diff --git a/README.md b/README.md index 65759c8..6643926 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,9 @@ - [scilla](https://github.com/edoardottt/scilla) - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration - [sub3suite](https://github.com/3nock/sub3suite) - A research-grade suite of tools for subdomain enumeration, intelligence gathering and attack surface mapping. - [cero](https://github.com/glebarez/cero) - Scrape domain names from SSL certificates of arbitrary hosts +- [shosubgo](https://github.com/incogbyte/shosubgo) - Small tool to Grab subdomains using Shodan api +- [haktrails](https://github.com/hakluke/haktrails) - Golang client for querying SecurityTrails API data +- [bbot](https://github.com/blacklanternsecurity/bbot) - A recursive internet scanner for hackers ### Port Scanning @@ -128,6 +131,7 @@ - [gospider](https://github.com/jaeles-project/gospider) - Gospider - Fast web spider written in Go - [hakrawler](https://github.com/hakluke/hakrawler) - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application - [crawley](https://github.com/s0rg/crawley) - fast, feature-rich unix-way web scraper/crawler written in Golang. +- [katana](https://github.com/projectdiscovery/katana) - A next-generation crawling and spidering framework ### Links @@ -275,6 +279,7 @@ Lorem ipsum dolor sit amet - [rbndr](https://github.com/taviso/rbndr) - Simple DNS Rebinding Service - [httprebind](https://github.com/daeken/httprebind) - Automatic tool for DNS rebinding-based SSRF attacks - [dnsFookup](https://github.com/makuga01/dnsFookup) - DNS rebinding toolkit +- [surf](https://github.com/assetnote/surf) - Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates. ### SQL Injection @@ -293,6 +298,7 @@ Lorem ipsum dolor sit amet - [Blinder](https://github.com/mhaskar/Blinder) - A python library to automate time-based blind SQL injection - [sqliv](https://github.com/the-robot/sqliv) - massive SQL injection vulnerability scanner - [nosqli](https://github.com/Charlie-belmer/nosqli) - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB. +- [ghauri](https://github.com/r0oth3x49/ghauri) - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws ### XSS Injection @@ -347,6 +353,10 @@ Lorem ipsum dolor sit amet - [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) - A tool for embedding XXE/XML exploits into different filetypes - [metahttp](https://github.com/vp777/metahttp) - A bash script that automates the scanning of a target network for HTTP resources through XXE +### SSTI Injection +- [tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool +- [SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface + --- ## Miscellaneous @@ -424,6 +434,9 @@ Lorem ipsum dolor sit amet - [CMSmap](https://github.com/Dionach/CMSmap) - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. - [joomscan](https://github.com/OWASP/joomscan) - OWASP Joomla Vulnerability Scanner Project - [pyfiscan](https://github.com/fgeek/pyfiscan) - Free web-application vulnerability and version scanner +- [aemhacker](https://github.com/0ang3el/aem-hacker) - Tools to identify vulnerable Adobe Experience Manager (AEM) webapps. +- [aemscan](https://github.com/Raz0r/aemscan) - Adobe Experience Manager Vulnerability Scanner + ### JSON Web Token