0rgis

ladder

Selfhosted alternative to 12ft.io. and 1ft.io bypass paywalls with a proxy ladder and remove CORS headers from any URL

GitTools

A repository with 3 tools for pwn'ing websites with .git repositories available

fuzzing

Tutorials, examples, discussions, research proposals, and other resources related to fuzzing

thc-tips-tricks-hacks-cheat-sheet

Various tips & tricks

FreeWifi

How to get free wifi.

CloudFlair

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

cariddi

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript

gasmask

Information gathering tool - OSINT

GAP-Burp-Extension

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

webcopilot

An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.

CMSmap

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

ScrapedIn

A tool to scrape LinkedIn without API restrictions for data reconnaissance

Penetration-List

Penetration-List: A comprehensive resource for testers, covering all types of vulnerabilities and materials used in Penetration Testing. Includes payloads, dorks, fuzzing materials, and offers in-depth theory sections. Visit our Medium profile for more information.

alfred

Alfred is a advanced OSINT information gathering tool that finds social media accounts based on inputs.

mantra

「🔑」A tool used to hunt down API key leaks in JS files and pages

CRLFsuite

The most powerful CRLF injection (HTTP Response Splitting) scanner.

BruteXSS

BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI for more convienience.

tartufo

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

kxss

This a adaption of tomnomnom's kxss tool with a different output format

WebHacking101

Web-App-Hacking-Notes

Hacking-APIs

porch-pirate

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.

xss_vibes

A modern tool written in Python that automates your xss findings.

scan-for-webcams

scan for webcams on the internet

bxss

DeHashed-API-Tool

A command-line tool to query the DeHashed API. Easily search for various parameters like usernames, emails, hashed passwords, IP addresses, and more.

css-tutorials

fetchmeurls

A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors (XSS, Nuclei, SQLi etc...)

crtsh

A Python Script to Get Subdomain using https://crt.sh