proabiral

inception

A highly configurable Framework for easy automated web scanning

Fresh-Resolvers

List of Hourly Updated Fresh DNS resolvers

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

dnsvalidator

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

AwesomeXSS

Awesome XSS stuff

shuffledns

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.

subfinder

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

1lastBr3ath.github.io

aquatone

A Tool for Domain Flyovers

awesome-bug-bounty

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

awesome-hacking

A curated list of awesome Hacking tutorials, tools and resources

Awesome-Hacking-1

A collection of awesome lists for hackers, pentesters & security researchers.

bbscope

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

CVE-2023-6875

CVE-2023-6875 PoC

dirsearch

Web path scanner

dnsutil

dns dig for golang

dvcs-ripper

Rip web accessible (distributed) version control systems: SVN/GIT/HG...

gitGraber

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

go-github

Go library for accessing the GitHub API

gorequest

GoRequest -- Simplified HTTP client ( inspired by nodejs SuperAgent )

h1-212-ctf-solutions

A collection of the solutions people wrote for the H1-212 Capture The Flag event

infer

A static analyzer for Java, C, C++, and Objective-C

Keye

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a list of URLs, it will make a request to these URLs and try to detect changes based on their response's content length.

mass-s3-bucket-tester

This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable

reflector

Burp plugin able to find reflected XSS on page in real-time while browsing on site

SecLists

SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

Security-Research

Exploits written by the Rhino Security Labs team

snallygaster

Tool to scan for secret files on HTTP servers

vercel-app

whonow

A malicious DNS server for executing DNS Rebinding attacks on the fly