In-depth attack surface mapping and asset discovery

w3af: web application attack and audit framework, the open source web vulnerability scanner.

A python script that finds endpoints in JavaScript files

The all-in-one browser extension for offensive security professionals 🛠

Network Infrastructure Penetration Testing Tool

🤖 The Modern Port Scanner 🤖

Automatically brute force all services running on a target.

A DNS meta-query spider that enumerates DNS records, and subdomains.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Fetch many paths for many hosts - without killing the hosts

The XSS Hunter service - a portable version of XSSHunter.com

A curated list of various bug bounty tools

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".

Fast web fuzzer written in Go

Web application fuzzer

⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Striker is an offensive information and vulnerability scanner.

Tools and Techniques for Red Team / Penetration Testing

Exploitation Framework for Embedded Devices

Detect and bypass web application firewalls and protection systems

hydra

Some setup scripts for security research tools.

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Dive into a handpicked selection of tools, guides, and tips tailored for beginners in Bug Bounty and Penetration Testing. 🐛🛡️

A collection of awesome penetration testing resources, tools and other shiny things

A collection of hacking tools, resources and references to practice ethical hacking.

A fast, simple, recursive content discovery tool written in Rust.

A collection of custom security tools for quick needs.

Web Application Security Scanner Framework

List of awesome penetration testing resources, tools and other shiny things