API Security Project aims to present unique attack & defense methods in API Security field

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Small, fast tool for performing reverse DNS lookups en masse.

A Python script to parse net blocks & domain names from SPF record

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …

Accept URLs on stdin, replace all query string values with a user-supplied value

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Takes a list of URLs and returns their HTTP response codes

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Tool to check for dependency confusion vulnerabilities in multiple package management systems

All about bug bounty (bypasses, payloads, and etc)

The Bug Hunters Methodology

A bunch of links to blog posts, articles, videos, etc for learning Rust

The Swiss Army knife for automated Web Application Testing

A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

A Modern Orchestration Engine for Security

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Nmap - the Network Mapper. Github mirror of official SVN repository.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A Tool for Domain Flyovers

Find secrets with Gitleaks 🔑

A static analysis security vulnerability scanner for Ruby on Rails applications

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!

Automatically Launch Google Hacking Queries Against A Target Domain