/Edu4rdSHL/findomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https://img.shields.io/github/stars/Edu4rdSHL/findomain?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| |Recon|[gowitness](https://github.com/sensepost/gowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https://img.shields.io/github/stars/sensepost/gowitness?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)||![](./images/go.png)| -|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|||| +|Recon|[puredns](https://github.com/d3mondev/puredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https://img.shields.io/github/stars/d3mondev/puredns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[DNSDumpster](https://dnsdumpster.com)| Online dns recon & research, find & lookup dns records|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| |Recon|[GitMiner](https://github.com/UnkL4b/GitMiner)|Tool for advanced mining for content on Github |![](https://img.shields.io/github/stars/UnkL4b/GitMiner?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|`dns`|![](./images/go.png)| +|Recon|[zdns](https://github.com/zmap/zdns)|Fast CLI DNS Lookup Tool|![](https://img.shields.io/github/stars/zmap/zdns?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[Silver](https://github.com/s0md3v/Silver)|Mass scan IPs for vulnerable services |![](https://img.shields.io/github/stars/s0md3v/Silver?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[masscan](https://github.com/robertdavidgraham/masscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https://img.shields.io/github/stars/robertdavidgraham/masscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| -|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|`dns`|![](./images/rust.png)| +|Recon|[rusolver](https://github.com/Edu4rdSHL/rusolver)|Fast and accurate DNS resolver.|![](https://img.shields.io/github/stars/Edu4rdSHL/rusolver?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| |Recon|[Amass](https://github.com/OWASP/Amass)|In-depth Attack Surface Mapping and Asset Discovery |![](https://img.shields.io/github/stars/OWASP/Amass?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[intrigue-core](https://github.com/intrigueio/intrigue-core)|Discover Your Attack Surface |![](https://img.shields.io/github/stars/intrigueio/intrigue-core?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| -|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![](./images/go.png)| +|Recon|[haktrails](https://github.com/hakluke/haktrails)|Golang client for querying SecurityTrails API data|![](https://img.shields.io/github/stars/hakluke/haktrails?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[recon_profile](https://github.com/nahamsec/recon_profile)|Recon profile (bash profile) for bugbounty |![](https://img.shields.io/github/stars/nahamsec/recon_profile?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| -|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/shell.png)| +|Recon|[JSFScan.sh](https://github.com/KathanP19/JSFScan.sh)|Automation for javascript recon in bug bounty. |![](https://img.shields.io/github/stars/KathanP19/JSFScan.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Recon|[rengine](https://github.com/yogeshojha/rengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https://img.shields.io/github/stars/yogeshojha/rengine?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| |Recon|[gau](https://github.com/lc/gau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https://img.shields.io/github/stars/lc/gau?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[meg](https://github.com/tomnomnom/meg)|Fetch many paths for many hosts - without killing the hosts |![](https://img.shields.io/github/stars/tomnomnom/meg?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![](./images/python.png)| -|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)||![](./images/python.png)| +|Recon|[pagodo](https://github.com/opsdisk/pagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https://img.shields.io/github/stars/opsdisk/pagodo?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[uro](https://github.com/s0md3v/uro)|declutters url lists for crawling/pentesting|![](https://img.shields.io/github/stars/s0md3v/uro?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[hakrawler](https://github.com/hakluke/hakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https://img.shields.io/github/stars/hakluke/hakrawler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[SecretFinder](https://github.com/m4ll0k/SecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https://img.shields.io/github/stars/m4ll0k/SecretFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![](./images/rust.png)| -|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|`dns`|![](./images/python.png)| +|Recon|[x8](https://github.com/Sh1Yo/x8)|Hidden parameters discovery suite|![](https://img.shields.io/github/stars/Sh1Yo/x8?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| +|Recon|[dnsvalidator](https://github.com/vortexau/dnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https://img.shields.io/github/stars/vortexau/dnsvalidator?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[aquatone](https://github.com/michenriksen/aquatone)|A Tool for Domain Flyovers |![](https://img.shields.io/github/stars/michenriksen/aquatone?label=%20)|`domain`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[dnsprobe](https://github.com/projectdiscovery/dnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https://img.shields.io/github/stars/projectdiscovery/dnsprobe?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[waybackurls](https://github.com/tomnomnom/waybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https://img.shields.io/github/stars/tomnomnom/waybackurls?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| @@ -77,96 +77,96 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun |Recon|[subgen](https://github.com/pry0cc/subgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[ParamSpider](https://github.com/devanshbatham/ParamSpider)|Mining parameters from dark corners of Web Archives |![](https://img.shields.io/github/stars/devanshbatham/ParamSpider?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[megplus](https://github.com/EdOverflow/megplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https://img.shields.io/github/stars/EdOverflow/megplus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| -|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|`dns`|![](./images/go.png)| +|Recon|[dnsx](https://github.com/projectdiscovery/dnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https://img.shields.io/github/stars/projectdiscovery/dnsx?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[Osmedeus](https://github.com/j3ssie/Osmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https://img.shields.io/github/stars/j3ssie/Osmedeus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[gospider](https://github.com/jaeles-project/gospider)|Gospider - Fast web spider written in Go |![](https://img.shields.io/github/stars/jaeles-project/gospider?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[hakrevdns](https://github.com/hakluke/hakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https://img.shields.io/github/stars/hakluke/hakrevdns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[chaos-client](https://github.com/projectdiscovery/chaos-client)|Go client to communicate with Chaos DNS API. |![](https://img.shields.io/github/stars/projectdiscovery/chaos-client?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[FavFreak](https://github.com/devanshbatham/FavFreak)|Making Favicon.ico based Recon Great again ! |![](https://img.shields.io/github/stars/devanshbatham/FavFreak?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[LinkFinder](https://github.com/GerbenJavado/LinkFinder)|A python script that finds endpoints in JavaScript files |![](https://img.shields.io/github/stars/GerbenJavado/LinkFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![](./images/shell.png)| +|Recon|[reconftw](https://github.com/six2dez/reconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https://img.shields.io/github/stars/six2dez/reconftw?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Recon|[naabu](https://github.com/projectdiscovery/naabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https://img.shields.io/github/stars/projectdiscovery/naabu?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)||![](./images/rust.png)| -|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![](./images/go.png)| +|Recon|[sn0int](https://github.com/kpcyrd/sn0int)|Semi-automatic OSINT framework and package manager|![](https://img.shields.io/github/stars/kpcyrd/sn0int?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| +|Recon|[github-endpoints](https://github.com/gwen001/github-endpoints)|Find endpoints on GitHub.|![](https://img.shields.io/github/stars/gwen001/github-endpoints?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[dirsearch](https://github.com/maurosoria/dirsearch)|Web path scanner |![](https://img.shields.io/github/stars/maurosoria/dirsearch?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[subs_all](https://github.com/emadshanab/subs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https://img.shields.io/github/stars/emadshanab/subs_all?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| |Recon|[altdns](https://github.com/infosec-au/altdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https://img.shields.io/github/stars/infosec-au/altdns?label=%20)|`dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[gitrob](https://github.com/michenriksen/gitrob)|Reconnaissance tool for GitHub organizations |![](https://img.shields.io/github/stars/michenriksen/gitrob?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[crawlergo](https://github.com/Qianlitp/crawlergo)|A powerful browser crawler for web vulnerability scanners|![](https://img.shields.io/github/stars/Qianlitp/crawlergo?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|||| +|Recon|[Shodan](https://www.shodan.io/)| World's first search engine for Internet-connected devices|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| |Recon|[cariddi](https://github.com/edoardottt/cariddi)|Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...|![](https://img.shields.io/github/stars/edoardottt/cariddi?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[SubOver](https://github.com/Ice3man543/SubOver)|A Powerful Subdomain Takeover Tool|![](https://img.shields.io/github/stars/Ice3man543/SubOver?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[htcat](https://github.com/htcat/htcat)|Parallel and Pipelined HTTP GET Utility |![](https://img.shields.io/github/stars/htcat/htcat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[RustScan](https://github.com/brandonskerritt/RustScan)|Faster Nmap Scanning with Rust |![](https://img.shields.io/github/stars/brandonskerritt/RustScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| |Recon|[subfinder](https://github.com/projectdiscovery/subfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https://img.shields.io/github/stars/projectdiscovery/subfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![](./images/go.png)| +|Recon|[uncover](https://github.com/projectdiscovery/uncover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https://img.shields.io/github/stars/projectdiscovery/uncover?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[go-dork](https://github.com/dwisiswant0/go-dork)|The fastest dork scanner written in Go. |![](https://img.shields.io/github/stars/dwisiswant0/go-dork?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|||| -|Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![](./images/python.png)| -|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)||![](./images/go.png)| +|Recon|[SecurityTrails](https://securitytrails.com)| Online dns / subdomain / recon tool|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[HydraRecon](https://github.com/aufzayed/HydraRecon)|All In One, Fast, Easy Recon Tool|![](https://img.shields.io/github/stars/aufzayed/HydraRecon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[github-subdomains](https://github.com/gwen001/github-subdomains)|Find subdomains on GitHub|![](https://img.shields.io/github/stars/gwen001/github-subdomains?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[shuffledns](https://github.com/projectdiscovery/shuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)||![](./images/go.png)| +|Recon|[urlhunter](https://github.com/utkusen/urlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https://img.shields.io/github/stars/utkusen/urlhunter?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|`apk`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)||![](./images/python.png)| +|Recon|[spiderfoot](https://github.com/smicallef/spiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https://img.shields.io/github/stars/smicallef/spiderfoot?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[subjack](https://github.com/haccer/subjack)|Subdomain Takeover tool written in Go |![](https://img.shields.io/github/stars/haccer/subjack?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)||| +|Recon|[CT_subdomains](https://github.com/internetwache/CT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https://img.shields.io/github/stars/internetwache/CT_subdomains?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| |Recon|[subzy](https://github.com/LukaSikic/subzy)|Subdomain takeover vulnerability checker|![](https://img.shields.io/github/stars/LukaSikic/subzy?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Recon|[httpx](https://github.com/projectdiscovery/httpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https://img.shields.io/github/stars/projectdiscovery/httpx?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![](./images/rust.png)| +|Recon|[fhc](https://github.com/Edu4rdSHL/fhc)|Fast HTTP Checker.|![](https://img.shields.io/github/stars/Edu4rdSHL/fhc?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| |Recon|[Photon](https://github.com/s0md3v/Photon)|Incredibly fast crawler designed for OSINT. |![](https://img.shields.io/github/stars/s0md3v/Photon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![](./images/python.png)| +|Recon|[STEWS](https://github.com/PalindromeLabs/STEWS)|A Security Tool for Enumerating WebSockets|![](https://img.shields.io/github/stars/PalindromeLabs/STEWS?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Recon|[gobuster](https://github.com/OJ/gobuster)|Directory/File, DNS and VHost busting tool written in Go |![](https://img.shields.io/github/stars/OJ/gobuster?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)||![](./images/go.png)| -|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)||| -|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|`subdomains`|| -|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||| -|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[gauplus](https://github.com/bp0lr/gauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https://img.shields.io/github/stars/bp0lr/gauplus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[getJS](https://github.com/003random/getJS)|A tool to fastly get all javascript sources/files|![](https://img.shields.io/github/stars/003random/getJS?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[3klCon](https://github.com/eslam3kl/3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https://img.shields.io/github/stars/eslam3kl/3klCon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[OneForAll](https://github.com/shmilylty/OneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https://img.shields.io/github/stars/shmilylty/OneForAll?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[dmut](https://github.com/bp0lr/dmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https://img.shields.io/github/stars/bp0lr/dmut?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[assetfinder](https://github.com/tomnomnom/assetfinder)|Find domains and subdomains related to a given domain |![](https://img.shields.io/github/stars/tomnomnom/assetfinder?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Recon|[parameth](https://github.com/maK-/parameth)|This tool can be used to brute discover GET and POST parameters|![](https://img.shields.io/github/stars/maK-/parameth?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[cc.py](https://github.com/si9int/cc.py)|Extracting URLs of a specific target based on the results of "commoncrawl.org" |![](https://img.shields.io/github/stars/si9int/cc.py?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[knock](https://github.com/guelfoweb/knock)|Knock Subdomain Scan |![](https://img.shields.io/github/stars/guelfoweb/knock?label=%20)|`subdomains`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[lazyrecon](https://github.com/nahamsec/lazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https://img.shields.io/github/stars/nahamsec/lazyrecon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Fuzzer|[jwt-hack](https://github.com/hahwul/jwt-hack)|🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)|![](https://img.shields.io/github/stars/hahwul/jwt-hack?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)||![](./images/go.png)| -|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![](./images/go.png)| +|Fuzzer|[fuzzparam](https://github.com/0xsapra/fuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https://img.shields.io/github/stars/0xsapra/fuzzparam?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Fuzzer|[kiterunner](https://github.com/assetnote/kiterunner)|Contextual Content Discovery Tool|![](https://img.shields.io/github/stars/assetnote/kiterunner?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Fuzzer|[medusa](https://github.com/riza/medusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https://img.shields.io/github/stars/riza/medusa?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Fuzzer|[ffuf](https://github.com/ffuf/ffuf)|Fast web fuzzer written in Go |![](https://img.shields.io/github/stars/ffuf/ffuf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Fuzzer|[SSRFmap](https://github.com/swisskyrepo/SSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https://img.shields.io/github/stars/swisskyrepo/SSRFmap?label=%20)|`ssrf`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Fuzzer|[dotdotpwn](https://github.com/wireghoul/dotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https://img.shields.io/github/stars/wireghoul/dotdotpwn?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| |Fuzzer|[c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker)|JWT brute force cracker written in C |![](https://img.shields.io/github/stars/brendan-rius/c-jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| -|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![](./images/c.png)| -|Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![](./images/rust.png)| +|Fuzzer|[hashcat](https://github.com/hashcat/hashcat/)|World's fastest and most advanced password recovery utility |![](https://img.shields.io/github/stars/hashcat/hashcat/?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Fuzzer|[feroxbuster](https://github.com/epi052/feroxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https://img.shields.io/github/stars/epi052/feroxbuster?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| |Fuzzer|[thc-hydra](https://github.com/vanhauser-thc/thc-hydra)|hydra |![](https://img.shields.io/github/stars/vanhauser-thc/thc-hydra?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| |Fuzzer|[GraphQLmap](https://github.com/swisskyrepo/GraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. |![](https://img.shields.io/github/stars/swisskyrepo/GraphQLmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Fuzzer|[BruteX](https://github.com/1N3/BruteX)|Automatically brute force all services running on a target.|![](https://img.shields.io/github/stars/1N3/BruteX?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| -|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)||![](./images/rust.png)| -|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![](./images/perl.png)| +|Fuzzer|[ppfuzz](https://github.com/dwisiswant0/ppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https://img.shields.io/github/stars/dwisiswant0/ppfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| +|Fuzzer|[wfuzz](https://github.com/xmendez/wfuzz)|Web application fuzzer |![](https://img.shields.io/github/stars/xmendez/wfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Fuzzer|[crlfuzz](https://github.com/dwisiswant0/crlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https://img.shields.io/github/stars/dwisiswant0/crlfuzz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Fuzzer|[jwt-cracker](https://github.com/lmammino/jwt-cracker)|Simple HS256 JWT token brute force cracker |![](https://img.shields.io/github/stars/lmammino/jwt-cracker?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Scanner|[HRS](https://github.com/SafeBreach-Labs/HRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https://img.shields.io/github/stars/SafeBreach-Labs/HRS?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| |Scanner|[AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https://img.shields.io/github/stars/jordanpotti/AWSBucketDump?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[h2csmuggler](https://github.com/assetnote/h2csmuggler)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/assetnote/h2csmuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[hinject](https://github.com/dwisiswant0/hinject)|Host Header Injection Checker |![](https://img.shields.io/github/stars/dwisiswant0/hinject?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[CorsMe](https://github.com/Shivangx01b/CorsMe)|Cross Origin Resource Sharing MisConfiguration Scanner |![](https://img.shields.io/github/stars/Shivangx01b/CorsMe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![](./images/python.png)| -|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)| -|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|`sqli`|![](./images/python.png)| -|Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|`403`|![](./images/go.png)| +|Scanner|[OpenRedireX](https://github.com/devanshbatham/OpenRedireX)|A Fuzzer for OpenRedirect issues|![](https://img.shields.io/github/stars/devanshbatham/OpenRedireX?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[sqlmap](https://github.com/sqlmapproject/sqlmap)|Automatic SQL injection and database takeover tool|![](https://img.shields.io/github/stars/sqlmapproject/sqlmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[sqliv](https://github.com/the-robot/sqliv)|massive SQL injection vulnerability scanner|![](https://img.shields.io/github/stars/the-robot/sqliv?label=%20)|`sqli`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[dontgo403](https://github.com/devploit/dontgo403)|Tool to bypass 40X response codes.|![](https://img.shields.io/github/stars/devploit/dontgo403?label=%20)|`403`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[arachni](https://github.com/Arachni/arachni)|Web Application Security Scanner Framework |![](https://img.shields.io/github/stars/Arachni/arachni?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| |Scanner|[XSpear](https://github.com/hahwul/XSpear)|Powerfull XSS Scanning and Parameter analysis tool&gem |![](https://img.shields.io/github/stars/hahwul/XSpear?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| |Scanner|[nuclei](https://github.com/projectdiscovery/nuclei)|Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. |![](https://img.shields.io/github/stars/projectdiscovery/nuclei?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[nosqli](https://github.com/Charlie-belmer/nosqli)|NoSql Injection CLI tool|![](https://img.shields.io/github/stars/Charlie-belmer/nosqli?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)||![](./images/go.png)| -|Scanner|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)||![](./images/go.png)| -|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)||![](./images/go.png)| -|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)||![](./images/go.png)| +|Scanner|[websocket-connection-smuggler](https://github.com/hahwul/websocket-connection-smuggler)|websocket-connection-smuggler|![](https://img.shields.io/github/stars/hahwul/websocket-connection-smuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[fockcache](https://github.com/tismayil/fockcache)|FockCache - Minimalized Test Cache Poisoning|![](https://img.shields.io/github/stars/tismayil/fockcache?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner)|Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).|![](https://img.shields.io/github/stars/Hackmanit/Web-Cache-Vulnerability-Scanner?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[ws-smuggler](https://github.com/hahwul/ws-smuggler)|WebSocket Connection Smuggler|![](https://img.shields.io/github/stars/hahwul/ws-smuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[Striker](https://github.com/s0md3v/Striker)|Striker is an offensive information and vulnerability scanner. |![](https://img.shields.io/github/stars/s0md3v/Striker?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![](./images/go.png)| -|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)||![](./images/javascript.png)| +|Scanner|[http2smugl](https://github.com/neex/http2smugl)|This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.|![](https://img.shields.io/github/stars/neex/http2smugl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[jsprime](https://github.com/dpnishant/jsprime)|a javascript static security analysis tool|![](https://img.shields.io/github/stars/dpnishant/jsprime?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| |Scanner|[S3Scanner](https://github.com/sa7mon/S3Scanner)|Scan for open AWS S3 buckets and dump the contents |![](https://img.shields.io/github/stars/sa7mon/S3Scanner?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[corsair_scan](https://github.com/Santandersecurityresearch/corsair_scan)|Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).|![](https://img.shields.io/github/stars/Santandersecurityresearch/corsair_scan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[zap-cli](https://github.com/Grunny/zap-cli)|A simple tool for interacting with OWASP ZAP from the commandline. |![](https://img.shields.io/github/stars/Grunny/zap-cli?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![](./images/go.png)| +|Scanner|[ditto](https://github.com/evilsocket/ditto)|A tool for IDN homograph attacks and detection.|![](https://img.shields.io/github/stars/evilsocket/ditto?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[a2sv](https://github.com/hahwul/a2sv)|Auto Scanning to SSL Vulnerability |![](https://img.shields.io/github/stars/hahwul/a2sv?label=%20)|`ssl`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[domdig](https://github.com/fcavallarin/domdig)|DOM XSS scanner for Single Page Applications |![](https://img.shields.io/github/stars/fcavallarin/domdig?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| |Scanner|[findom-xss](https://github.com/dwisiswant0/findom-xss)|A fast DOM based XSS vulnerability scanner with simplicity. |![](https://img.shields.io/github/stars/dwisiswant0/findom-xss?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| @@ -174,91 +174,91 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun |Scanner|[VHostScan](https://github.com/codingo/VHostScan)|A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. |![](https://img.shields.io/github/stars/codingo/VHostScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[tplmap](https://github.com/epinna/tplmap)|Server-Side Template Injection and Code Injection Detection and Exploitation Tool|![](https://img.shields.io/github/stars/epinna/tplmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[Corsy](https://github.com/s0md3v/Corsy)|CORS Misconfiguration Scanner |![](https://img.shields.io/github/stars/s0md3v/Corsy?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|`ssl`|![](./images/java.png)| +|Scanner|[DeepViolet](https://github.com/spoofzu/DeepViolet)|Tool for introspection of SSL\TLS sessions|![](https://img.shields.io/github/stars/spoofzu/DeepViolet?label=%20)|`ssl`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| |Scanner|[httprobe](https://github.com/tomnomnom/httprobe)|Take a list of domains and probe for working HTTP and HTTPS servers |![](https://img.shields.io/github/stars/tomnomnom/httprobe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|`403`|![](./images/go.png)| -|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![](./images/go.png)| +|Scanner|[DirDar](https://github.com/M4DM0e/DirDar)|DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it|![](https://img.shields.io/github/stars/M4DM0e/DirDar?label=%20)|`403`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[gitleaks](https://github.com/zricethezav/gitleaks)|Scan git repos (or files) for secrets using regex and entropy 🔑|![](https://img.shields.io/github/stars/zricethezav/gitleaks?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[LFISuite](https://github.com/D35m0nd142/LFISuite)|Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner |![](https://img.shields.io/github/stars/D35m0nd142/LFISuite?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[xsscrapy](https://github.com/DanMcInerney/xsscrapy)|XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi. |![](https://img.shields.io/github/stars/DanMcInerney/xsscrapy?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![](./images/javascript.png)| -|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/c.png)| -|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)||![](./images/go.png)| +|Scanner|[xsinator.com](https://github.com/RUB-NDS/xsinator.com)|XS-Leak Browser Test Suite|![](https://img.shields.io/github/stars/RUB-NDS/xsinator.com?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Scanner|[nmap](https://github.com/nmap/nmap)|Nmap - the Network Mapper. Github mirror of official SVN repository. |![](https://img.shields.io/github/stars/nmap/nmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Scanner|[ppmap](https://github.com/kleiton0x00/ppmap)|A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[NoSQLMap](https://github.com/codingo/NoSQLMap)|Automated NoSQL database enumeration and web application exploitation tool. |![](https://img.shields.io/github/stars/codingo/NoSQLMap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![](./images/go.png)| -|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)||![](./images/go.png)| -|Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)||| +|Scanner|[wprecon](https://github.com/blackcrw/wprecon)|Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.|![](https://img.shields.io/github/stars/blackcrw/wprecon?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[plution](https://github.com/raverrr/plution)|Prototype pollution scanner using headless chrome|![](https://img.shields.io/github/stars/raverrr/plution?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[Chromium-based-XSS-Taint-Tracking](https://github.com/v8blink/Chromium-based-XSS-Taint-Tracking)|Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.|![](https://img.shields.io/github/stars/v8blink/Chromium-based-XSS-Taint-Tracking?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| |Scanner|[wpscan](https://github.com/wpscanteam/wpscan)|WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. |![](https://img.shields.io/github/stars/wpscanteam/wpscan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| -|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)||![](./images/go.png)| -|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|`xss`|![](./images/javascript.png)| +|Scanner|[headi](https://github.com/mlcsec/headi)|Customisable and automated HTTP header injection|![](https://img.shields.io/github/stars/mlcsec/headi?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[DOMPurify](https://github.com/cure53/DOMPurify)|DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:|![](https://img.shields.io/github/stars/cure53/DOMPurify?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| |Scanner|[smuggler](https://github.com/defparam/smuggler)|Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 |![](https://img.shields.io/github/stars/defparam/smuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[commix](https://github.com/commixproject/commix)|Automated All-in-One OS Command Injection Exploitation Tool.|![](https://img.shields.io/github/stars/commixproject/commix?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Scanner|[nikto](https://github.com/sullo/nikto)|Nikto web server scanner |![](https://img.shields.io/github/stars/sullo/nikto?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/perl.png)| |Scanner|[dalfox](https://github.com/hahwul/dalfox)|🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang |![](https://img.shields.io/github/stars/hahwul/dalfox?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[testssl.sh](https://github.com/drwetter/testssl.sh)|Testing TLS/SSL encryption anywhere on any port |![](https://img.shields.io/github/stars/drwetter/testssl.sh?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Scanner|[xsser](https://github.com/epsylon/xsser)|Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |![](https://img.shields.io/github/stars/epsylon/xsser?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)||![](./images/shell.png)| +|Scanner|[web_cache_poison](https://github.com/fngoo/web_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https://img.shields.io/github/stars/fngoo/web_cache_poison?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Scanner|[confused](https://github.com/visma-prodsec/confused)|Tool to check for dependency confusion vulnerabilities in multiple package management systems|![](https://img.shields.io/github/stars/visma-prodsec/confused?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Scanner|[XSStrike](https://github.com/s0md3v/XSStrike)|Most advanced XSS scanner. |![](https://img.shields.io/github/stars/s0md3v/XSStrike?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)||![](./images/javascript.png)| -|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)||| -|Scanner|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)||| -|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||| -|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Exploit|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|||| -|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|||| -|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![](./images/python.png)| +|Scanner|[PPScan](https://github.com/msrkp/PPScan)|Client Side Prototype Pollution Scanner|![](https://img.shields.io/github/stars/msrkp/PPScan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Scanner|[ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)|A simple SSRF-testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Scanner|[github-search](https://github.com/gwen001/github-search)|Tools to perform basic search on GitHub. |![](https://img.shields.io/github/stars/gwen001/github-search?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Scanner|[DSSS](https://github.com/stamparm/DSSS)|Damn Small SQLi Scanner|![](https://img.shields.io/github/stars/stamparm/DSSS?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[Taipan](https://github.com/enkomio/Taipan)|Web application vulnerability scanner|![](https://img.shields.io/github/stars/enkomio/Taipan?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Scanner|[http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling)|HTTP Request Smuggling Detection Tool|![](https://img.shields.io/github/stars/anshumanpattnaik/http-request-smuggling?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[gitGraber](https://github.com/hisxo/gitGraber)|gitGraber |![](https://img.shields.io/github/stars/hisxo/gitGraber?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Exploit|[SQL Ninja](https://gitlab.com/kalilinux/packages/sqlninja)|SQL Injection scanner|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Exploit|[SQLNinja](https://gitlab.com/kalilinux/packages/sqlninja)| SQL Injection scanner|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Exploit|[XSRFProbe](https://github.com/0xInfection/XSRFProbe)|The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.|![](https://img.shields.io/github/stars/0xInfection/XSRFProbe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Exploit|[Gopherus](https://github.com/tarunkant/Gopherus)|This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |![](https://img.shields.io/github/stars/tarunkant/Gopherus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![](./images/go.png)| -|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|`xxe`|![](./images/ruby.png)| -|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![](./images/javascript.png)| -|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Exploit|[xxeserv](https://github.com/staaldraad/xxeserv)|A mini webserver with FTP support for XXE payloads|![](https://img.shields.io/github/stars/staaldraad/xxeserv?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Exploit|[XXEinjector](https://github.com/enjoiz/XXEinjector)|Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.|![](https://img.shields.io/github/stars/enjoiz/XXEinjector?label=%20)|`xxe`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| +|Exploit|[singularity](https://github.com/nccgroup/singularity)|A DNS rebinding attack framework.|![](https://img.shields.io/github/stars/nccgroup/singularity?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Exploit|[Sn1per](https://github.com/1N3/Sn1per)|Automated pentest framework for offensive security experts |![](https://img.shields.io/github/stars/1N3/Sn1per?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Utils|[burl](https://github.com/tomnomnom/burl)|A Broken-URL Checker |![](https://img.shields.io/github/stars/tomnomnom/burl?label=%20)|`url`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|||| -|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![](./images/python.png)| +|Utils|[SequenceDiagram](https://sequencediagram.org)| Online tool for creating UML sequence diagrams|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[grc](https://github.com/garabik/grc)|generic colouriser|![](https://img.shields.io/github/stars/garabik/grc?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Utils|[ezXSS](https://github.com/ssl/ezXSS)|ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |![](https://img.shields.io/github/stars/ssl/ezXSS?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/php.png)| -|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)||![](./images/shell.png)| +|Utils|[Findsploit](https://github.com/1N3/Findsploit)|Find exploits in local and online databases instantly|![](https://img.shields.io/github/stars/1N3/Findsploit?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Utils|[urlgrab](https://github.com/IAmStoxe/urlgrab)|A golang utility to spider through a website searching for additional links. |![](https://img.shields.io/github/stars/IAmStoxe/urlgrab?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[qsreplace](https://github.com/tomnomnom/qsreplace)|Accept URLs on stdin, replace all query string values with a user-supplied value |![](https://img.shields.io/github/stars/tomnomnom/qsreplace?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)||![](./images/go.png)| -|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[Emissary](https://github.com/BountyStrike/Emissary)|Send notifications on different channels such as Slack, Telegram, Discord etc.|![](https://img.shields.io/github/stars/BountyStrike/Emissary?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[hacks](https://github.com/tomnomnom/hacks)|A collection of hacks and one-off scripts |![](https://img.shields.io/github/stars/tomnomnom/hacks?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[ysoserial.net](https://github.com/pwntester/ysoserial.net)|Deserialization payload generator for a variety of .NET formatters |![](https://img.shields.io/github/stars/pwntester/ysoserial.net?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c#.png)| -|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![](./images/go.png)| +|Utils|[gitls](https://github.com/hahwul/gitls)|Listing git repository from URL/User/Org|![](https://img.shields.io/github/stars/hahwul/gitls?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[cf-check](https://github.com/dwisiswant0/cf-check)|Cloudflare Checker written in Go |![](https://img.shields.io/github/stars/dwisiswant0/cf-check?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)||| -|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)||![](./images/javascript.png)| +|Utils|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[weaponised-XSS-payloads](https://github.com/hakluke/weaponised-XSS-payloads)|XSS payloads designed to turn alert(1) into P1|![](https://img.shields.io/github/stars/hakluke/weaponised-XSS-payloads?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| |Utils|[unfurl](https://github.com/tomnomnom/unfurl)|Pull out bits of URLs provided on stdin |![](https://img.shields.io/github/stars/tomnomnom/unfurl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![](./images/c.png)| -|Utils|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|||| +|Utils|[curl](https://github.com/curl/curl)|A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features|![](https://img.shields.io/github/stars/curl/curl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c.png)| +|Utils|[Phoenix](https://www.hahwul.com/p/phoenix.html)| hahwul's online tools|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| |Utils|[s3reverse](https://github.com/hahwul/s3reverse)|The format of various s3 buckets is convert in one format. for bugbounty and security testing. |![](https://img.shields.io/github/stars/hahwul/s3reverse?label=%20)|`s3`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[ysoserial](https://github.com/frohoff/ysoserial)|A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. |![](https://img.shields.io/github/stars/frohoff/ysoserial?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| -|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|`xss`|![](./images/javascript.png)| -|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![](./images/javascript.png)| -|Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![](./images/rust.png)| -|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|`oast`|![](./images/go.png)| -|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|`oast` `dns`|![](./images/go.png)| -|Utils|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)||| -|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/shell.png)| +|Utils|[xssor2](https://github.com/evilcos/xssor2)|XSS'OR - Hack with JavaScript.|![](https://img.shields.io/github/stars/evilcos/xssor2?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[wssip](https://github.com/nccgroup/wssip)|Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.|![](https://img.shields.io/github/stars/nccgroup/wssip?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[hurl](https://github.com/Orange-OpenSource/hurl)|Hurl, run and test HTTP requests.|![](https://img.shields.io/github/stars/Orange-OpenSource/hurl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| +|Utils|[graphql-voyager](https://github.com/APIs-guru/graphql-voyager)|🛰️ Represent any GraphQL API as an interactive graph |![](https://img.shields.io/github/stars/APIs-guru/graphql-voyager?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/typescript.png)| +|Utils|[interactsh](https://github.com/projectdiscovery/interactsh)|An OOB interaction gathering server and client library|![](https://img.shields.io/github/stars/projectdiscovery/interactsh?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[dnsobserver](https://github.com/allyomalley/dnsobserver)|A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications via Slack. |![](https://img.shields.io/github/stars/allyomalley/dnsobserver?label=%20)|`oast` `dns`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)|📡 PoC auto collect from GitHub. Be careful malware.|![](https://img.shields.io/github/stars/nomi-sec/PoC-in-GitHub?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[pwncat](https://github.com/cytopia/pwncat)|pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) |![](https://img.shields.io/github/stars/cytopia/pwncat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Utils|[pentest-tools](https://github.com/gwen001/pentest-tools)|Custom pentesting tools |![](https://img.shields.io/github/stars/gwen001/pentest-tools?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Utils|[template-generator](https://github.com/fransr/template-generator)|A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates. |![](https://img.shields.io/github/stars/fransr/template-generator?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| -|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|`xss`|![](./images/javascript.png)| -|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|`xxe` `xss`|![](./images/python.png)| -|Utils|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)||![](./images/html.png)| -|Utils|[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|||| -|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![](./images/go.png)| +|Utils|[jsfuck](https://github.com/aemkei/jsfuck)|Write any JavaScript with 6 Characters|![](https://img.shields.io/github/stars/aemkei/jsfuck?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[docem](https://github.com/whitel1st/docem)|Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)|![](https://img.shields.io/github/stars/whitel1st/docem?label=%20)|`xxe` `xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[autochrome](https://github.com/nccgroup/autochrome)|This tool downloads, installs, and configures a shiny new copy of Chromium.|![](https://img.shields.io/github/stars/nccgroup/autochrome?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/html.png)| +|Utils|[CSP Evaluator](https://csp-evaluator.withgoogle.com)|Online CSP Evaluator from google|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[github-regexp](https://github.com/gwen001/github-regexp)|Basically a regexp over a GitHub search.|![](https://img.shields.io/github/stars/gwen001/github-regexp?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[230-OOB](https://github.com/lc/230-OOB)|An Out-of-Band XXE server for retrieving file contents over FTP.|![](https://img.shields.io/github/stars/lc/230-OOB?label=%20)|`xxe`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| |Utils|[urlprobe](https://github.com/1ndianl33t/urlprobe)|Urls status code & content length checker |![](https://img.shields.io/github/stars/1ndianl33t/urlprobe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![](./images/go.png)| +|Utils|[pet](https://github.com/knqyf263/pet)|Simple command-line snippet manager, written in Go.|![](https://img.shields.io/github/stars/knqyf263/pet?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[boast](https://github.com/marcoagner/boast)|The BOAST Outpost for AppSec Testing (v0.1.0)|![](https://img.shields.io/github/stars/marcoagner/boast?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)||![](./images/shell.png)| -|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)||![](./images/go.png)| -|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![](./images/go.png)| -|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![](./images/go.png)| -|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![](./images/go.png)| -|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![](./images/go.png)| +|Utils|[ob_hacky_slack](https://github.com/openbridge/ob_hacky_slack)|Hacky Slack - a bash script that sends beautiful messages to Slack|![](https://img.shields.io/github/stars/openbridge/ob_hacky_slack?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| +|Utils|[slackcat](https://github.com/bcicen/slackcat)|CLI utility to post files and command output to slack|![](https://img.shields.io/github/stars/bcicen/slackcat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[gotestwaf](https://github.com/wallarm/gotestwaf)|An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses|![](https://img.shields.io/github/stars/wallarm/gotestwaf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[Bug-Bounty-Toolz](https://github.com/m4ll0k/Bug-Bounty-Toolz)|BBT - Bug Bounty Tools |![](https://img.shields.io/github/stars/m4ll0k/Bug-Bounty-Toolz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[gotator](https://github.com/Josue87/gotator)|Gotator is a tool to generate DNS wordlists through permutations.|![](https://img.shields.io/github/stars/Josue87/gotator?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[gee](https://github.com/hahwul/gee)|🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go|![](https://img.shields.io/github/stars/hahwul/gee?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| +|Utils|[hakcheckurl](https://github.com/hakluke/hakcheckurl)|Takes a list of URLs and returns their HTTP response codes|![](https://img.shields.io/github/stars/hakluke/hakcheckurl?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[Assetnote Wordlists](https://github.com/assetnote/wordlists)|Automated & Manual Wordlists provided by Assetnote|![](https://img.shields.io/github/stars/assetnote/wordlists?label=%20)|`wordlist`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/css.png)| |Utils|[bountyplz](https://github.com/fransr/bountyplz)|Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported) |![](https://img.shields.io/github/stars/fransr/bountyplz?label=%20)|`report`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/shell.png)| |Utils|[xss-cheatsheet-data](https://github.com/PortSwigger/xss-cheatsheet-data)|This repository contains all the XSS cheatsheet data to allow contributions from the community. |![](https://img.shields.io/github/stars/PortSwigger/xss-cheatsheet-data?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| @@ -266,22 +266,22 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun |Utils|[oxml_xxe](https://github.com/BuffaloWill/oxml_xxe)|A tool for embedding XXE/XML exploits into different filetypes |![](https://img.shields.io/github/stars/BuffaloWill/oxml_xxe?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/ruby.png)| |Utils|[TukTuk](https://github.com/ArturSS7/TukTuk)|Tool for catching and logging different types of requests. |![](https://img.shields.io/github/stars/ArturSS7/TukTuk?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[Atlas](https://github.com/m4ll0k/Atlas)|Quick SQLMap Tamper Suggester |![](https://img.shields.io/github/stars/m4ll0k/Atlas?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| -|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![](./images/javascript.png)| -|Utils|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)||![](./images/c++.png)| +|Utils|[CyberChef](https://github.com/gchq/CyberChef)|The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |![](https://img.shields.io/github/stars/gchq/CyberChef?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[security-research-pocs](https://github.com/google/security-research-pocs)|Proof-of-concept codes created as part of security research done by Google Security Team.|![](https://img.shields.io/github/stars/google/security-research-pocs?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c++.png)| |Utils|[gron](https://github.com/tomnomnom/gron)|Make JSON greppable! |![](https://img.shields.io/github/stars/tomnomnom/gron?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![](./images/javascript.png)| +|Utils|[quickjack](https://github.com/samyk/quickjack)|Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.|![](https://img.shields.io/github/stars/samyk/quickjack?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| |Utils|[gf](https://github.com/tomnomnom/gf)|A wrapper around grep, to help you grep for things |![](https://img.shields.io/github/stars/tomnomnom/gf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| |Utils|[anew](https://github.com/tomnomnom/anew)|A tool for adding new lines to files, skipping duplicates|![](https://img.shields.io/github/stars/tomnomnom/anew?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| -|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)||| -|Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[security-crawl-maze](https://github.com/google/security-crawl-maze)|Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.|![](https://img.shields.io/github/stars/google/security-crawl-maze?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/html.png)| +|Utils|[SecLists](https://github.com/danielmiessler/SecLists)|SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. |![](https://img.shields.io/github/stars/danielmiessler/SecLists?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/php.png)| |Utils|[can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)|"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.|![](https://img.shields.io/github/stars/EdOverflow/can-i-take-over-xyz?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||| -|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||| -|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||| -|Utils|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)||| -|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| -|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |![](https://img.shields.io/github/stars/swisskyrepo/PayloadsAllTheThings?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[bat](https://github.com/sharkdp/bat)|A cat(1) clone with wings.|![](https://img.shields.io/github/stars/sharkdp/bat?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| +|Utils|[tiscripts](https://github.com/defparam/tiscripts)|Turbo Intruder Scripts|![](https://img.shields.io/github/stars/defparam/tiscripts?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[grex](https://github.com/pemistahl/grex)|A command-line tool and library for generating regular expressions from user-provided test cases|![](https://img.shields.io/github/stars/pemistahl/grex?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/rust.png)| +|Utils|[httpie](https://github.com/httpie/httpie)|As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie|![](https://img.shields.io/github/stars/httpie/httpie?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[Blacklist3r](https://github.com/NotSoSecure/Blacklist3r)|project-blacklist3r |![](https://img.shields.io/github/stars/NotSoSecure/Blacklist3r?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/c#.png)| +|Utils|[fzf](https://github.com/junegunn/fzf)|A command-line fuzzy finder|![](https://img.shields.io/github/stars/junegunn/fzf?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/go.png)| ### Bookmarklets | Type | Name | Description | Star | Tags | Badges | @@ -290,56 +290,56 @@ A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hun ### Browser Addons | Type | Name | Description | Star | Tags | Badges | | --- | --- | --- | --- | --- | --- | -|Recon|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|||![safari](./images/safari.png)| -|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/javascript.png)| -|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|`jwt`|![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/javascript.png)| -|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)||![firefox](./images/firefox.png)![](./images/javascript.png)| -|Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![chrome](./images/chrome.png)![firefox](./images/firefox.png)![](./images/typescript.png)| -|Utils|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|||![safari](./images/safari.png)| -|Utils|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|||![chrome](./images/chrome.png)| -|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)||![chrome](./images/chrome.png)![](./images/javascript.png)| -|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -|Utils|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|||![chrome](./images/chrome.png)![firefox](./images/firefox.png)| -|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)||![chrome](./images/chrome.png)![](./images/javascript.png)| -|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![firefox](./images/firefox.png)![](./images/javascript.png)| -|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|`xss`|![firefox](./images/firefox.png)![](./images/javascript.png)| +|Recon|[Wayback Machine](https://apps.apple.com/us/app/wayback-machine/id1472432422)|History of website|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[DotGit](https://github.com/davtur19/DotGit)|An extension for checking if .git is exposed in visited websites|![](https://img.shields.io/github/stars/davtur19/DotGit?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[jsonwebtoken.github.io](https://github.com/jsonwebtoken/jsonwebtoken.github.io)|JWT En/Decode and Verify|![](https://img.shields.io/github/stars/jsonwebtoken/jsonwebtoken.github.io?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[cookie-quick-manager](https://github.com/ysard/cookie-quick-manager)|An addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.|![](https://img.shields.io/github/stars/ysard/cookie-quick-manager?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[Hack-Tools](https://github.com/LasCC/Hack-Tools)|The all-in-one Red Team extension for Web Pentester 🛠|![](https://img.shields.io/github/stars/LasCC/Hack-Tools?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/typescript.png)| +|Utils|[Dark Reader for Safari](https://apps.apple.com/us/app/dark-reader-for-safari/id1438243180)|Dark mode to any site|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[User-Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher/clddifkhlkcojbojppdojfeeikdkgiae)|quick and easy way to switch between user-agents.|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[Edit-This-Cookie](https://github.com/ETCExtensions/Edit-This-Cookie)|EditThisCookie is the famous Google Chrome/Chromium extension for editing cookies|![](https://img.shields.io/github/stars/ETCExtensions/Edit-This-Cookie?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[MM3 ProxySwitch](https://proxy-offline-browser.com/ProxySwitch/)|Proxy Switch in Firefox and Chrome|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[Dark Reader](https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh)|Dark mode to any site|||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Utils|[postMessage-tracker](https://github.com/fransr/postMessage-tracker)|A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon|![](https://img.shields.io/github/stars/fransr/postMessage-tracker?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[clear-cache](https://github.com/TenSoja/clear-cache)|Add-on to clear browser cache with a single click or via the F9 key.|![](https://img.shields.io/github/stars/TenSoja/clear-cache?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[eval_villain](https://github.com/swoops/eval_villain)|A Firefox Web Extension to improve the discovery of DOM XSS.|![](https://img.shields.io/github/stars/swoops/eval_villain?label=%20)|`xss`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| ### Burpsuite and ZAP Addons | Type | Name | Description | Star | Tags | Badges | | --- | --- | --- | --- | --- | --- | -|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)||![burp](./images/burp.png)![](./images/python.png)| -|Recon|[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/python.png)| -|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)||![zap](./images/zap.png)![](./images/java.png)| -|Recon|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)||![burp](./images/burp.png)| -|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/javascript.png)| -|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|`param`|![burp](./images/burp.png)![](./images/java.png)| -|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|`aaa`|![burp](./images/burp.png)![](./images/python.png)| -|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|`aaa`|![burp](./images/burp.png)![](./images/python.png)| -|Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|`csp`|![burp](./images/burp.png)![zap](./images/zap.png)![](./images/java.png)| -|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)||![burp](./images/burp.png)| -|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|`oast`|![burp](./images/burp.png)![](./images/java.png)| -|Utils|[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)||![burp](./images/burp.png)![](./images/blitzbasic.png)| -|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![burp](./images/burp.png)![](./images/kotlin.png)| -|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![burp](./images/burp.png)| -|Utils|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)||![burp](./images/burp.png)![](./images/blitzbasic.png)| -|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![burp](./images/burp.png)![zap](./images/zap.png)![](./images/java.png)| -|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![burp](./images/burp.png)![](./images/python.png)| -|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![burp](./images/burp.png)![](./images/python.png)| -|Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![zap](./images/zap.png)![](./images/java.png)| -|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![burp](./images/burp.png)![](./images/python.png)| -|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![burp](./images/burp.png)![](./images/java.png)| -|Utils|[reflect](https://github.com/TypeError/reflect)||![](https://img.shields.io/github/stars/TypeError/reflect?label=%20)||![zap](./images/zap.png)| -|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|`jwt`|![zap](./images/zap.png)![](./images/java.png)| -|Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![burp](./images/burp.png)![](./images/kotlin.png)| -|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![zap](./images/zap.png)![](./images/javascript.png)| -|Utils|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)||![burp](./images/burp.png)| +|Recon|[BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder)||![](https://img.shields.io/github/stars/InitRoot/BurpJSLinkFinder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[HUNT](https://github.com/bugcrowd/HUNT)||![](https://img.shields.io/github/stars/bugcrowd/HUNT?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Recon|[attack-surface-detector-zap](https://github.com/secdec/attack-surface-detector-zap)||![](https://img.shields.io/github/stars/secdec/attack-surface-detector-zap?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Recon|[BurpSuite-Secret_Finder](https://github.com/m4ll0k/BurpSuite-Secret_Finder)||![](https://img.shields.io/github/stars/m4ll0k/BurpSuite-Secret_Finder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)| +|Recon|[reflected-parameters](https://github.com/PortSwigger/reflected-parameters)||![](https://img.shields.io/github/stars/PortSwigger/reflected-parameters?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Recon|[burp-retire-js](https://github.com/h3xstream/burp-retire-js)||![](https://img.shields.io/github/stars/h3xstream/burp-retire-js?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Fuzzer|[param-miner](https://github.com/PortSwigger/param-miner)||![](https://img.shields.io/github/stars/PortSwigger/param-miner?label=%20)|`param`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Scanner|[Autorize](https://github.com/Quitten/Autorize)||![](https://img.shields.io/github/stars/Quitten/Autorize?label=%20)|`aaa`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[http-request-smuggler](https://github.com/PortSwigger/http-request-smuggler)||![](https://img.shields.io/github/stars/PortSwigger/http-request-smuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Scanner|[AuthMatrix](https://github.com/SecurityInnovation/AuthMatrix)||![](https://img.shields.io/github/stars/SecurityInnovation/AuthMatrix?label=%20)|`aaa`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Scanner|[csp-auditor](https://github.com/GoSecure/csp-auditor)||![](https://img.shields.io/github/stars/GoSecure/csp-auditor?label=%20)|`csp`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Scanner|[collaborator-everywhere](https://github.com/PortSwigger/collaborator-everywhere)||![](https://img.shields.io/github/stars/PortSwigger/collaborator-everywhere?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Scanner|[BurpSuiteHTTPSmuggler](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteHTTPSmuggler?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[knife](https://github.com/bit4woo/knife)|A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅|![](https://img.shields.io/github/stars/bit4woo/knife?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[taborator](https://github.com/hackvertor/taborator)||![](https://img.shields.io/github/stars/hackvertor/taborator?label=%20)|`oast`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[BurpBounty](https://github.com/wagiro/BurpBounty)||![](https://img.shields.io/github/stars/wagiro/BurpBounty?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/blitzbasic.png)| +|Utils|[turbo-intruder](https://github.com/PortSwigger/turbo-intruder)||![](https://img.shields.io/github/stars/PortSwigger/turbo-intruder?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/kotlin.png)| +|Utils|[BurpSuiteLoggerPlusPlus](https://github.com/nccgroup/BurpSuiteLoggerPlusPlus)||![](https://img.shields.io/github/stars/nccgroup/BurpSuiteLoggerPlusPlus?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[IntruderPayloads](https://github.com/1N3/IntruderPayloads)||![](https://img.shields.io/github/stars/1N3/IntruderPayloads?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/blitzbasic.png)| +|Utils|[safecopy](https://github.com/yashrs/safecopy)||![](https://img.shields.io/github/stars/yashrs/safecopy?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[BurpCustomizer](https://github.com/CoreyD97/BurpCustomizer)|Because just a dark theme wasn't enough!|![](https://img.shields.io/github/stars/CoreyD97/BurpCustomizer?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[http-script-generator](https://github.com/h3xstream/http-script-generator)||![](https://img.shields.io/github/stars/h3xstream/http-script-generator?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[femida](https://github.com/wish-i-was/femida)||![](https://img.shields.io/github/stars/wish-i-was/femida?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[burp-exporter](https://github.com/artssec/burp-exporter)||![](https://img.shields.io/github/stars/artssec/burp-exporter?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[zap-hud](https://github.com/zaproxy/zap-hud)||![](https://img.shields.io/github/stars/zaproxy/zap-hud?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[Stepper](https://github.com/CoreyD97/Stepper)||![](https://img.shields.io/github/stars/CoreyD97/Stepper?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[inql](https://github.com/doyensec/inql)||![](https://img.shields.io/github/stars/doyensec/inql?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/python.png)| +|Utils|[burp-send-to](https://github.com/bytebutcher/burp-send-to)||![](https://img.shields.io/github/stars/bytebutcher/burp-send-to?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[reflect](https://github.com/cak/reflect)||![](https://img.shields.io/github/stars/cak/reflect?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/kotiln.png)| +|utils|[owasp-zap-jwt-addon](https://github.com/SasanLabs/owasp-zap-jwt-addon)||![](https://img.shields.io/github/stars/SasanLabs/owasp-zap-jwt-addon?label=%20)|`jwt`|![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| +|Utils|[burp-piper](https://github.com/silentsignal/burp-piper)||![](https://img.shields.io/github/stars/silentsignal/burp-piper?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/kotlin.png)| +|Utils|[community-scripts](https://github.com/zaproxy/community-scripts)||![](https://img.shields.io/github/stars/zaproxy/community-scripts?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/javascript.png)| +|Utils|[auto-repeater](https://github.com/PortSwigger/auto-repeater)||![](https://img.shields.io/github/stars/PortSwigger/auto-repeater?label=%20)||![linux](./images/linux.png)![macos](./images/apple.png)![windows](./images/windows.png)![](./images/java.png)| ## Thanks to (Contributor) I would like to thank everyone who helped with this project 👍😎 From c4dd70859ef4b81ee37cddffafca3f7a4e98aae2 Mon Sep 17 00:00:00 2001 From: hahwul Date: Fri, 19 Aug 2022 16:42:53 +0900 Subject: [PATCH 42/42] Update --- .../add-tool-and-change-information.md | 10 --------- .github/ISSUE_TEMPLATE/bug_report.md | 21 ------------------- .github/ISSUE_TEMPLATE/feature_request.md | 10 --------- .github/ISSUE_TEMPLATE/question.md | 10 --------- CONTRIBUTING.md | 2 +- 5 files changed, 1 insertion(+), 52 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/add-tool-and-change-information.md delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md delete mode 100644 .github/ISSUE_TEMPLATE/question.md diff --git a/.github/ISSUE_TEMPLATE/add-tool-and-change-information.md b/.github/ISSUE_TEMPLATE/add-tool-and-change-information.md deleted file mode 100644 index b5d8baf..0000000 --- a/.github/ISSUE_TEMPLATE/add-tool-and-change-information.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -name: Add tool and Change information -about: Describe this issue template's purpose here. -title: '' -labels: '' -assignees: '' - ---- - - diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index c8f1798..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: bug -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Env** -e.g OS, Version... etc... diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 4b2e2cb..0000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: '' -labels: feature request -assignees: '' - ---- - - diff --git a/.github/ISSUE_TEMPLATE/question.md b/.github/ISSUE_TEMPLATE/question.md deleted file mode 100644 index 6372895..0000000 --- a/.github/ISSUE_TEMPLATE/question.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -name: Question -about: If you have any questions, ask. -title: '' -labels: question -assignees: '' - ---- - - diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a7e24c5..569a9d3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -21,7 +21,7 @@ platform: - zap # zap addon - burpsuite # burpsuite addon # If supported crossplatform, you write out all three (linux/macos/windows) -lang: [] # go / python / ruby / rust / etc... +lang: # go / python / ruby / rust / etc... tags: [] # xss / sqli / ssrf / oast / etc... ```