A Workflow Engine for Offensive Security

Cameradar hacks its way into RTSP videosurveillance cameras

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

🔪 Leak git repositories from misconfigured websites

An HTTP/HTTPS intercept proxy written in Go.

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Idiomatic nmap library for go developers

Statically-linked ssh server with reverse shell functionality for CTFs and such

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Gorsair gives root access on remote docker containers that expose their APIs

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

A rapid API for the Project Sonar dataset

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Black box fuzzer for web applications

PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.

Second-order subdomain takeover scanner

Find cloud assets that no one wants exposed 🔎 ☁️

✂️ Removing CDN IPs from the list of IP addresses