Automate
A fast, simple, recursive content discovery tool written in Rust.
Fetch all the URLs that the Wayback Machine knows about for a domain
A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively.
Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files.
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Nuclei Templates - Here you will find the templates I use while hunting
An OOB interaction gathering server and client library
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
Automatic SQL injection and database takeover tool
Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
kadimus is a tool to check and exploit lfi vulnerability.
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
This is a python wrapper around the amazing KNOXSS API by Brute Logic
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
Never forget where you inject.
crawls the website and finds broken social media links that can be hijacked
Generate tens of thousands of subdomain combinations in a matter of seconds