Stoinskii's Stars
xnl-h4ck3r/waymore
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
ticarpi/jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
LasCC/HackTools
The all-in-one browser extension for offensive security professionals 🛠
projectdiscovery/katana
A next-generation crawling and spidering framework.
projectdiscovery/interactsh
An OOB interaction gathering server and client library
tomnomnom/meg
Fetch many paths for many hosts - without killing the hosts
projectdiscovery/chaos-client
Go client to communicate with Chaos DB API.
tiagorlampert/CHAOS
:fire: CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.
hakluke/hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
arch3rPro/PentestTools
Awesome Pentest Tools Collection
lc/gau
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
honoki/bbrf-dashboard
honoki/bbrf-server
The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices
sharkdp/bat
A cat(1) clone with wings.
tomnomnom/hacks
A collection of hacks and one-off scripts
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
projectdiscovery/dnsx
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
swisskyrepo/SSRFmap
Automatic SSRF fuzzer and exploitation tool
stamparm/maltrail
Malicious traffic detection system
YashGoti/crtsh
A Python Script to Get Subdomain using https://crt.sh
projectdiscovery/naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
streaak/keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
gwen001/keyhacks.sh
Automation of tokens/api keys testing.
Dewalt-arch/pimpmykali
Kali Linux Fixes for Newly Imported VM's
diablo-101/403-bypass
EdOverflow/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Bitwise-01/FleX
A Simple C&C Server Written In Python
Orange-Cyberdefense/GOAD
game of active directory
blxckarch/OffSec
j4k0xb/webcrack
Deobfuscate obfuscator.io, unminify and unpack bundled javascript