Automate
Awesome Bug bounty builder Project
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
Incredibly fast crawler designed for OSINT.
🕸️ Audit tool to find common vulnerabilities in PHP source code
A simple Python command-line app for sending test messages using a range of parameters (port, SSL, TLS, auth, etc.)
Directory/File, DNS and VHost busting tool written in Go
GG Dorking is a tool to generate GitHub and Google dorking for pentesters and bug bounty hunters.
A simple script just made for self use for bypassing 403
A python script that finds endpoints in JavaScript files
This is go CLI tool for send fast Multiple get HTTP request.
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
URL scanner for recon, vulnerabilities, secrets and more!
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
A repository with 3 tools for pwn'ing websites with .git repositories available
Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
It grep subdomains, email/username, build custom wordlist etc from gau results
This is where I share code/material shown in my videos
Subdomain Takeover Scanner | Subdomain Takeover Tool | by 0x94
Collection of methodology and test case for various web vulnerabilities.
Useful Google Dorks for WebSecurity and Bug Bounty