bbhunter

unblob

Extract files from any kind of container formats

dnsrecon

DNS Enumeration Script

RustScan

Faster Nmap Scanning with Rust

activity-trail-log

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.

agartha

a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation and more.

Checklists

Pentesting checklists for various engagements

crAPI

completely ridiculous API (crAPI)

developer-roadmap

Roadmap to becoming a web developer in 2021

dnsline

Tool for making it easy to collect dns results from the CLI

find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)

fleex

Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.

fuzz.txt

Potentially dangerous files

go-ethereum

Official Go implementation of the Ethereum protocol

ivre

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

jsoncrack.com

🔮 Seamlessly visualize your JSON data instantly into graphs; paste, import or fetch!

jwt-secrets

Max

Maximizing BloodHound. Max is a good boy.

Photon

Incredibly fast crawler designed for OSINT.

pimpmykali

Kali Linux Fixes for Newly Imported VM's

pyOracle2

A python-based padding oracle tool

reFlutter-1

Flutter Reverse Engineering Framework

security-apis

A collective list of public JSON APIs for use in security. Contributions welcome

security-tools

Collection of small security tools created mostly in Python. CTFs, pentests and so on

snapback

HTTP(s) Screenshots for Pen Testers Who Value Their Time

Spoofy

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

url-tracker

Change monitoring app that checks the content of web pages in different periods.

VAmPI

Vulnerable REST API with OWASP top 10 vulnerabilities for APIs

Web-Security-Academy-Series

WEF

Wi-Fi Exploitation Framework

werdlists

:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases