bbhunter

unblob

Extract files from any kind of container formats

sherlock

🔎 Find usernames across social networks

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

rengine

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.

alterx

Fast and customizable subdomain wordlist generator using DSL

arsenal

Arsenal is just a quick inventory and launcher for hacking programs

cloudfox

Automating situational awareness for cloud penetration tests.

cook

A chef for your personal wordlists.

dnsmonster

Passive DNS Capture/Monitoring Framework

Enigma

This is a fork of cuchaz's engima, a deobfuscation/remapping tool for Java software.

fickling

A Python pickling decompiler and static analyzer

flameshot

Powerful yet simple to use screenshot software :desktop_computer: :camera_flash:

fq

jq for binary formats

graphw00f

graphw00f is Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

interactsh

An OOB interaction gathering server and client library

jsoncrack.com

🔮 Seamlessly visualize your JSON data instantly into graphs; paste, import or fetch!

knife

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

ligolo-ng

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels

orgs-data

A mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations

ostorlab

Ostorlab is security scanning platform that enables running complex security scanning tasks involving multiple tools in an easy, scalable and distributed way.

PoC_CVEs

PoC_CVEs

pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

probable_subdomains

Subdomains analysis and generation tool. Reveal the hidden!

remote-method-guesser

Tool for Java RMI enumeration and bruteforce of remote methods

s3-account-search

S3 Account Search

semgrep-rules

A collection of my Semgrep rules to facilitate vulnerability research.

shhnjk.github.io

theHarvester

E-mails, subdomains and names Harvester - OSINT

VulnerableApp

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.