proabiral

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

LinEnum

Scripted Local Linux Enumeration & Privilege Escalation Checks

GitDorker

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

pwncat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

puredns

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

reflector

Burp plugin able to find reflected XSS on page in real-time while browsing on site

bruteforce-lists

Some files for bruteforcing certain things.

singularity

A DNS rebinding attack framework.

leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

dnsgen

Generates combination of domain names from the provided input.

can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones

stunner

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

wappalyzergo

A high performance go implementation of Wappalyzer Technology Detection Library

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

bugbounty

Bugbounty Resources

surf

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

samlists

Free, libre, effective, and data-driven wordlists for all!

TrustTrees

A Tool for DNS Delegation Trust Graphing

kubernetes-learning-path

https://azure.microsoft.com/en-us/resources/kubernetes-learning-path/

batchql

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

regulator

Automated learning of regexes for DNS discovery

OSCP-Prep-cheatsheet

template-generator

A simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates.

goaltdns

A permutation generation tool written in golang

dsieve

Filter and enrich a list of subdomains by level

Lilly

Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.

dnspy

Find subdomains and takeovers.