WHAT'S
NEW
In this section you can find relevant information about ported tools and other stuff.
Help us document the progress and research in port-status.

Get involved submitting fixes or patches to improve the tools and SecBSD system.
PORTS
PKGNAME VERSION DESCRIPTION URL STATUS
amass 3.19.1 Attack surface mapping and asset discovery https://github.com/OWASP/Amass No Audit
anew 0.1.1 Append lines from stdin to a file https://github.com/tomnomnom/anew No Audit
anti-burl 0.1.0 Takes URLs on stdin, prints them to stdout if they return a 200 OK https://github.com/tomnomnom/hacks/tree/master/anti-burl No Audit
apkleaks 2.6.1 Scanning APK file for URIs, endpoints and secrets https://github.com/dwisiswant0/apkleaks No Audit
arjun 2.1.5 HTTP parameter discovery suite https://github.com/s0md3v/Arjun No Audit
asnlookup 0.1 Leverage ASN to look up IP addresses https://github.com/yassineaboukir/asnlookup No Audit
assetfinder 0.1.1 Find domains and subdomains https://github.com/tomnomnom/assetfinder No Audit
atlas 1.0 SQLMap Tamper Suggester https://github.com/m4ll0k/Atlas2 No Audit
atscan 17.0.1 Mass exploit scanner https://github.com/AlisamTechnology/ATSCAN No Audit
barmie 1.01 Java RMI enumeration and attack tool https://github.com/NickstaDB/BaRMIe No Audit
barq 0.1 AWS cloud post exploitation framework https://github.com/Voulnet/barq No Audit
bed 0.5 Brute exploit detector https://github.com/crunchsec/bed No Audit
bfac 1.4 Backup file artifacts checker tool https://github.com/mazen160/bfac No Audit
blacknurse 0.1 Blacknurse attack https://github.com/jedisct1/blacknurse No Audit
blackwidow 1.3 WebApp fuzz scanner https://github.com/1N3/BlackWidow No Audit
bolt 0.2.1 WebApp fuzz scanner https://github.com/s0md3v/Bolt No Audit
bounty targets data 04.13.2022 Data dumps of bug bounty platform https://github.com/arkadiyt/bounty-targets-data No Audit
breacher 0.1 Admin panel finder https://github.com/s0md3v/Breacher No Audit
brutespray 1.8.0 Brute forcing from Nmap output https://github.com/x90skysn3k/brutespray No Audit
cardpwn 1.4 OSINT tool to find breached credit cards info https://github.com/itsmehacker/CardPwn No Audit
cewl 5.5.1 Custom word list generator https://github.com/digininja/CeWL No Audit
chameleon 0.1 Evading proxy tool https://github.com/mdsecactivebreach/Chameleon No Audit
chaos client 0.2.0 Client to communicate with Chaos DNS API https://github.com/projectdiscovery/chaos-client No Audit
Cloud enum 0.7 Multi-cloud OSINT tool https://github.com/initstring/cloud_enum No Audit
cloudbrute 1.0.7 Find company infra-structure https://github.com/0xsha/CloudBrute No Audit
cloud list 1.0.0 multi cloud list tool https://github.com/projectdiscovery/cloudlist No Audit
cmseek 1.1.3 CMS Detection and Exploitation suite https://github.com/Tuhinshubhra/CMSeeK No Audit
commix 3.4.0 Command injection and exploitation tool https://github.com/commixproject/commix No Audit
corstest 0.1 CORS scanner https://github.com/RUB-NDS/CORStest No Audit
corsy 1.0 CORS scanner https://github.com/s0md3v/Corsy No Audit
cr3d0v3r 0.4.4 Credential reuse attacks tool https://github.com/D4Vinci/Cr3dOv3r No Audit
crlfuzz 1.4.1 CRLF vulnerability scanner https://github.com/dwisiswant0/crlfuzz No Audit
cupp 3.3.0 Common user passwords profiler https://github.com/Mebus/cupp No Audit
dalfox 2.7.4 XSS Scanning tool https://github.com/hahwul/dalfox No Audit
davtest 1.0 WebDAV tests tool https://code.google.com/archive/p/davtest/ No Audit
dirdar 1.0.0 searches for 403-Forbidden dirs to break https://github.com/M4DM0e/DirDar No Audit
dirsearch 0.4.2 Web path scanner https://github.com/maurosoria/dirsearch No Audit
dnsrecon 1.1.0 Perform multiple dns queries https://github.com/darkoperator/dnsrecon No Audit
dnswalk 2.0.2 DNS debugger http://dnswalk.sourceforge.net No Audit
domlink 0.2 Discover organisation name https://github.com/vysecurity/DomLink No Audit
dotdotpwn 3.0.2 Directory traversal fuzzer http://dotdotpwn.sectester.net No Audit
dsfs 0.2 File inclusion vulnerability scanner https://github.com/stamparm/DSFS No Audit
dsjs 0.2 JS vulnerability scanner https://github.com/stamparm/DSJS No Audit
dsss 0.3 SQLi Scanner https://github.com/stamparm/DSSS No Audit
dsxs 0.3 XSS scanner https://github.com/stamparm/DSXS No Audit
email2phonenumber 0.1 Phone number OSINT tool https://github.com/martinvigo/email2phonenumber No Audit
endlessh 1.1 SSH tarpit that slowly sends an endless banner https://github.com/skeeto/endlessh No Audit
enum4BSD 0.9.1 Enumerating data for Windows and SMB https://github.com/CiscoCXSecurity/enum4linux No Audit
ettu 0.1 Recursive DNS brute forcer https://github.com/tomnomnom/hacks/tree/master/ettu No Audit
evilginx2 2.0.4 MITM attack framework https://github.com/kgretzky/evilginx2 No Audit
evilurl 3.0 IDN homograph attack generator https://github.com/UndeadSec/EvilURL No Audit
exploit pattern 0.1 Pattern string for exploit dev https://github.com/Svenito/exploit-pattern No Audit
favfreak 1.0 Weaponizing favicon.ico https://github.com/devanshbatham/FavFreak No Audit
ffuf 1.4.1 Web fuzzer https://github.com/ffuf/ffuf No Audit
fuxploider 1.0 File upload vulnerability scanner https://github.com/almandin/fuxploider No Audit
gau 1.2.0 Fetch known URLs https://github.com/lc/gau No Audit
gf 0.1 Wrapper around grep https://github.com/tomnomnom/gf No Audit
gitdorker 1.1.3 Scrape secrets from GitHub https://github.com/obheda12/GitDorker No Audit
gitleaks 8.6.1 Audit git repos for secrets https://github.com/zricethezav/gitleaks No Audit
gmapsapiscanner 0.1 Used for determining whether a leaked/found Google Maps API Key is vulnerable https://github.com/ozguralp/gmapsapiscanner No Audit
gospider 1.1.6 Web spider https://github.com/jaeles-project/gospider No Audit
gowitness 2.3.6 Web screenshot utility https://github.com/sensepost/gowitness No Audit
openvas libraries 21.4.3 Greenbone vulnerability management Libs https://github.com/greenbone/gvm-libs No Audit
hakrawler 2.0 Web crawler https://github.com/hakluke/hakrawler No Audit
hashbuster 3.0 Crack hash in seconds. https://github.com/s0md3v/Hash-Buster No Audit
hostile subbruteforcer 1.0 Bruteforce for existing subdomains https://github.com/nahamsec/HostileSubBruteforcer No Audit
httprobe 0.1.2 Domains and probe for HTTP and HTTPS https://github.com/tomnomnom/httprobe No Audit
httpx 1.2.1 Multi-purpose HTTP toolki https://github.com/projectdiscovery/httpx No Audit
infoga 0.1.5 Email OSINT https://github.com/m4ll0k/Infoga No Audit
interlace 1.9.5 Automate pentest and bug bounty workflow https://github.com/codingo/Interlace No Audit
jaeles 0.17.0 Automate WebApp testing https://github.com/jaeles-project/jaeles No Audit
jaeles signatures 0.17.0 Jaeles signatures https://github.com/jaeles-project/jaeles-signatures No Audit
javasnoop 1.1 Intercept Java applications locally https://code.google.com/archive/p/javasnoop No Audit
joomscan 0.0.7 OWASP Joomla vulnerability scanner https://github.com/rezasp/joomscan No Audit
lazys3 1.0 Bruteforce for AWS s3 buckets https://github.com/nahamsec/lazys3 No Audit
lightspeed 0.1 Extract data through non-boolean blind sql injections https://github.com/tr3w/lightspeed No Audit
linkfinder 1.0 Find endpoints in JavaScript https://github.com/GerbenJavado/LinkFinder No Audit
masscan 1.3.2 Asynchronous TCP port scanner https://github.com/robertdavidgraham/masscan No Audit
massdns 1.0.1 Subdomain enumeration https://github.com/blechschmidt/massdns No Audit
medusa 2.2 Login brute-forcer https://github.com/jmk-foofus/medusa No Audit
metabigor 1.10 OSINT tool https://github.com/j3ssie/metabigor No Audit
metagoofil 2.2 Metadata harvester https://github.com/laramies/metagoofil No Audit
mobile nuclei 0.1 Template for mobile security assessments. https://github.com/optiv/mobile-nuclei-templates No Audit
nuclei 2.6.7 Configurable targeted scanning https://github.com/projectdiscovery/nuclei No Audit
one lin3r 2.1 One-liners that aids in penetration testing https://github.com/D4Vinci/One-Lin3r No Audit
paramspider 1.0 Mining parameters from dark corners https://github.com/devanshbatham/ParamSpider No Audit
parsero 0.81 Robot txt audit tool https://github.com/behindthefirewalls/Parsero No Audit
pf badhost 0.5 Bi-directional network filtering https://www.geoghegan.ca/pfbadhost.html No Audit
photon 1.3.2 Crawler for OSINT https://github.com/s0md3v/Photon No Audit
qrljacker 2.1.2 QRLJacking exploitation framework https://github.com/OWASP/QRLJacking No Audit
qsfuzz 1.0.2 Query string fuzz https://github.com/ameenmaali/qsfuzz No Audit
r3con1z3r 1.0.6 Web information gathering tool https://github.com/abdulgaphy/r3con1z3r No Audit
recon-ng 5.1.1 Open Source Intelligence gathering tool https://github.com/lanmaster53/recon-ng No Audit
reconnoitre 1.0 OSINT and service enumeration tool https://github.com/codingo/Reconnoitre No Audit
rsmangler 1.5 Wordlist mangling tool https://github.com/digininja/RSMangler No Audit
s3-bucketeers 0.1 AWS S3 bucket tool https://github.com/tomdev/teh_s3_bucketeers No Audit
sandcastle 1.2.4 AWS S3 bucket enumeration https://github.com/0xSearches/sandcastle No Audit
seclists 2022.1 Collection of multiple types of lists used during security assessments https://github.com/danielmiessler/SecLists No Audit
secret finder 0.1 Tool to find sensitive data https://github.com/m4ll0k/SecretFinder No Audit
sherlock 0.14.0 Hunt down social media accounts https://github.com/sherlock-project/sherlock No Audit
shhgit 0.2 Find GitHub secrets in real time https://github.com/eth0izzle/shhgit No Audit
shuffledns 1.0.7 Find GitHub secrets in real time https://github.com/projectdiscovery/shuffledns No Audit
sipvicious 0.3.4 Audit SIP based VoIP systems https://github.com/EnableSecurity/sipvicious No Audit
slowloris 0.2.3 Low bandwidth DoS tool https://github.com/gkbrk/slowloris No Audit
smbmap 1.8.2 SMB enumeration tool https://github.com/ShawnDEvans/smbmap No Audit
smtp user enum 1.2 SMTP user enum http://pentestmonkey.net No Audit
smuggler 0.1 HTTP Request Smuggling https://github.com/defparam/smuggler No Audit
snallygaster 0.0.12 Scan for secret files on HTTP servers https://github.com/hannob/snallygaster No Audit
social engineer toolkit 8.0.3 Social engineer toolkit https://github.com/trustedsec/social-engineer-toolkit No Audit
solidity 0.8.11 Smart Contract Programming Language https://github.com/ethereum/solidity No Audit
spiderfoot 4.0 OSINT collection and reconnaissance tool https://github.com/smicallef/spiderfoot No Audit
spoofcheck 0.1 Checks a domain for email protections https://github.com/BishopFox/spoofcheck No Audit
sql-anding 0.1 Extracting data tool for blind sql injections https://github.com/tr3w/sql-anding No Audit
ssrfmap 0.1 SSRF fuzzer exploitation tool https://github.com/swisskyrepo/SSRFmap No Audit
subfinder 2.5.1 Subdomain discovery tool https://github.com/subfinder/subfinder No Audit
subjs 1.0.1 Fetches jst file from a list of URLS https://github.com/lc/subjs No Audit
sublist3r 1.1 Subdomains enumeration tool https://github.com/aboul3la/Sublist3r No Audit
subscraper 2.2.1 DNS brute force https://github.com/m8r0wn/subscraper No Audit
takeover 0.2 Subdomain takeover vulnerability scanner https://github.com/m4ll0k/takeover No Audit
trufflehog 3.3.3 Searches through git repositories for secrets https://github.com/trufflesecurity/truffleHog No Audit
urlcrazy 0.5 Typo squatting tool https://morningstarsecurity.com/research/urlcrazy No Audit
urlhunter 0.1.1 Recon tool that allows searching on URLs that are exposed via shortener services https://github.com/utkusen/urlhunter No Audit
virtual host discovery 1.0 Enumerate virtual hosts https://github.com/jobertabma/virtual-host-discovery No Audit
vulnx 1.9 Shell injector for CMS https://github.com/anouarbensaad/vulnx No Audit
wafw00f 2.1.0 Fingerprint web application firewall https://github.com/EnableSecurity/wafw00f No Audit
waybackurls 0.0.2 Fetch URLs that Wayback Machine https://github.com/tomnomnom/waybackurls No Audit
weblogic scanner 0.1 Weblogic CVE vulnerability scanner https://github.com/0xn0ne/weblogicScanner No Audit
weevely3 4.0.1 Weaponized web shell https://github.com/epinna/weevely3 No Audit
wfuzz 3.1.0 Web application fuzzer https://github.com/xmendez/wfuzz No Audit
whatsapp media decrypt 0.1 Decrypt WhatsApp encrypted media files https://github.com/ddz/whatsapp-media-decrypt No Audit
wpbullet 0.1 Static code analysis for WordPress and PHP https://github.com/OWASP/wpBullet No Audit
xsstrike 3.1.5 XSS scanner https://github.com/s0md3v/XSStrike No Audit