amass |
3.23.1 |
Attack surface mapping and asset discovery |
https://github.com/OWASP/Amass
|
No Audit |
anew |
0.1.1 |
Append lines from stdin to a file |
https://github.com/tomnomnom/anew
|
No Audit |
anti-burl |
0.1.0 |
Takes URLs on stdin, prints them to stdout if they return a 200 OK |
https://github.com/tomnomnom/hacks/tree/master/anti-burl
|
No Audit |
arjun |
2.2.1 |
HTTP parameter discovery suite |
https://github.com/s0md3v/Arjun
|
No Audit |
asnlookup |
0.1 |
Leverage ASN to look up IP addresses |
https://github.com/yassineaboukir/asnlookup
|
No Audit |
assetfinder |
0.1.1 |
Find domains and subdomains |
https://github.com/tomnomnom/assetfinder
|
No Audit |
atlas |
1.0 |
SQLMap Tamper Suggester |
https://github.com/m4ll0k/Atlas2
|
No Audit |
atscan |
17.0.1 |
Mass exploit scanner |
https://github.com/AlisamTechnology/ATSCAN
|
No Audit |
barmie |
1.01 |
Java RMI enumeration and attack tool |
https://github.com/NickstaDB/BaRMIe
|
No Audit |
barq |
0.1 |
AWS cloud post exploitation framework |
https://github.com/Voulnet/barq
|
No Audit |
bed |
0.5 |
Brute exploit detector |
https://github.com/crunchsec/bed
|
No Audit |
bfac |
1.4 |
Backup file artifacts checker tool |
https://github.com/mazen160/bfac
|
No Audit |
blacknurse |
0.1 |
Blacknurse attack |
https://github.com/jedisct1/blacknurse
|
No Audit |
blackwidow |
1.3 |
WebApp fuzz scanner |
https://github.com/1N3/BlackWidow
|
No Audit |
bolt |
0.2.1 |
WebApp fuzz scanner |
https://github.com/s0md3v/Bolt
|
No Audit |
bounty targets data |
04.13.2022 |
Data dumps of bug bounty platform |
https://github.com/arkadiyt/bounty-targets-data
|
No Audit |
breacher |
0.1 |
Admin panel finder |
https://github.com/s0md3v/Breacher
|
No Audit |
brutespray |
1.8.0 |
Brute forcing from Nmap output |
https://github.com/x90skysn3k/brutespray
|
No Audit |
cardpwn |
1.4 |
OSINT tool to find breached credit cards info |
https://github.com/itsmehacker/CardPwn
|
No Audit |
cewl |
5.5.1 |
Custom word list generator |
https://github.com/digininja/CeWL
|
No Audit |
cloudfox |
1.10.2 |
Cloud Penetration Testing |
https://github.com/BishopFox/cloudfox:w
|
No Audit |
cloud list |
1.0.2 |
multi cloud list tool |
https://github.com/projectdiscovery/cloudlist
|
No Audit |
cmseek |
1.1.3 |
CMS Detection and Exploitation suite |
https://github.com/Tuhinshubhra/CMSeeK
|
No Audit |
commix |
3.7 |
Command injection and exploitation tool |
https://github.com/commixproject/commix
|
No Audit |
corsy |
1.0 |
CORS scanner |
https://github.com/s0md3v/Corsy
|
No Audit |
cr3d0v3r |
0.4.4 |
Credential reuse attacks tool |
https://github.com/D4Vinci/Cr3dOv3r
|
No Audit |
crlfuzz |
1.4.1 |
CRLF vulnerability scanner |
https://github.com/dwisiswant0/crlfuzz
|
No Audit |
cupp |
3.3.0 |
Common user passwords profiler |
https://github.com/Mebus/cupp
|
No Audit |
dalfox |
2.9.0 |
XSS Scanning tool |
https://github.com/hahwul/dalfox
|
No Audit |
dirdar |
1.0.0 |
searches for 403-Forbidden dirs to break |
https://github.com/M4DM0e/DirDar
|
No Audit |
dirsearch |
0.4.3 |
Web path scanner |
https://github.com/maurosoria/dirsearch
|
No Audit |
dnsrecon |
1.1.3 |
Perform multiple dns queries |
https://github.com/darkoperator/dnsrecon
|
No Audit |
domlink |
0.2 |
Discover organisation name |
https://github.com/vysecurity/DomLink
|
No Audit |
dsfs |
0.2 |
File inclusion vulnerability scanner |
https://github.com/stamparm/DSFS
|
No Audit |
dsjs |
0.2 |
JS vulnerability scanner |
https://github.com/stamparm/DSJS
|
No Audit |
dsss |
0.3 |
SQLi Scanner |
https://github.com/stamparm/DSSS
|
No Audit |
dsxs |
0.3 |
XSS scanner |
https://github.com/stamparm/DSXS
|
No Audit |
endlessh |
1.1 |
SSH tarpit that slowly sends an endless banner |
https://github.com/skeeto/endlessh
|
No Audit |
enum4BSD |
0.9.1 |
Enumerating data for Windows and SMB |
https://github.com/CiscoCXSecurity/enum4linux
|
No Audit |
ettu |
0.1 |
Recursive DNS brute forcer |
https://github.com/tomnomnom/hacks/tree/master/ettu
|
No Audit |
evilginx2 |
2.0.4 |
MITM attack framework |
https://github.com/kgretzky/evilginx2
|
No Audit |
evilurl |
3.0 |
IDN homograph attack generator |
https://github.com/UndeadSec/EvilURL
|
No Audit |
exploit pattern |
0.1 |
Pattern string for exploit dev |
https://github.com/Svenito/exploit-pattern
|
No Audit |
ffuf |
2.0.0 |
Web fuzzer |
https://github.com/ffuf/ffuf
|
No Audit |
fuxploider |
1.0 |
File upload vulnerability scanner |
https://github.com/almandin/fuxploider
|
No Audit |
gau |
2.1.2 |
Fetch known URLs |
https://github.com/lc/gau
|
No Audit |
gf |
0.1 |
Wrapper around grep |
https://github.com/tomnomnom/gf
|
No Audit |
gitleaks |
8.16.2 |
Audit git repos for secrets |
https://github.com/zricethezav/gitleaks
|
No Audit |
gmapsapiscanner |
0.1 |
Used for determining whether a leaked/found Google Maps API Key is vulnerable |
https://github.com/ozguralp/gmapsapiscanner
|
No Audit |
gospider |
1.1.6 |
Web spider |
https://github.com/jaeles-project/gospider
|
No Audit |
gowitness |
2.4.2 |
Web screenshot utility |
https://github.com/sensepost/gowitness
|
No Audit |
openvas libraries |
21.4.3 |
Greenbone vulnerability management Libs |
https://github.com/greenbone/gvm-libs
|
No Audit |
hashbuster |
3.0 |
Crack hash in seconds. |
https://github.com/s0md3v/Hash-Buster
|
No Audit |
httprobe |
0.1.2 |
Domains and probe for HTTP and HTTPS |
https://github.com/tomnomnom/httprobe
|
No Audit |
httpx |
1.3.0 |
Multi-purpose HTTP toolki |
https://github.com/projectdiscovery/httpx
|
No Audit |
infoga |
0.1.5 |
Email OSINT |
https://github.com/m4ll0k/Infoga
|
No Audit |
jaeles |
0.17.0 |
Automate WebApp testing |
https://github.com/jaeles-project/jaeles
|
No Audit |
jaeles signatures |
0.17.0 |
Jaeles signatures |
https://github.com/jaeles-project/jaeles-signatures
|
No Audit |
joomscan |
0.0.7 |
OWASP Joomla vulnerability scanner |
https://github.com/rezasp/joomscan
|
No Audit |
lightspeed |
0.1 |
Extract data through non-boolean blind sql injections |
https://github.com/tr3w/lightspeed
|
No Audit |
linkfinder |
1.0 |
Find endpoints in JavaScript |
https://github.com/GerbenJavado/LinkFinder
|
No Audit |
masscan |
1.3.2 |
Asynchronous TCP port scanner |
https://github.com/robertdavidgraham/masscan
|
No Audit |
massdns |
1.0.1 |
Subdomain enumeration |
https://github.com/blechschmidt/massdns
|
No Audit |
medusa |
2.2 |
Login brute-forcer |
https://github.com/jmk-foofus/medusa
|
No Audit |
metasploit framework |
6.3.12 |
Metasploit Framework |
https://github.com/rapid7/metasploit-framework
|
No Audit |
nuclei |
2.9.1 |
Configurable targeted scanning |
https://github.com/projectdiscovery/nuclei
|
No Audit |
one lin3r |
2.1 |
One-liners that aids in penetration testing |
https://github.com/D4Vinci/One-Lin3r
|
No Audit |
parsero |
0.81 |
Robot txt audit tool |
https://github.com/behindthefirewalls/Parsero
|
No Audit |
pf badhost |
0.5 |
Bi-directional network filtering |
https://www.geoghegan.ca/pfbadhost.html
|
No Audit |
photon |
1.3.2 |
Crawler for OSINT |
https://github.com/s0md3v/Photon
|
No Audit |
qsfuzz |
1.0.2 |
Query string fuzz |
https://github.com/ameenmaali/qsfuzz
|
No Audit |
recon-ng |
5.1.1 |
Open Source Intelligence gathering tool |
https://github.com/lanmaster53/recon-ng
|
No Audit |
reconnoitre |
1.0 |
OSINT and service enumeration tool |
https://github.com/codingo/Reconnoitre
|
No Audit |
rsmangler |
1.5 |
Wordlist mangling tool |
https://github.com/digininja/RSMangler
|
No Audit |
sandcastle |
1.2.4 |
AWS S3 bucket enumeration |
https://github.com/0xSearches/sandcastle
|
No Audit |
seclists |
2023.1 |
Collection of multiple types of lists used during security assessments |
https://github.com/danielmiessler/SecLists
|
No Audit |
secret finder |
0.1 |
Tool to find sensitive data |
https://github.com/m4ll0k/SecretFinder
|
No Audit |
sherlock |
0.14.3 |
Hunt down social media accounts |
https://github.com/sherlock-project/sherlock
|
No Audit |
sipvicious |
0.3.4 |
Audit SIP based VoIP systems |
https://github.com/EnableSecurity/sipvicious
|
No Audit |
slowloris |
0.2.3 |
Low bandwidth DoS tool |
https://github.com/gkbrk/slowloris
|
No Audit |
smbmap |
1.8.2 |
SMB enumeration tool |
https://github.com/ShawnDEvans/smbmap
|
No Audit |
smtp user enum |
1.2 |
SMTP user enum |
http://pentestmonkey.net
|
No Audit |
smuggler |
0.1 |
HTTP Request Smuggling |
https://github.com/defparam/smuggler
|
No Audit |
snallygaster |
0.0.12 |
Scan for secret files on HTTP servers |
https://github.com/hannob/snallygaster
|
No Audit |
social engineer toolkit |
8.0.3 |
Social engineer toolkit |
https://github.com/trustedsec/social-engineer-toolkit
|
No Audit |
solidity |
0.8.19 |
Smart Contract Programming Language |
https://github.com/ethereum/solidity
|
No Audit |
spiderfoot |
4.0 |
OSINT collection and reconnaissance tool |
https://github.com/smicallef/spiderfoot
|
No Audit |
spoofcheck |
0.1 |
Checks a domain for email protections |
https://github.com/BishopFox/spoofcheck
|
No Audit |
sql-anding |
0.1 |
Extracting data tool for blind sql injections |
https://github.com/tr3w/sql-anding
|
No Audit |
subfinder |
2.5.7 |
Subdomain discovery tool |
https://github.com/subfinder/subfinder
|
No Audit |
subjs |
1.0.1 |
Fetches jst file from a list of URLS |
https://github.com/lc/subjs
|
No Audit |
sublist3r |
1.1 |
Subdomains enumeration tool |
https://github.com/aboul3la/Sublist3r
|
No Audit |
takeover |
0.2 |
Subdomain takeover vulnerability scanner |
https://github.com/m4ll0k/takeover
|
No Audit |
trufflehog |
3.31.5 |
Searches through git repositories for secrets |
https://github.com/trufflesecurity/truffleHog
|
No Audit |
urlcrazy |
0.5 |
Typo squatting tool |
https://morningstarsecurity.com/research/urlcrazy
|
No Audit |
vulnx |
1.9 |
Shell injector for CMS |
https://github.com/anouarbensaad/vulnx
|
No Audit |
wafw00f |
2.1.0 |
Fingerprint web application firewall |
https://github.com/EnableSecurity/wafw00f
|
No Audit |
waybackurls |
0.1.0 |
Fetch URLs that Wayback Machine |
https://github.com/tomnomnom/waybackurls
|
No Audit |
weevely3 |
4.0.1 |
Weaponized web shell |
https://github.com/epinna/weevely3
|
No Audit |
wfuzz |
3.1.0 |
Web application fuzzer |
https://github.com/xmendez/wfuzz
|
No Audit |
xsstrike |
3.1.5 |
XSS scanner |
https://github.com/s0md3v/XSStrike
|
No Audit |