cosad3s

postleaks

Search for sensitive data in Postman public library.

hfinder

Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE

CVE-2022-35914-poc

subscout

All-in-one subdomains scout tool Docker image

magtek-card-reader

Read Triple-track Magnetic Stripe Card from Magtek Swipe Card Reader

jappalyzer

A Java implementation of the Wappalyzer.

njsdump

Dump paths & pages from Next.js Manifest

related-domains

Find related domains of a given domain.

sret

Salesforce Recon and Exploitation Toolkit

badPods

A collection of manifests that will create pods with elevated privileges.

cosad3s

DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

graphql-introspection-converter

Simple converter for GraphQL introspection JSON to schema

SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

ApacheTomcatScanner

A python script to scan for Apache Tomcat server vulnerabilities.

badsecrets

A library for detecting known secrets across many web frameworks

gql-generator

Generate queries from graphql schema, used for writing api test.

hacktricks-cloud

netscan

Network scanner

puncia

The Panthera(P.)uncia of Cybersecurity - Subdomain & Exploit Hunter powered by AI

sessionless

SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens

tapestry4-examples-docker

Working Apache Tapestry 4 examples on Apache Tomcat embedded in Docker image

wappalyzer

HTTP Archive fork of Wappalyzer