0xceeb

awvs_script_decode

解密好的AWVS10.5 data/script/目录下的脚本

slurp

S3 bucket enumerator

GitDorker

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

massprint

A tool to do basic fingerprinting across a large number of hosts

secret-url-finder

Python script to find URLs that could contain secrets

flumberboozle

Suite of programs meant to aid in bug hunting and security assessments

cidrToIps

reads a list of IP ranges in CIDR notation and prints the individual IP addresses.

degoogle

search Google and extract results directly. skip all the click-through links and other sketchiness

urlgrab

A golang utility to spider through a website searching for additional links.

massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

urldedupe

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Gf-Patterns

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

pyfiscan

Free web-application vulnerability and version scanner

OneForAll

OneForAll是一款功能强大的子域收集工具

axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

git-scanner

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

uriDeep

Unicode encoding attacks with machine learning

aws

A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.

s3recon

Amazon S3 bucket finder and crawler.

FavFreak

Making Favicon.ico based Recon Great again !

awesome-cve-poc

✍️ A curated list of CVE PoCs.

UltimateCMSWordlists

📚 An ultimate collection wordlists of the best-known CMS

subdomainsEnumerator

A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.

wordpress_plugin_security_testing_cheat_sheet

WordPress Plugin Security Testing Cheat Sheet

gron

Make JSON greppable!

HowToHunt

Collection of methodology and test case for various web vulnerabilities.

Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

gh

NoXss

Faster xss scanner,support reflected-xss and dom-xss