Asset inventory of over 800 public bug bounty programs.

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

Supershell C2 远控平台，基于反向SSH隧道获取完全交互式Shell

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

A utility to convert your AWS CLI credentials into AWS console access.

TCP tunneling over HTTP/HTTPS for web application servers

Discover Your Attack Surface!

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Most advanced XSS scanner.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform

A tool to capture all the git secrets by leveraging multiple open source git searching tools

Prevents you from committing secrets and credentials into git repositories

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities