A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting


Family project


Table of Contents



TypesArmy-Knife Proxy Recon Fuzzer Scanner Exploit Env Utils Etc
Tagsinfra live-audit mitmproxy crawl pentest subdomains domain url dns port osint apk portscan endpoint param online takeover graphql ssrf cache-vuln jwt crlf path-traversal dependency-confusion s3 broken-link xss oast smuggle 403 ssl sqli cors aaa csp exploit lfi xxe rop RMI blind-xss nuclei-templates fuzz zipbomb wordlist documents darkmode report payload notify deserialize http clipboard cookie diff web3
LangsShell Go Java Ruby Python Rust JavaScript C Kotlin Perl TypeScript BlitzBasic CSS C++ Txt PHP C# HTML


Army-KnifeaxiomA dynamic infrastructure toolkit for red teamers and bug bounty hunters!infralinuxmacoswindowsShell
Army-KnifejaelesThe Swiss Army knife for automated Web Application Testinglive-auditlinuxmacoswindowsGo
Army-KnifeZAPThe OWASP ZAP core projectmitmproxy live-audit crawllinuxmacoswindowszapJava
Army-KnifeMetasploitThe world’s most used penetration testing frameworkpentestlinuxmacoswindowsRuby
Army-KnifeBurpSuiteThe BurpSuite Projectmitmproxy live-audit crawllinuxmacoswindowsburpJava
ProxyGlorpA CLI-based HTTP intercept and replay proxymitmproxylinuxmacoswindowsGo
ProxymitmproxyAn interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.mitmproxylinuxmacoswindowsPython
ProxyproxifySwiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replaymitmproxylinuxmacoswindowsGo
ProxyEvilProxyA ruby http/https proxy to do EVIL things.mitmproxylinuxmacoswindowsRuby
ProxyhettyHetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.mitmproxylinuxmacoswindowsGo
ProxyCaidoA lightweight web security auditing toolkitmitmproxylinuxmacoswindowsRust
ProxyEcho MirageA generic network proxy that uses DLL injection to capture and alter TCP traffic.mitmproxywindows
Reconsubs_allSubdomain Enumeration Wordlist. 8956437 unique words. Updated.subdomainslinuxmacoswindows
ReconaquatoneA Tool for Domain FlyoversdomainlinuxmacoswindowsGo
Reconcc.pyExtracting URLs of a specific target based on the results of “commoncrawl.org”urllinuxmacoswindowsPython
ReconzdnsFast CLI DNS Lookup TooldnslinuxmacoswindowsGo
ReconSilverMass scan IPs for vulnerable servicesportlinuxmacoswindowsPython
Reconscilla🏴‍☠️ Information Gathering tool 🏴‍☠️ dns/subdomain/port enumerationlinuxmacoswindowsGo
ReconFavFreakMaking Favicon.ico based Recon Great again !linuxmacoswindowsPython
ReconrenginereNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.linuxmacoswindowsJavaScript
ReconHunt3rMade your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance frameworklinuxmacoswindowsRuby
RecondirsearchWeb path scannerlinuxmacoswindowsPython
ReconspiderfootSpiderFoot automates OSINT collection so that you can focus on analysis.osintlinuxmacoswindowsPython
RecondnsvalidatorMaintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.dnslinuxmacoswindowsPython
ReconapkleaksScanning APK file for URIs, endpoints & secrets.apklinuxmacoswindowsPython
ReconSublist3rFast subdomains enumeration tool for penetration testerssubdomainslinuxmacoswindowsPython
ReconBLUTODNS Analysis TooldnslinuxmacoswindowsPython
Reconchaos-clientGo client to communicate with Chaos DNS API.linuxmacoswindowsGo
ReconmasscanTCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.portscanlinuxmacoswindowsC
Reconintrigue-coreDiscover Your Attack SurfacelinuxmacoswindowsRuby
ReconcrawlergoA powerful browser crawler for web vulnerability scannerscrawllinuxmacoswindowsGo
ReconxnLinkFinderA python tool used to discover endpoints (and potential parameters) for a given targetlinuxmacoswindowsPython
Reconhttpxhttpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.urllinuxmacoswindowsGo
RecongitrobReconnaissance tool for GitHub organizationslinuxmacoswindowsGo
ReconArjunHTTP parameter discovery suite.paramlinuxmacoswindowsPython
ReconJSFScan.shAutomation for javascript recon in bug bounty.linuxmacoswindowsShell
RecongauFetch known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl.urllinuxmacoswindowsGo
ReconGitMinerTool for advanced mining for content on GithublinuxmacoswindowsPython
ReconCT_subdomainsAn hourly updated list of subdomains gathered from certificate transparency logssubdomainslinuxmacoswindows
ReconSTEWSA Security Tool for Enumerating WebSocketslinuxmacoswindowsPython
ReconParthHeuristic Vulnerable Parameter ScannerparamlinuxmacoswindowsPython
ReconDNSDumpsterOnline dns recon & research, find & lookup dns recordsdns onlinelinuxmacoswindows
ReconwaybackurlsFetch all the URLs that the Wayback Machine knows about for a domainurllinuxmacoswindowsGo
RecongospiderGospider - Fast web spider written in GocrawllinuxmacoswindowsGo
ReconkatanaA next-generation crawling and spidering framework.crawllinuxmacoswindowsGo
ReconlazyreconThis script is intended to automate your reconnaissance process in an organized fashionlinuxmacoswindowsShell
ReconLinkFinderA python script that finds endpoints in JavaScript fileslinuxmacoswindowsPython
ReconOsmedeusFully automated offensive security framework for reconnaissance and vulnerability scanninglinuxmacoswindowsGo
Reconsn0intSemi-automatic OSINT framework and package managerosintlinuxmacoswindowsRust
ReconSub404A python tool to check subdomain takeover vulnerabilitysubdomains takeoverlinuxmacoswindowsGo
ReconrusolverFast and accurate DNS resolver.dnslinuxmacoswindowsRust
ReconhtcatParallel and Pipelined HTTP GET UtilitylinuxmacoswindowsGo
ReconhaktrailsGolang client for querying SecurityTrails API datalinuxmacoswindowsGo
ReconSecurityTrailsOnline dns / subdomain / recon toolsubdomains onlinelinuxmacoswindows
ReconcariddiTake a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and morecrawllinuxmacoswindowsGo
Reconx8Hidden parameters discovery suitelinuxmacoswindowsRust
ReconreconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilitieslinuxmacoswindowsShell
ReconuncoverQuickly discover exposed hosts on the internet using multiple search engine.linuxmacoswindowsGo
Recongo-dorkThe fastest dork scanner written in Go.linuxmacoswindowsGo
RecondnsprobeDNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.dnslinuxmacoswindowsGo
ReconfhcFast HTTP Checker.linuxmacoswindowsRust
Reconurodeclutters url lists for crawling/pentestingurllinuxmacoswindowsPython
Recongoverviewgoverview - Get an overview of the list of URLsurllinuxmacoswindowsGo
ReconRustScanFaster Nmap Scanning with RustportscanlinuxmacoswindowsRust
ReconhakrawlerSimple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web applicationcrawllinuxmacoswindowsGo
ReconknockKnock Subdomain ScansubdomainslinuxmacoswindowsPython
Recongowitness🔍 gowitness - a golang, web screenshot utility using Chrome HeadlesslinuxmacoswindowsGo
ReconSecretFinderSecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript fileslinuxmacoswindowsPython
ReconHydraReconAll In One, Fast, Easy Recon ToollinuxmacoswindowsPython
ReconnaabuA fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentestsportscanlinuxmacoswindowsGo
ReconChaos Webactively scan and maintain internet-wide assets’ data. enhance research and analyse changes around DNS for better insights.linuxmacoswindows
Recongithub-endpointsFind endpoints on GitHub.linuxmacoswindowsGo
ReconparamethThis tool can be used to brute discover GET and POST parameterslinuxmacoswindowsPython
ReconmegFetch many paths for many hosts - without killing the hostslinuxmacoswindowsGo
Reconurlhuntera recon tool that allows searching on URLs that are exposed via shortener servicesurllinuxmacoswindowsGo
ReconfindomainThe fastest and cross-platform subdomain enumerator, do not waste your time.subdomainslinuxmacoswindowsRust
ReconPhotonIncredibly fast crawler designed for OSINT.osint crawllinuxmacoswindowsPython
ReconsubjsFetches javascript file from a list of URLS or subdomains.url subdomainslinuxmacoswindowsGo
Recon3klConAutomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.linuxmacoswindowsPython
RecongobusterDirectory/File, DNS and VHost busting tool written in GosubdomainslinuxmacoswindowsGo
ReconSubOverA Powerful Subdomain Takeover Toolsubdomains takeoverlinuxmacoswindowsGo
Recondnsxdnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.dnslinuxmacoswindowsGo
RecondmutA tool to perform permutations, mutations and alteration of subdomains in golang.subdomainslinuxmacoswindowsGo
ReconsubjackSubdomain Takeover tool written in Gosubdomains takeoverlinuxmacoswindowsGo
Recongraphw00fGraphQL Server Engine Fingerprinting utilitygraphqllinuxmacoswindowsPython
ReconsubzySubdomain takeover vulnerability checkersubdomains takeoverlinuxmacoswindowsGo
ReconLepusSubdomain findersubdomainslinuxmacoswindowsPython
ReconmegplusAutomated reconnaissance wrapper — TomNomNom’s meg on steroids. [DEPRECATED]linuxmacoswindowsShell
ReconaltdnsGenerates permutations, alterations and mutations of subdomains and then resolves themdnslinuxmacoswindowsPython
ReconshufflednsshuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.dnslinuxmacoswindowsGo
ReconassetfinderFind domains and subdomains related to a given domainsubdomainslinuxmacoswindowsGo
ReconsubfinderSubfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.subdomainslinuxmacoswindowsGo
ReconAmassIn-depth Attack Surface Mapping and Asset DiscoverysubdomainslinuxmacoswindowsGo
ReconlongtongueCustomized Password/Passphrase List inputting Target InfolinuxmacoswindowsPython
ReconsubgenA really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!subdomainslinuxmacoswindowsGo
Recongithub-subdomainsFind subdomains on GitHublinuxmacoswindowsGo
RecongetJSA tool to fastly get all javascript sources/fileslinuxmacoswindowsGo
ReconSmapa drop-in replacement for Nmap powered by shodan.ioportlinuxmacoswindowsGo
ReconShodanWorld’s first search engine for Internet-connected devicesosintlinuxmacoswindows
ReconpurednsPuredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.linuxmacoswindowsGo
RecongauplusA modified version of gau for personal usage. Support workers, proxies and some extra things.urllinuxmacoswindowsGo
Reconpagodopagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searchinglinuxmacoswindowsPython
ReconhakrevdnsSmall, fast tool for performing reverse DNS lookups en masse.linuxmacoswindowsGo
ReconParamSpiderMining parameters from dark corners of Web ArchivesparamlinuxmacoswindowsPython
Reconrecon_profileRecon profile (bash profile) for bugbountylinuxmacoswindowsShell
FuzzerSSRFireAn automated SSRF finder. Just give the domain name and your server and chillssrflinuxmacosShell
FuzzerhashcatWorld’s fastest and most advanced password recovery utilitylinuxmacoswindowsC
FuzzerBruteXAutomatically brute force all services running on a target.linuxmacoswindowsShell
FuzzerCrackQLCrackQL is a GraphQL password brute-force and fuzzing utility.graphqllinuxmacoswindowsPython
FuzzerGraphQLmapGraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.graphqllinuxmacoswindowsPython
FuzzerkiterunnerContextual Content Discovery ToollinuxmacoswindowsGo
Fuzzerc-jwt-crackerJWT brute force cracker written in CjwtlinuxmacoswindowsC
FuzzerBatchQLGraphQL security auditing script with a focus on performing batch GraphQL queries and mutationsgraphqllinuxmacoswindowsPython
FuzzerwfuzzWeb application fuzzerlinuxmacoswindowsPython
FuzzerParamPamPamThis tool for brute discover GET and POST parameters.param cache-vulnlinuxmacoswindowsPython
FuzzercrlfuzzA fast tool to scan CRLF vulnerability written in GocrlflinuxmacoswindowsShell
Fuzzerjwt-hack🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)jwtlinuxmacoswindowsGo
FuzzermedusaFastest recursive HTTP fuzzer, like a Ferrari.linuxmacoswindowsGo
FuzzerppfuzzA fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀linuxmacoswindowsRust
FuzzerffufFast web fuzzer written in GolinuxmacoswindowsGo
FuzzerSSRFmapAutomatic SSRF fuzzer and exploitation toolssrflinuxmacoswindowsPython
FuzzerfuzzparamA fast go based param miner to fuzz possible parameters a URL can have.paramlinuxmacoswindowsGo
FuzzerdotdotpwnDotDotPwn - The Directory Traversal Fuzzerpath-traversallinuxmacoswindowsPerl
Fuzzerjwt-crackerSimple HS256 JWT token brute force crackerjwtlinuxmacoswindowsJavaScript
FuzzerferoxbusterA fast, simple, recursive content discovery tool written in Rust.linuxmacoswindowsRust
ScannerFockCacheMinimalized Test Cache Poisoningcache-vulnlinuxmacoswindowsGo
ScannerconfusedTool to check for dependency confusion vulnerabilities in multiple package management systemsdependency-confusionlinuxmacoswindowsGo
ScannerhttprobeTake a list of domains and probe for working HTTP and HTTPS serverslinuxmacoswindowsGo
Scannerweb_cache_poisonweb cache poison - Top 1 web hacking technique of 2019cache-vulnlinuxmacoswindowsShell
ScannerrapidscanThe Multi-Tool Web Vulnerability Scanner.linuxmacoswindowsPython
ScannerautopoisonerWeb cache poisoning vulnerability scanner.cache-vulnlinuxmacoswindowsPython
ScannerS3ScannerScan for open AWS S3 buckets and dump the contentss3linuxmacoswindowsPython
ScannerdeadlinksHealth checks for your documentation links.broken-linklinuxmacoswindowsPython
ScannerS3cret ScannerHunting For Secrets Uploaded To Public S3 Bucketss3linuxmacoswindowsPython
Scannerxsinator.comXS-Leak Browser Test SuitelinuxmacoswindowsJavaScript
Scannerssrf-sheriffA simple SSRF-testing sheriff written in GossrflinuxmacoswindowsGo
ScannerXSStrikeMost advanced XSS scanner.xsslinuxmacoswindowsPython
ScannerppmapA scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.linuxmacoswindowsGo
ScannertplmapServer-Side Template Injection and Code Injection Detection and Exploitation ToollinuxmacoswindowsPython
ScannerOralyzerOpen Redirection AnalyzerlinuxmacoswindowsPython
Scannerws-smugglerWebSocket Connection SmugglersmugglelinuxmacoswindowsGo
Scannerdontgo403Tool to bypass 40X response codes.403linuxmacoswindowsGo
ScannerxsscrapyXSS/SQLi spider. Give it a URL and it’ll test every link it finds for XSS and some SQLi.xsslinuxmacoswindowsPython
ScannerarachniWeb Application Security Scanner FrameworklinuxmacoswindowsRuby
ScannerOpenRedireXA Fuzzer for OpenRedirect issueslinuxmacoswindowsPython
ScannerDOMPurifyDOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:xsslinuxmacoswindowsJavaScript
Scannertestssl.shTesting TLS/SSL encryption anywhere on any portssllinuxmacoswindowsShell
ScannerDirDarDirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it403linuxmacoswindowsGo
Scannerhttp-request-smugglingHTTP Request Smuggling Detection ToollinuxmacoswindowsPython
Scannergithub-searchTools to perform basic search on GitHub.linuxmacoswindowsJavaScript
Scannerdalfox🌘🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.xsslinuxmacoswindowsGo
Scannerjsprimea javascript static security analysis toollinuxmacoswindowsJavaScript
ScannersqlmapAutomatic SQL injection and database takeover toollinuxmacoswindowsPython
ScannernosqliNoSql Injection CLI toollinuxmacoswindowsGo
ScannerHRSHTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.linuxmacoswindowsPerl
ScannerLFISuiteTotally Automatic LFI Exploiter (+ Reverse Shell) and ScannerlinuxmacoswindowsPython
Scannera2svAuto Scanning to SSL VulnerabilityssllinuxmacoswindowsPython
ScannerwpscanWPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites.linuxmacoswindowsRuby
ScannerwpreconHello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.linuxmacoswindowsGo
ScannerNoSQLMapAutomated NoSQL database enumeration and web application exploitation tool.linuxmacoswindowsPython
ScannerxsserCross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.xsslinuxmacoswindowsPython
ScannerAWSBucketDumpSecurity Tool to Look For Interesting Files in S3 Bucketss3linuxmacoswindowsPython
Scannerhttp2smuglThis tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.linuxmacoswindowsGo
ScannerDSSSDamn Small SQLi ScannersqlilinuxmacoswindowsPython
ScannerXSpearPowerfull XSS Scanning and Parameter analysis tool&gemxsslinuxmacoswindowsRuby
ScannergitleaksScan git repos (or files) for secrets using regex and entropy 🔑linuxmacoswindowsGo
ScannerheadiCustomisable and automated HTTP header injectionlinuxmacoswindowsGo
ScannerChromium-based-XSS-Taint-TrackingCyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.xsslinuxmacoswindows
Scannerzap-cliA simple tool for interacting with OWASP ZAP from the commandline.linuxmacoswindowszapPython
ScannerhinjectHost Header Injection CheckerlinuxmacoswindowsGo
ScannerCorsMeCross Origin Resource Sharing MisConfiguration ScannercorslinuxmacoswindowsGo
Scannersqlivmassive SQL injection vulnerability scannersqlilinuxmacoswindowsPython
ScannerWeb-Cache-Vulnerability-ScannerWeb Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).cache-vulnlinuxmacoswindowsGo
Scannercorsair_scanCorsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).corslinuxmacoswindowsPython
Scannerh2csmugglerHTTP Request Smuggling Detection ToolsmugglelinuxmacoswindowsGo
ScannerdittoA tool for IDN homograph attacks and detection.linuxmacoswindowsGo
ScannerTaipanWeb application vulnerability scannerlinuxmacoswindows
ScannerplutionPrototype pollution scanner using headless chromelinuxmacoswindowsGo
ScannernucleiNuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.linuxmacoswindowsGo
ScannersmugglerSmuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3smugglelinuxmacoswindowsPython
ScannerVHostScanA virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.linuxmacoswindowsPython
ScannerDeadFinderFind dead-links (broken links)broken-linklinuxmacoswindowsRuby
ScannernmapNmap - the Network Mapper. Github mirror of official SVN repository.portscanlinuxmacoswindowsC
ScannerPPScanClient Side Prototype Pollution ScannerlinuxmacoswindowsJavaScript
ScannercommixAutomated All-in-One OS Command Injection Exploitation Tool.exploitlinuxmacoswindowsPython
ScannerStrikerStriker is an offensive information and vulnerability scanner.linuxmacoswindowsPython
Scannerfindom-xssA fast DOM based XSS vulnerability scanner with simplicity.xsslinuxmacoswindowsShell
ScannerniktoNikto web server scannerlinuxmacoswindowsPerl
ScannerDeepVioletTool for introspection of SSL\TLS sessionsssllinuxmacoswindowsJava
ScannerCorsyCORS Misconfiguration ScannercorslinuxmacoswindowsPython
ScannerdomdigDOM XSS scanner for Single Page ApplicationsxsslinuxmacoswindowsJavaScript
ExploitbeefThe Browser Exploitation Framework ProjectxsslinuxmacoswindowsRuby
ExploitGopherusThis tool generates gopher link for exploiting SSRF and gaining RCE in various serversssrflinuxmacoswindowsPython
ExploitSn1perAutomated pentest framework for offensive security expertslinuxmacoswindowsShell
ExploittoxssinAn XSS exploitation command-line interface and payload generator.xsslinuxmacoswindowsPython
ExploitxxeservA mini webserver with FTP support for XXE payloadslinuxmacoswindowsGo
ExploitsingularityA DNS rebinding attack framework.linuxmacoswindowsJavaScript
ExploitghauriAn advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flawssqlilinuxmacoswindowsPython
ExploitLiffyLocal file inclusion exploitation toollfilinuxmacoswindowsPython
Exploitof-CORSIdentifying and exploiting CORS misconfigurations on the internal networkscorslinuxmacoswindowsPython
ExploitSQLNinjaSqlninja is a tool targeted to exploit SQL Injection vulnerabilities.sqlilinuxmacosPerl
ExploitXXExploiterTool to help exploit XXE vulnerabilitiesxxelinuxmacoswindowsTypeScript
ExploitroprA blazing fast™ multithreaded ROP Gadget finder. ropperroplinuxmacoswindowsRust
ExploitBaRMIeJava RMI enumeration and attack tool.RMIlinuxmacoswindowsJava
ExploitXSRFProbeThe Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.linuxmacoswindowsPython
ExploitXXEinjectorTool for automatic exploitation of XXE vulnerability using direct and different out of band methods.xxelinuxmacoswindowsRuby
UtilsTukTukTool for catching and logging different types of requests.oastlinuxmacoswindowsGo
UtilsXSS-CatcherFind blind XSS but why not gather data while you’re at it.xss blind-xsslinuxmacoswindowsPython
UtilscurlA command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful featureslinuxmacoswindowsC
UtilspetSimple command-line snippet manager, written in Go.linuxmacoswindowsGo
UtilscentCommunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place.nuclei-templateslinuxmacoswindowsGo
UtilsdnsobserverA handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends lookup notifications via Slack.oast dnslinuxmacoswindowsGo
UtilsCyberChefThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysislinuxmacoswindowsJavaScript
UtilsgotestwafAn open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasseslinuxmacoswindowsGo
UtilsgfA wrapper around grep, to help you grep for thingslinuxmacoswindowsGo
UtilsPayloadsAllTheThingsA list of useful payloads and bypass for Web Application Security and Pentest/CTFlinuxmacoswindowsPython
UtilsREcollapseREcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsfuzzlinuxmacoswindowsPython
Utilsxss-cheatsheet-dataThis repository contains all the XSS cheatsheet data to allow contributions from the community.xsslinuxmacoswindows
UtilsFindsploitFind exploits in local and online databases instantlyexploitlinuxmacoswindowsShell
UtilsZipBombA simple implementation of ZipBomb in PythonzipbomblinuxmacoswindowsPython
UtilsgronMake JSON greppable!linuxmacoswindowsGo
UtilsblistenerBlind-XSS listener with payloadsxss blind-xsslinuxmacoswindowsGo
UtilsPhoenixhahwul’s online toolsonlinelinuxmacoswindowsJavaScript
UtilsdocemUility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)xxe xsslinuxmacoswindowsPython
UtilsAssetnote WordlistsAutomated & Manual Wordlists provided by Assetnotewordlist documentslinuxmacoswindowsCSS
Utilsnuclei-templatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.nuclei-templateslinuxmacoswindowsGo
UtilsgotatorGotator is a tool to generate DNS wordlists through permutations.linuxmacoswindowsGo
Utilss3reverseThe format of various s3 buckets is convert in one format. for bugbounty and security testing.s3linuxmacoswindowsGo
Utilspwncatpwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)linuxmacoswindowsShell
UtilsbountyplzAutomated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)reportlinuxmacoswindowsShell
Utilsreverse-shell-generatorHosted Reverse Shell generator with a ton of functionality. – (Great for CTFs)payloadlinuxmacoswindowsJavaScript
UtilsEmissarySend notifications on different channels such as Slack, Telegram, Discord etc.notifylinuxmacoswindowsGo
UtilshttptoolkitHTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Maclinuxmacoswindows
Utils230-OOBAn Out-of-Band XXE server for retrieving file contents over FTP.xxelinuxmacoswindowsPython
UtilsmubengAn incredibly fast proxy checker & IP rotator with ease.linuxmacoswindowsGo
UtilsGadgetProbeProbe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.deserializelinuxmacoswindowsJava
Utilscf-checkCloudflare Checker written in GolinuxmacoswindowsGo
UtilsxlessThe Serverless Blind XSS Appxss blind-xsslinuxmacoswindowsJavaScript
Utilstemplate-generatorA simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate the list of files in the dropdown of templates.linuxmacoswindowsJavaScript
UtilsburlA Broken-URL CheckerurllinuxmacoswindowsGo
UtilshacksA collection of hacks and one-off scriptslinuxmacoswindowsGo
Utilsgithub-regexpBasically a regexp over a GitHub search.linuxmacoswindowsGo
UtilswuzzInteractive cli tool for HTTP inspectionhttplinuxmacoswindowsGo
UtilsysoserialA proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.deserializelinuxmacoswindowsJava
UtilsfffThe Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.urllinuxmacoswindowsGo
UtilsClipboardAn external brain that remembers anything, anytime, anywhere.clipboardlinuxmacoswindowsC++
Utilsmissing-cve-nuclei-templatesWeekly updated list of missing CVEs in nuclei templates official repositorynuclei-templateslinuxmacoswindowsTxt
Utilsxssor2XSS’OR - Hack with JavaScript.xsslinuxmacoswindowsJavaScript
UtilsSequenceDiagramOnline tool for creating UML sequence diagramsonlinelinuxmacoswindows
UtilsGf-PatternsGF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters greplinuxmacoswindows
UtilsqsreplaceAccept URLs on stdin, replace all query string values with a user-supplied valuelinuxmacoswindowsGo
Utilsob_hacky_slackHacky Slack - a bash script that sends beautiful messages to SlacknotifylinuxmacoswindowsShell
UtilsRedcloudAutomated Red Team Infrastructure deployement using DockerinfralinuxmacoswindowsPython
UtilsgxssBlind XSS service alerting over slack or emailxss blind-xsslinuxmacoswindowsGo
Utilspentest-toolsCustom pentesting toolslinuxmacoswindowsPython
Utilsdifftastica structural diff that understands syntaxdifflinuxmacoswindowsRust
Utilsoxml_xxeA tool for embedding XXE/XML exploits into different filetypeslinuxmacoswindowsRuby
UtilsanewA tool for adding new lines to files, skipping duplicateslinuxmacoswindowsGo
UtilsboastThe BOAST Outpost for AppSec Testing (v0.1.0)oastlinuxmacoswindowsGo
UtilsRoninRonin is a free and Open Source Ruby toolkit for security research and development.payload http pentestlinuxmacoswindowsRuby
UtilsslackcatCLI utility to post files and command output to slacknotifylinuxmacoswindowsGo
UtilsezXSSezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.xss blind-xsslinuxmacoswindowsPHP
Utilsgrcgeneric colouriserlinuxmacoswindowsPython
Utilsgraphql-voyager🛰️ Represent any GraphQL API as an interactive graphgraphqllinuxmacoswindowsTypeScript
Utilscan-i-take-over-xyz“Can I take over XYZ?” — a list of services and how to claim (sub)domains with dangling DNS records.linuxmacoswindows
UtilsPoC-in-GitHub📡 PoC auto collect from GitHub. Be careful malware.linuxmacoswindows
UtilshbxssSecurity test tool for Blind XSSxss blind-xsslinuxmacoswindowsRuby
UtilsAtlasQuick SQLMap Tamper SuggesterlinuxmacoswindowsPython
UtilsgitlsListing git repository from URL/User/OrglinuxmacoswindowsGo
UtilsgodeclutterDeclutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.urllinuxmacoswindowsGo
UtilsquickjackQuickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.linuxmacoswindowsJavaScript
UtilsBug-Bounty-ToolzBBT - Bug Bounty ToolslinuxmacoswindowsPython
UtilsunfurlPull out bits of URLs provided on stdinurllinuxmacoswindowsGo
UtilsurlgrabA golang utility to spider through a website searching for additional links.urllinuxmacoswindowsGo
Utilsnuclei-wordfence-cveEvery single day new templates are added to this repo based on updates on Wordfence.comnuclei-templateslinuxmacoswindowsPython
Utilssecurity-crawl-mazeSecurity Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link resources from a valid HTML document.crawllinuxmacoswindowsHTML
UtilsdsieveFilter and enrich a list of subdomains by levelsubdomainslinuxmacoswindowsGo
Utilsgee🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as golinuxmacoswindowsGo
UtilshakcheckurlTakes a list of URLs and returns their HTTP response codeslinuxmacoswindowsGo
UtilshttpieAs easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpiehttplinuxmacoswindowsPython
UtilshurlHurl, run and test HTTP requests.linuxmacoswindowsRust
UtilstiscriptsTurbo Intruder ScriptslinuxmacoswindowsPython
Utilssecurity-research-pocsProof-of-concept codes created as part of security research done by Google Security Team.linuxmacoswindowsC++
UtilsjsfuckWrite any JavaScript with 6 CharactersxsslinuxmacoswindowsJavaScript
Utilsweaponised-XSS-payloadsXSS payloads designed to turn alert(1) into P1xss documentslinuxmacoswindowsJavaScript
UtilsbatA cat(1) clone with wings.linuxmacoswindowsRust
UtilsgrexA command-line tool and library for generating regular expressions from user-provided test caseslinuxmacoswindowsRust
Utilszip-bombCreate a ZIPBomb for a given uncompressed size (flat and nested modes).zipbomblinuxmacoswindowsPython
UtilsSerializationDumperA tool to dump Java serialization streams in a more human readable form.deserializelinuxmacoswindowsJava
UtilsfzfA command-line fuzzy finderlinuxmacoswindowsGo
UtilsautochromeThis tool downloads, installs, and configures a shiny new copy of Chromium.linuxmacoswindowsHTML
UtilswssipApplication for capturing, modifying and sending custom WebSocket data from client to server and vice versa.linuxmacoswindowsJavaScript
UtilsurlprobeUrls status code & content length checkerurllinuxmacoswindowsGo
UtilsinteractshAn OOB interaction gathering server and client libraryoastlinuxmacoswindowsGo
UtilsCSP EvaluatorOnline CSP Evaluator from googlecsplinuxmacoswindows
UtilsSecListsSecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.wordlist documentslinuxmacoswindowsPHP
Utilsysoserial.netDeserialization payload generator for a variety of .NET formattersdeserializelinuxmacoswindowsC#
EnvGlueApplication Security AutomationlinuxmacoswindowsRuby
Envpentest-envPentest environment deployer (kali linux + targets) using vagrant and chef.pentestlinuxmacoswindowsRuby
EnvCrimsonWeb Application Security Testing automation.linuxmacoswindowsPython



Browser Addons

ReconWayback MachineHistory of websitelinuxmacoswindowssafari
ReconDotGitAn extension for checking if .git is exposed in visited websiteslinuxmacoswindowsJavaScript
UtilsMM3 ProxySwitchProxy Switch in Firefox and ChromelinuxmacoswindowsfirefoxchromeJavaScript
UtilsHack-ToolsThe all-in-one Red Team extension for Web Pentester 🛠linuxmacoswindowsTypeScript
UtilsUser-Agent Switcherquick and easy way to switch between user-agents.linuxmacoswindowsfirefox
Utilseval_villainA Firefox Web Extension to improve the discovery of DOM XSS.xsslinuxmacoswindowsJavaScript
UtilsDark ReaderDark mode to any sitedarkmodelinuxmacoswindowsfirefoxchromeTypeScript
UtilspostMessage-trackerA Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-iconlinuxmacoswindowsJavaScript
UtilsPwnFoxFirefox/Burp extension that provide usefull tools for your security audit.linuxmacoswindowsfirefoxburpJavaScript
Utilscookie-quick-managerAn addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.cookielinuxmacoswindowsJavaScript
UtilsDark Reader for SafariDark mode to any sitelinuxmacoswindowssafari
Utilsfirefox-container-proxyAssign a proxy to a Firefox containerlinuxmacoswindowsfirefoxJavaScript
Utilsclear-cacheAdd-on to clear browser cache with a single click or via the F9 key.linuxmacoswindowsJavaScript
UtilsEdit-This-CookieEditThisCookie is the famous Google Chrome/Chromium extension for editing cookiescookielinuxmacoswindowsJavaScript
Utilsjsonwebtoken.github.ioJWT En/Decode and VerifyjwtlinuxmacoswindowsJavaScript
UtilsFirefox Multi-Account ContainersFirefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabslinuxmacoswindowsfirefoxJavaScript

Burpsuite and ZAP Addons

Reconattack-surface-detector-zapThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parametersendpointlinuxmacoswindowszapJava
ReconDr. WatsonDr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful informationparam subdomainslinuxmacoswindowsburpPython
Reconattack-surface-detector-burpThe Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parametersendpointlinuxmacoswindowsburpJava
ReconHUNTIdentifies common parameters vulnerable to certain vulnerability classesparamlinuxmacoswindowszapburpKotlin
Fuzzerparam-minerParam Minerparam cache-vulnlinuxmacoswindowsburpJava
FuzzerGAPThis is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on.paramlinuxmacoswindowsburpPython
UtilsAuthMatrixAutomated HTTP Request Repeating With Burp SuitelinuxmacoswindowsburpJava
UtilsargumentinjectionhammerA Burp Extension designed to identify argument injection vulnerabilities.linuxmacoswindowsburpPython
UtilsDecoder-ImprovedImproved decoder for Burp SuitelinuxmacoswindowsburpJava
UtilsBurpCustomizerBecause just a dark theme wasn’t enough!linuxmacoswindowsburpJava
UtilsHTTPSignaturesA Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.linuxmacoswindowsburpJava
UtilsAWSSignerBurp Extension for AWS SigninglinuxmacoswindowsburpJava
UtilsBerserkoBurp Suite extension to perform Kerberos authenticationlinuxmacoswindowsburpJava
Utilspcap-burpPcap importer for BurplinuxmacoswindowsburpJava
UtilsblackboxprotobufBlackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.linuxmacoswindowsburpPython
UtilsWeb3 DecoderBurp Extension for Web3web3linuxmacoswindowsburpJava
UtilsknifeA burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅linuxmacoswindowsJava