Stars
Software to identify the different types of hashes used to encrypt data and especially passwords
Directory/File, DNS and VHost busting tool written in Go
Find, verify, and analyze leaked credentials
Fetches javascript file from a list of URLS or subdomains.
A python script that finds endpoints in JavaScript files
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
List of Google Dorks for sites that have responsible disclosure program / bug bounty program
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
PowerSploit - A PowerShell Post-Exploitation Framework
β‘ Perform subdomain enumeration using the certificate transparency logs from Censys.
Unpack a JavaScript Source Map back into filesystem structure
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discoveβ¦
Accept URLs on stdin, replace all query string values with a user-supplied value
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
A collection of custom security tools for quick needs.
S3 bucket finder from html,js and bucket misconfiguration testing tool
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Automatic SSRF fuzzer and exploitation tool
Cross Origin Resource Sharing MisConfiguration Scanner