Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 2, and other large language models.

🌸 A command-line fuzzy finder

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

jq for binary formats - tool, language and decoders for working with binary and text formats

A vulnerability scanner for container images and filesystems

Go security checker

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

A Workflow Engine for Offensive Security

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Commandline tool for running SQL queries against JSON, CSV, Excel, Parquet, and more.

Fetch all the URLs that the Wayback Machine knows about for a domain

Scan for misconfigured S3 buckets across S3-compatible APIs!

The Swiss Army knife for automated Web Application Testing

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

iOS/macOS Research Swiss Army Knife

A wrapper around grep, to help you grep for things

Navigate the CVE jungle with ease.

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Extract URLs, paths, secrets, and other interesting bits from JavaScript

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

Pull out bits of URLs provided on stdin

Awesome cloud enumerator

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

A utility to detect various technology for a given IP address.

Accept URLs on stdin, replace all query string values with a user-supplied value

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security teste…

Fetches javascript file from a list of URLS or subdomains.