slooppe

Anubis

Subdomain enumeration and information gathering tool

AuthzAI

baddns

Check subdomains for subdomain takeovers and other DNS tomfoolery

bbmon

web app monitoring automation

bbot

The recursive internet scanner for hackers. 🧡

cent

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

dead-domain-discovery

This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

deepdarkCTI

Collection of Cyber Threat Intelligence sources from the deep and dark web

FindMeAccess

garak

the LLM vulnerability scanner

giskard

🐢 Open-Source Evaluation & Testing for AI & LLM systems

httptap

View HTTP/HTTPS requests made by any Linux program

JShunter

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

jsluicepp

jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice

misconfig-mapper

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

msftrecon

nmap-formatter

A tool that allows you to convert NMAP results to html, csv, json, markdown. Simply put it's nmap converter.

nmapurls

Nmapurls parses Nmap xml reports from either piped input or command line arg and outputs a list of http(s) URL's to be used in an automation pipeline.

Ransomware-Tool-Matrix

A resource containing all the tools each ransomware gangs uses

slooppe.github.io

Subdominator2

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

subwords

Extract most frequent words in a list of subdomains

The-CTI-Research-Guide

A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners

urlfinder

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

vhost-fuzzer

Tool to fuzz for interesting vhost.

wappalyzer-next

wappalyzer alternative based on wappalyzer browser extension

whoxyrm

A reverse whois tool based on Whoxy API.

writehat

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

xnldorker

Gather results of dorks across a number of search engines