Vulnpire

bounty-search-engine

This search engine automates the discovery of sensitive information using customized dorks across GitHub, Google, and Shodan.

Arsenal

Collection of tools, scripts, one-liners, templates, dorks and more

dominator

Detect potential vulnerabilities by analyzing inline JavaScript in web pages

Reclaim

Identify potential subdomain takeover vulnerabilities by checking CNAME records and verifying exploitability through HTTP responses

sXtract

Fetch IP addresses from Shodan search results.

Vulnpire

Wraith

Hakrawler with more features

gcpenum

Scan GCS buckets for existence and accessibility

getasn

Retrieves ASN numbers for a given domain or organization name

GoLinkFinder

A fast and minimal JS endpoint extractor

HexDox

Identify potential dependency confusion risks by scanning package.json files

cXtract

Extracts hidden subdomains and IPs from cloud data

Seekr

URL Scanning and Regex Search Tool

albumprinter.github.io

test

banner-scanner

detects services running on target ports and extracts banners

CVE-2020-1938

cyber-distro-repos

dtoconv

converts domain names into their respective organization names

finn-no.github.io

jsecret

jshunter

JShunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for developers and security researchers.

lostools

msforce

MySQL brute-forcing utility

poc

ReplFuzz

Scan URLs for vulnerabilities by injecting custom payloads into parameters

SQLFuzz

ssweep

subowner

SubOwner - A Simple tool check for subdomain takeovers.

takeover.github.io

subdomain takeover tests

wordpress-audit-automation

Scripts to download every Wordpress plugin (updated in the last 2 years) and run Semgrep over the lot of it while storing output in a database.