🔍 OSINT tool for searching people's digital footprint and leaked passwords across various social networks, written in Go.

Header Exploitation HTTP

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Fast passive subdomain enumeration tool.

A next-generation crawling and spidering framework.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

In-depth attack surface mapping and asset discovery

Automated All-in-One OS Command Injection Exploitation Tool.

🪄 XSSDynaGen is a tool designed to analyze URLs with parameters, identify the characters allowed by the server, and generate advanced XSS payloads based on the analysis results.

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Scan for misconfigured S3 buckets across S3-compatible APIs!

Automatic SQL injection and database takeover tool

Oty is a fast, customizable, CLI tool designed to streamline your Bug Bounty and Pentesting workflows. Powered by a simple yet flexible YAML based DSL, Oty allows you to integrate your tools into it

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

crawler for finding reflected parameters and reflecting special characters!

403Bypasser is a simple plugin that lets you bypass 403 status code by transforming HTTP requests with custom templates.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v…

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.