Type Name Description

Army-Knife axiom A dynamic infrastructure toolkit for red teamers and bug bounty hunters!
Army-Knife Metasploit The world’s most used penetration testing framework
Army-Knife jaeles The Swiss Army knife for automated Web Application Testing
Army-knife Ronin Free and Open Source Ruby Toolkit for Security Research and Development
Army-Knife BurpSuite The BurpSuite Project
Army-Knife ZAP The ZAP core project
Proxy mitmproxy An interactive TLS-capable intercepting HTTP proxy for penetration testers and softwa
Proxy hetty Hetty is an HTTP toolkit for security research. It aims to become an open source altern
Proxy Echo Mirage A generic network proxy that uses DLL injection to capture and alter TCP traffic.
Proxy proxify Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay
Proxy Caido A lightweight web security auditing toolkit
Proxy EvilProxy A ruby http/https proxy to do EVIL things.
Proxy Glorp A CLI-based HTTP intercept and replay proxy
Recon Parth Heuristic Vulnerable Parameter Scanner
Recon Amass In-depth Attack Surface Mapping and Asset Discovery
Recon HostHunter Recon tool for discovering hostnames using OSINT techniques.
Recon fhc Fast HTTP Checker.
Recon favirecon Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF
Recon dnsprobe DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple
Recon lazyrecon This script is intended to automate your reconnaissance process in an organized fashi
Recon masscan TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in un
Recon Hunt3r Made your bugbounty subdomains reconnaissance easier with Hunt3r the web applica
Recon subgen A really simple utility to concate wordlists to a domain name - to pipe into your favourit
Recon parameth This tool can be used to brute discover GET and POST parameters
Recon SubBrute https://github.com/TheRook/subbrute
Recon crawlergo A powerful browser crawler for web vulnerability scanners
Recon uro declutters url lists for crawling/pentesting
Recon sn0int Semi-automatic OSINT framework and package manager
Recon RustScan Faster Nmap Scanning with Rust
Recon shuffledns shuffleDNS is a wrapper around massdns written in go that allows you to enumerate v
Recon hakrevdns Small, fast tool for performing reverse DNS lookups en masse.
Recon haktrails Golang client for querying SecurityTrails API data
Recon LinkFinder A python script that finds endpoints in JavaScript files
Recon xnLinkFinder A python tool used to discover endpoints (and potential parameters) for a given target
Recon ParamSpider Mining parameters from dark corners of Web Archives
Recon htcat Parallel and Pipelined HTTP GET Utility
Recon Shodan World's first search engine for Internet-connected devices
Recon intrigue-core Discover Your Attack Surface
Recon cc.py Extracting URLs of a specific target based on the results of "commoncrawl.org"
Recon shosubgo Small tool to Grab subdomains using Shodan api.
Recon noir Attack surface detector that identifies endpoints by static analysis
Recon megplus Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECAT
Recon recon_profile Recon profile (bash profile) for bugbounty
Recon GitMiner Tool for advanced mining for content on Github
Recon findomain The fastest and cross-platform subdomain enumerator, do not waste your time.
Recon gau Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, a
Recon Osmedeus Fully automated offensive security framework for reconnaissance and vulnerability sca
Recon Sublist3r Fast subdomains enumeration tool for penetration testers
Recon csprecon Discover new target domains using Content Security Policy
Recon Photon Incredibly fast crawler designed for OSINT.
Recon subs_all Subdomain Enumeration Wordlist. 8956437 unique words. Updated.
Recon pagodo pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and se
Recon graphw00f GraphQL Server Engine Fingerprinting utility
Recon waybackurls Fetch all the URLs that the Wayback Machine knows about for a domain
Recon gobuster Directory/File, DNS and VHost busting tool written in Go
Recon JSFScan.sh Automation for javascript recon in bug bounty.
Recon dnsvalidator Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and en
Recon FavFreak Making Favicon.ico based Recon Great again !
Recon github-endpoints
Find endpoints on GitHub.
Recon SecurityTrails Online dns / subdomain / recon tool
Recon rusolver Fast and accurate DNS resolver.
Recon STEWS A Security Tool for Enumerating WebSockets
Recon rengine reNgine is an automated reconnaissance framework meant for gathering information d
Recon HydraRecon All In One, Fast, Easy Recon Tool
Recon bbot OSINT automation for hackers
Recon SubOver A Powerful Subdomain Takeover Tool
Recon Chaos Web actively scan and maintain internet-wide assets' data. enhance research and analyse c
Recon Sub404 A python tool to check subdomain takeover vulnerability
Recon zdns Fast CLI DNS Lookup Tool
Recon reconftw reconFTW is a tool designed to perform automated recon on a target domain by runnin
Recon gauplus A modified version of gau for personal usage. Support workers, proxies and some extr
Recon dmut A tool to perform permutations, mutations and alteration of subdomains in golang.
Recon subfinder Subfinder is a subdomain discovery tool that discovers valid subdomains for websites.
Recon httpx httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retrya
Recon Sudomy subdomain enumeration tool to collect subdomains and analyzing domains
Recon x8 Hidden parameters discovery suite
Recon DNSDumpster Online dns recon & research, find & lookup dns records
Recon CT_subdomainsAn hourly updated list of subdomains gathered from certificate transparency logs
Recon aquatone A Tool for Domain Flyovers
Recon uncover Quickly discover exposed hosts on the internet using multiple search engine.
Recon gospider Gospider - Fast web spider written in Go
Recon spiderfoot SpiderFoot automates OSINT collection so that you can focus on analysis.
Recon jsluice Extract URLs, paths, secrets, and other interesting bits from JavaScript
Recon getJS A tool to fastly get all javascript sources/files
Recon gowitness 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Recon knock Knock Subdomain Scan
Recon Silver Mass scan IPs for vulnerable services
Recon subjs Fetches javascript file from a list of URLS or subdomains.
Recon goverview goverview - Get an overview of the list of URLs
Recon scilla Information Gathering tool dns/subdomain/port enumeration
Recon cariddi Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extens
Recon hakrawler Simple, fast web crawler designed for easy, quick discovery of endpoints and assets w
Recon github-subdomains
Find subdomains on GitHub
Recon longtongue Customized Password/Passphrase List inputting Target Info
Recon Smap a drop-in replacement for Nmap powered by shodan.io
Recon ParamWizard ParamWizard is a powerful Python-based tool designed for extracting and identifying U
Recon altdns Generates permutations, alterations and mutations of subdomains and then resolves t
Recon BLUTO DNS Analysis Tool
Recon puredns Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately
Recon subzy Subdomain takeover vulnerability checker
Recon SecretFinder SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and
Recon apkleaks Scanning APK file for URIs, endpoints & secrets.
Recon Lepus Subdomain finder
Recon naabu A fast port scanner written in go with focus on reliability and simplicity. Designed to be
Recon 3klCon Automation Recon tool which works with Large & Medium scopes. It performs more th
Recon katana A next-generation crawling and spidering framework.
Recon go-dork The fastest dork scanner written in Go.
Recon urlhunter a recon tool that allows searching on URLs that are exposed via shortener services
Recon BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance.
Recon meg Fetch many paths for many hosts - without killing the hosts
Recon assetfinder Find domains and subdomains related to a given domain
Recon dirsearch Web path scanner
Recon Arjun HTTP parameter discovery suite.
Recon OneForAll OneForAll是一款功能强大的子域收集工具
Recon gitrob Reconnaissance tool for GitHub organizations
Recon dnsx dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your
Recon chaos-client Go client to communicate with Chaos DNS API.
Recon subjack Subdomain Takeover tool written in Go
Fuzzer feroxbuster A fast, simple, recursive content discovery tool written in Rust.
Fuzzer ppfuzz A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
Fuzzer c-jwt-cracker JWT brute force cracker written in C
Fuzzer fuzzparam A fast go based param miner to fuzz possible parameters a URL can have.
Fuzzer BatchQL GraphQL security auditing script with a focus on performing batch GraphQL queries an
Fuzzer wfuzz Web application fuzzer
Fuzzer ffuf Fast web fuzzer written in Go
Fuzzer dotdotpwn DotDotPwn - The Directory Traversal Fuzzer
Fuzzer jwt-cracker Simple HS256 JWT token brute force cracker
Fuzzer GraphQLmap GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting pu
Fuzzer Clairvoyance Obtain GraphQL API schema even if the introspection is disabled
Fuzzer jwt-hack 🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT
Fuzzer ParamPamPamThis tool for brute discover GET and POST parameters.
Fuzzer hashcat World's fastest and most advanced password recovery utility
Fuzzer SSRFmap Automatic SSRF fuzzer and exploitation tool
Fuzzer BruteX Automatically brute force all services running on a target.
Fuzzer CrackQL CrackQL is a GraphQL password brute-force and fuzzing utility.
Fuzzer kiterunner Contextual Content Discovery Tool
Fuzzer SSTImap Automatic SSTI detection tool with interactive interface
Fuzzer SmuggleFuzz A rapid HTTP downgrade smuggling scanner written in Go.
Fuzzer crlfuzz A fast tool to scan CRLF vulnerability written in Go
Fuzzer thc-hydra hydra
Fuzzer SSRFire An automated SSRF finder. Just give the domain name and your server and chill
Fuzzer medusa Fastest recursive HTTP fuzzer, like a Ferrari.
Fuzzer headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP he
Scanner wprecon Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CM
Scanner sqliv massive SQL injection vulnerability scanner
Scanner S3Scanner Scan for open AWS S3 buckets and dump the contents
Scanner nikto Nikto web server scanner
Scanner Striker Striker is an offensive information and vulnerability scanner.
Scanner corsair_scan Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
Scanner hinject Host Header Injection Checker
Scanner sqlmap Automatic SQL injection and database takeover tool
Scanner XSStrike Most advanced XSS scanner.
Scanner plution Prototype pollution scanner using headless chrome
Scanner PPScan Client Side Prototype Pollution Scanner
Scanner S3cret ScannerHunting For Secrets Uploaded To Public S3 Buckets
Scanner NoXss Faster xss scanner,support reflected-xss and dom-xss
Scanner dalfox 🌘 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Scanner V3n0M-ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Scanner http-request-smuggling
HTTP Request Smuggling Detection Tool
Scanner a2sv Auto Scanning to SSL Vulnerability
Scanner Oralyzer Open Redirection Analyzer
Scanner OpenRedireX A Fuzzer for OpenRedirect issues
Scanner xsssniper An automatic XSS discovery tool
Scanner Taipan Web application vulnerability scanner
Scanner httprobe Take a list of domains and probe for working HTTP and HTTPS servers
Scanner jsprime a javascript static security analysis tool
Scanner ditto A tool for IDN homograph attacks and detection.
Scanner nuclei Nuclei is a fast tool for configurable targeted scanning based on templates offering ma
Scanner DeepViolet Tool for introspection of SSL\TLS sessions
Scanner DSSS Damn Small SQLi Scanner
Scanner CorsMe Cross Origin Resource Sharing MisConfiguration Scanner
Scanner tplmap Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Scanner nmap Nmap - the Network Mapper. Github mirror of official SVN repository.
Scanner nosqli NoSql Injection CLI tool
Scanner depenfusion A powerful pentesting tool for detecting and exploiting dependency confusion vulnerab
Scanner FockCache Minimalized Test Cache Poisoning
Scanner PwnXSS Vulnerability (XSS) scanner exploit
Scanner XSpear Powerfull XSS Scanning and Parameter analysis tool&gem
Scanner websocket-connection-smuggler
websocket-connection-smuggler
Scanner domdig DOM XSS scanner for Single Page Applications
Scanner xsscrapy XSS/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi.
Scanner gitGraber gitGraber
Scanner ConfusedDotnetTool to check for dependency confusion vulnerabilities in NuGet package managemen
Scanner NoSQLMap Automated NoSQL database enumeration and web application exploitation tool.
Scanner confused Tool to check for dependency confusion vulnerabilities in multiple package manageme
Scanner xsinator.com XS-Leak Browser Test Suite
Scanner Chromium-based-XSS-Taint-Tracking
Cyclops is a web browser with XSS detection feature, it is chromium-based xss detect
Scanner github-search Tools to perform basic search on GitHub.
Scanner scan4all Official repository vuls Scan
Scanner xsser Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and re
Scanner SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL inje
Scanner deadlinks Health checks for your documentation links.
Scanner XssPy Web Application XSS Scanner
Scanner ws-smuggler WebSocket Connection Smuggler
Scanner VHostScan A virtual host scanner that performs reverse lookups, can be used with pivot tools, det
Scanner ssrf-sheriff A simple SSRF-testing sheriff written in Go
Scanner Corsy CORS Misconfiguration Scanner
Scanner arachni Web Application Security Scanner Framework
Scanner autopoisoner Web cache poisoning vulnerability scanner.
Scanner ppmap A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollutio
Scanner DOMPurify DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML a
Scanner dontgo403 Tool to bypass 40X response codes.
Scanner pphack The Most Advanced Client-Side Prototype Pollution Scanner
Scanner HRS HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my Blac
Scanner headi Customisable and automated HTTP header injection
Scanner commix Automated All-in-One OS Command Injection Exploitation Tool.
Scanner http2smugl This tool helps to detect and exploit HTTP request smuggling in cases it can be achiev
Scanner AWSBucketDump Security Tool to Look For Interesting Files in S3 Buckets
Scanner findom-xss A fast DOM based XSS vulnerability scanner with simplicity.
Scanner Deadsniper A fast, specialized dead-link checker
Scanner testssl.sh Testing TLS/SSL encryption anywhere on any port
Scanner web_cache_poison
web cache poison - Top 1 web hacking technique of 2019
Scanner wpscan WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanne
Scanner Web-Cache-Vulnerability-Scanner
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisonin
Scanner gitleaks Scan git repos (or files) for secrets using regex and entropy 🔑
Scanner h2csmuggler HTTP Request Smuggling Detection Tool
Scanner LFISuite Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
Scanner zap-cli A simple tool for interacting with OWASP ZAP from the commandline.
Scanner dependency-confusion-scanner
This small repo is meant to scan Github's repositories for potential Dependency confus
Scanner rapidscan The Multi-Tool Web Vulnerability Scanner.
Scanner DirDar DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listi
Scanner DeadFinder Find dead-links (broken links)
Scanner smuggler Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
Exploit XXExploiter Tool to help exploit XXE vulnerabilities
Exploit XXEinjector Tool for automatic exploitation of XXE vulnerability using direct and different out of ban
Exploit beef The Browser Exploitation Framework Project
Exploit SQLNinja Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities.
Exploit Sn1per Automated pentest framework for offensive security experts
Exploit toxssin An XSS exploitation command-line interface and payload generator.
Exploit ropr A blazing fast™ multithreaded ROP Gadget finder. ropper
Exploit singularity A DNS rebinding attack framework.
Exploit ghauri An advanced cross-platform tool that automates the process of detecting and exploitin
Exploit Liffy Local file inclusion exploitation tool
Exploit BaRMIe Java RMI enumeration and attack tool.
Exploit xxeserv A mini webserver with FTP support for XXE payloads
Exploit Gopherus This tool generates gopher link for exploiting SSRF and gaining RCE in various server
Exploit XSRFProbe The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
Exploit of-CORS Identifying and exploiting CORS misconfigurations on the internal networks
Utils grex A command-line tool and library for generating regular expressions from user-provided
Utils urlprobe Urls status code & content length checker
Utils PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Utils docem Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
Utils security-research-pocs
Proof-of-concept codes created as part of security research done by Google Security T
Utils gotestwaf An open-source project in Golang to test different web application firewalls (WAF) for d
Utils xss-cheatsheet-data
This repository contains all the XSS cheatsheet data to allow contributions from the co
Utils bountyplz Automated security reporting from markdown templates (HackerOne and Bugcrowd ar
Utils ezXSS ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cr
Utils dnsobserver A handy DNS service written in Go to aid in the detection of several types of blind vuln
Utils hbxss Security test tool for Blind XSS
Utils pwncat pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self
Utils IntruderPayloads
Utils gotator Gotator is a tool to generate DNS wordlists through permutations.
Utils SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists use
Utils graphql-voyagerRepresent any GraphQL API as an interactive graph
Utils Atlas Quick SQLMap Tamper Suggester
Utils gee 🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but the
Utils ysoserial.net Deserialization payload generator for a variety of .NET formatters
Utils xless The Serverless Blind XSS App
Utils eoyc Encoding Only Your Choices
Utils qsreplace Accept URLs on stdin, replace all query string values with a user-supplied value
Utils Gf-Patterns GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep
Utils hurl Hurl, run and test HTTP requests.
Utils interactsh An OOB interaction gathering server and client library
Utils wssip Application for capturing, modifying and sending custom WebSocket data from client to
Utils GQLSpection parses GraphQL introspection schema and generates possible queries
Utils 230-OOB An Out-of-Band XXE server for retrieving file contents over FTP.
Utils httptoolkit HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with
Utils godeclutter Declutters URLs in a fast and flexible way, for improving input for web hacking automa
Utils quickjack Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and fr
Utils oxml_xxe A tool for embedding XXE/XML exploits into different filetypes
Utils security-crawl-maze
Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains
Utils github-regexp Basically a regexp over a GitHub search.
Utils Redcloud Automated Red Team Infrastructure deployement using Docker
Utils pet Simple command-line snippet manager, written in Go.
Utils tiscripts Turbo Intruder Scripts
Utils cf-check Cloudflare Checker written in Go
Utils template-generator
A simple variable based template editor using handlebarjs+strapdownjs. The idea is to
Utils SequenceDiagramOnline tool for creating UML sequence diagrams
Utils Assetnote Wordlists
Automated & Manual Wordlists provided by Assetnote
Utils Blacklist3r project-blacklist3r
Utils ob_hacky_slackHacky Slack - a bash script that sends beautiful messages to Slack
Utils autochrome This tool downloads, installs, and configures a shiny new copy of Chromium.
Utils Phoenix hahwul's online tools
Utils reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
Utils dsieve Filter and enrich a list of subdomains by level
Utils grc generic colouriser
Utils SerializationDumper
A tool to dump Java serialization streams in a more human readable form.
Utils weaponised-XSS-payloads
XSS payloads designed to turn alert(1) into P1
Utils fzf A command-line fuzzy finder
Utils slackcat CLI utility to post files and command output to slack
Utils boast The BOAST Outpost for AppSec Testing (v0.1.0)
Utils blistener Blind-XSS listener with payloads
Utils missing-cve-nuclei-templates
Weekly updated list of missing CVEs in nuclei templates official repository
Utils hakcheckurl Takes a list of URLs and returns their HTTP response codes
Utils gron Make JSON greppable!
Utils mubeng An incredibly fast proxy checker & IP rotator with ease.
Utils nuclei-templatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities
Utils TukTuk Tool for catching and logging different types of requests.
Utils nuclei-wordfence-cve
Every single day new templates are added to this repo based on updates on Wordfenc
Utils pentest-tools Custom pentesting tools
Utils httpie modern, user-friendly command-line HTTP client for the API era
Utils ZipBomb A simple implementation of ZipBomb in Python
Utils burl A Broken-URL Checker
Utils bat A cat(1) clone with wings.
Utils zip-bomb Create a ZIPBomb for a given uncompressed size (flat and nested modes).
Utils Emissary Send notifications on different channels such as Slack, Telegram, Discord etc.
Utils hacks A collection of hacks and one-off scripts
Utils curl A command line tool and library for transferring data with URL syntax, supporting HTT
Utils fff The Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
Utils hoppscotch Open source API development ecosystem
Utils Bug-Bounty-ToolzBBT - Bug Bounty Tools
Utils gf A wrapper around grep, to help you grep for things
Utils bruteforce-listsSome files for bruteforcing certain things.
Utils unfurl Pull out bits of URLs provided on stdin
Utils can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangli
Utils Findsploit Find exploits in local and online databases instantly
Utils cent Community edition nuclei templates, a simple tool that allows you to organize all the N
Utils gxss Blind XSS service alerting over slack or email
Utils Clipboard An external brain that remembers anything, anytime, anywhere.
Utils difftastic a structural diff that understands syntax
Utils CSP Evaluator Online CSP Evaluator from google
Utils jsfuck Write any JavaScript with 6 Characters
Utils GadgetProbe Probe endpoints consuming Java serialized objects to identify classes, libraries, and lib
Utils XSS-Catcher Find blind XSS but why not gather data while you're at it.
Utils PoC-in-GitHub 📡 PoC auto collect from GitHub. Be careful malware.
Utils REcollapse REcollapse is a helper tool for black-box regex fuzzing to bypass validations and disco
Utils anew A tool for adding new lines to files, skipping duplicates
Utils xssor2 XSS'OR - Hack with JavaScript.
Utils urlgrab A golang utility to spider through a website searching for additional links.
Utils gitls Listing git repository from URL/User/Org
Utils wuzz Interactive cli tool for HTTP inspection
Utils ysoserial A proof-of-concept tool for generating payloads that exploit unsafe Java object deseria
Utils s3reverse The format of various s3 buckets is convert in one format. for bugbounty and security t
Utils CyberChef The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and d
Env Glue Application Security Automation
Env pentest-env Pentest environment deployer (kali linux + targets) using vagrant and chef.
Env Crimson Web Application Security Testing automation.
Bookmarklets
Type Name Description
Browser Addons
Type Name Description
Recon Wayback Machine
History of website
Recon DotGit An extension for checking if .git is exposed in visited websites
Utils jsonwebtoken.github.io
JWT En/Decode and Verify
Utils MM3 ProxySwitch
Proxy Switch in Firefox and Chrome
Utils DOMLogger++A browser extension that allows you to monitor, intercept, and debug JavaScrip
Utils Edit-This-Cookie
EditThisCookie is the famous Google Chrome/Chromium extension for editing c
Utils Hack-Tools The all-in-one Red Team extension for Web Pentester 🛠
Utils cookie-quick-manager
An addon to manage (view, search, create, edit, remove, backup, restore) cookie
Utils ZAP Browser Extension
A browser extension which allows ZAP to interact directly with the browser.
Utils Dark Reader Dark mode to any site
Utils Firefox Multi-Account Containers
Firefox Multi-Account Containers lets you keep parts of your online life separate
Utils firefox-container-proxy
Assign a proxy to a Firefox container
Utils PwnFox Firefox/Burp extension that provide usefull tools for your security audit.
Utils User-Agent Switcher
quick and easy way to switch between user-agents.
Utils postMessage-tracker
A Chrome Extension to track postMessage usage (url, domain and stack) both b
Utils clear-cache Add-on to clear browser cache with a single click or via the F9 key.
Utils Dark Reader for Safari
Dark mode to any site
Utils eval_villain A Firefox Web Extension to improve the discovery of DOM XSS.
Burpsuite, Caido and ZAP Addons

Type Name Description

Recon attack-surface-detector-zap
The Attack Surface Detector uses static code analyses to identify web app endp
Recon attack-surface-detector-burp
The Attack Surface Detector uses static code analyses to identify web app endp
Recon BurpSuite-Secret_Finder
Recon reflected-parameters
Recon Dr. Watson Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdom
Recon BurpJSLinkFinder
Recon burp-retire-js
Recon HUNT Identifies common parameters vulnerable to certain vulnerability classes
Fuzzer param-miner Param Miner
Fuzzer GAP This is an evolution of the original getAllParams extension for Burp. Not only do
Scanner BurpSuiteHTTPSmuggler
Scanner http-request-smuggler
Scanner AuthMatrix
Scanner csp-auditor
Scanner Autorize
Scanner collaborator-everywhere
Utils EvenBetter EvenBetter is a frontend Caido plugin that makes the Caido experience even bet
Utils femida
Utils zap-hud
Utils http-script-generator
Utils pcap-burp Pcap importer for Burp
utils owasp-zap-jwt-addon
Utils burp-piper
Utils BurpBounty
utils Neonmarker
Utils safecopy
Utils blackboxprotobuf
Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrar
Utils HTTPSignatures A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-http
Utils BurpCustomizer Because just a dark theme wasn't enough!
Utils inql
Utils EvenBetterExtensions
EvenBetterExtensions allows you to quicky install and keep updated Caido exte
Utils reflect
Utils Berserko Burp Suite extension to perform Kerberos authentication
Utils knife A burp extension that add some useful function to Context Menu 添加一些右键菜单让bur
Utils gRPC-Web Pentest Suite
gRPC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-We
Utils Map Local ZAP add-on which allows mapping of responses to content of a chosen local file
Utils Web3 DecoderBurp Extension for Web3
Utils Stepper
Utils caidope caidope - caido plugin
Utils CaidoReflectorAutomatically look for paramater reflections in the HTTP response
Utils notebook Notebook Caido Plugin
Utils turbo-intruder
Utils argumentinjectionhammer
A Burp Extension designed to identify argument injection vulnerabilities.
Utils community-scripts
Utils BurpSuiteLoggerPlusPlus
Utils Decoder-Improved
Improved decoder for Burp Suite
Utils burp-exporter
Utils AWSSigner Burp Extension for AWS Signing
Utils burp-send-to
Utils AuthMatrix Automated HTTP Request Repeating With Burp Suite
Utils taborator
 Star
dynamic infrastructure toolkit for red teamers and bug bounty hunters!
e world’s most used penetration testing framework
e Swiss Army knife for automated Web Application Testing
ee and Open Source Ruby Toolkit for Security Research and Development
e BurpSuite Project
e ZAP core project
interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
tty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suit
generic network proxy that uses DLL injection to capture and alter TCP traffic.
iss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay
ghtweight web security auditing toolkit
uby http/https proxy to do EVIL things.
CLI-based HTTP intercept and replay proxy
uristic Vulnerable Parameter Scanner
depth Attack Surface Mapping and Asset Discovery
con tool for discovering hostnames using OSINT techniques.
st HTTP Checker.
e favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
NSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of us
s script is intended to automate your reconnaissance process in an organized fashion
P port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
ade your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework
eally simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
s tool can be used to brute discover GET and POST parameters
ps://github.com/TheRook/subbrute
powerful browser crawler for web vulnerability scanners
clutters url lists for crawling/pentesting
mi-automatic OSINT framework and package manager
ster Nmap Scanning with Rust
uffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as
mall, fast tool for performing reverse DNS lookups en masse.
lang client for querying SecurityTrails API data
python script that finds endpoints in JavaScript files
python tool used to discover endpoints (and potential parameters) for a given target
ning parameters from dark corners of Web Archives
rallel and Pipelined HTTP GET Utility
orld's first search engine for Internet-connected devices
scover Your Attack Surface
tracting URLs of a specific target based on the results of "commoncrawl.org"
mall tool to Grab subdomains using Shodan api.
 ack surface detector that identifies endpoints by static analysis
tomated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
con profile (bash profile) for bugbounty
ol for advanced mining for content on Github
e fastest and cross-platform subdomain enumerator, do not waste your time.
tch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
ly automated offensive security framework for reconnaissance and vulnerability scanning
st subdomains enumeration tool for penetration testers
scover new target domains using Content Security Policy
redibly fast crawler designed for OSINT.
bdomain Enumeration Wordlist. 8956437 unique words. Updated.
godo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
aphQL Server Engine Fingerprinting utility
tch all the URLs that the Wayback Machine knows about for a domain
ectory/File, DNS and VHost busting tool written in Go
tomation for javascript recon in bug bounty.
aintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
aking Favicon.ico based Recon Great again !
d endpoints on GitHub.
line dns / subdomain / recon tool
st and accurate DNS resolver.
Security Tool for Enumerating WebSockets
Ngine is an automated reconnaissance framework meant for gathering information during penetration testing of web application
In One, Fast, Easy Recon Tool
SINT automation for hackers
Powerful Subdomain Takeover Tool
ively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.
python tool to check subdomain takeover vulnerability
st CLI DNS Lookup Tool
conFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning
modified version of gau for personal usage. Support workers, proxies and some extra things.
ool to perform permutations, mutations and alteration of subdomains in golang.
bfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be us
px is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the
bdomain enumeration tool to collect subdomains and analyzing domains
dden parameters discovery suite
line dns recon & research, find & lookup dns records
hourly updated list of subdomains gathered from certificate transparency logs
Tool for Domain Flyovers
ickly discover exposed hosts on the internet using multiple search engine.
spider - Fast web spider written in Go
 iderFoot automates OSINT collection so that you can focus on analysis.
tract URLs, paths, secrets, and other interesting bits from JavaScript
ool to fastly get all javascript sources/files
gowitness - a golang, web screenshot utility using Chrome Headless
ock Subdomain Scan
ass scan IPs for vulnerable services
tches javascript file from a list of URLS or subdomains.
verview - Get an overview of the list of URLs
Information Gathering tool dns/subdomain/port enumeration
ke a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
mple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
d subdomains on GitHub
stomized Password/Passphrase List inputting Target Info
drop-in replacement for Nmap powered by shodan.io
ramWizard is a powerful Python-based tool designed for extracting and identifying URLs with parameters from a specified webs
nerates permutations, alterations and mutations of subdomains and then resolves them
NS Analysis Tool
redns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS po
bdomain takeover vulnerability checker
cretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
anning APK file for URIs, endpoints & secrets.
bdomain finder
ast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for at
tomation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in
next-generation crawling and spidering framework.
e fastest dork scanner written in Go.
econ tool that allows searching on URLs that are exposed via shortener services
Bash script and Docker image for Bug Bounty reconnaissance.
tch many paths for many hosts - without killing the hosts
d domains and subdomains related to a given domain
eb path scanner
TP parameter discovery suite.
eForAll是一款功能强大的子域收集工具
connaissance tool for GitHub organizations
sx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers
client to communicate with Chaos DNS API.
bdomain Takeover tool written in Go
ast, simple, recursive content discovery tool written in Rust.
ast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
WT brute force cracker written in C
ast go based param miner to fuzz possible parameters a URL can have.
aphQL security auditing script with a focus on performing batch GraphQL queries and mutations
eb application fuzzer
st web fuzzer written in Go
tDotPwn - The Directory Traversal Fuzzer
mple HS256 JWT token brute force cracker
aphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
tain GraphQL API schema even if the introspection is disabled
wt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and ve
s tool for brute discover GET and POST parameters.
orld's fastest and most advanced password recovery utility
tomatic SSRF fuzzer and exploitation tool
tomatically brute force all services running on a target.
ackQL is a GraphQL password brute-force and fuzzing utility.
ntextual Content Discovery Tool
tomatic SSTI detection tool with interactive interface
apid HTTP downgrade smuggling scanner written in Go.
ast tool to scan CRLF vulnerability written in Go

automated SSRF finder. Just give the domain name and your server and chill
stest recursive HTTP fuzzer, like a Ferrari.
uzzer for finding anomalies and analyzing how servers respond to different HTTP headers
llo! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.
assive SQL injection vulnerability scanner
an for open AWS S3 buckets and dump the contents
kto web server scanner
iker is an offensive information and vulnerability scanner.
rsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
st Header Injection Checker
tomatic SQL injection and database takeover tool
ost advanced XSS scanner.
ototype pollution scanner using headless chrome
ent Side Prototype Pollution Scanner
nting For Secrets Uploaded To Public S3 Buckets
ster xss scanner,support reflected-xss and dom-xss
Dalfox is a powerful open-source XSS scanner and utility focused on automation.
pular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
TP Request Smuggling Detection Tool
to Scanning to SSL Vulnerability
en Redirection Analyzer
Fuzzer for OpenRedirect issues
automatic XSS discovery tool
eb application vulnerability scanner
ke a list of domains and probe for working HTTP and HTTPS servers
avascript static security analysis tool
ool for IDN homograph attacks and detection.
clei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
ol for introspection of SSL\TLS sessions
mn Small SQLi Scanner
oss Origin Resource Sharing MisConfiguration Scanner
rver-Side Template Injection and Code Injection Detection and Exploitation Tool
map - the Network Mapper. Github mirror of official SVN repository.
Sql Injection CLI tool
powerful pentesting tool for detecting and exploiting dependency confusion vulnerabilities in Node.js projects
nimalized Test Cache Poisoning
lnerability (XSS) scanner exploit
werfull XSS Scanning and Parameter analysis tool&gem
bsocket-connection-smuggler
OM XSS scanner for Single Page Applications
S/SQLi spider. Give it a URL and it'll test every link it finds for XSS and some SQLi.

ol to check for dependency confusion vulnerabilities in NuGet package management systems

tomated NoSQL database enumeration and web application exploitation tool.
ol to check for dependency confusion vulnerabilities in multiple package management systems
-Leak Browser Test Suite
clops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source
ols to perform basic search on GitHub.
icial repository vuls Scan
oss Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applic
mple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple req
alth checks for your documentation links.
eb Application XSS Scanner
ebSocket Connection Smuggler
virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcar
simple SSRF-testing sheriff written in Go
ORS Misconfiguration Scanner
eb Application Security Scanner Framework
eb cache poisoning vulnerability scanner.
scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
OMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure de
ol to bypass 40X response codes.
e Most Advanced Client-Side Prototype Pollution Scanner
TP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smugg
 stomisable and automated HTTP header injection
tomated All-in-One OS Command Injection Exploitation Tool.
s tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by t
curity Tool to Look For Interesting Files in S3 Buckets
ast DOM based XSS vulnerability scanner with simplicity.
ast, specialized dead-link checker
sting TLS/SSL encryption anywhere on any port
b cache poison - Top 1 web hacking technique of 2019
PScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog
eb Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http:/
an git repos (or files) for secrets using regex and entropy 🔑
TP Request Smuggling Detection Tool
tally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
simple tool for interacting with OWASP ZAP from the commandline.
s small repo is meant to scan Github's repositories for potential Dependency confusion vulnerabilities.
e Multi-Tool Web Vulnerability Scanner.
Dar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
d dead-links (broken links)
muggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
ol to help exploit XXE vulnerabilities
ol for automatic exploitation of XXE vulnerability using direct and different out of band methods.
e Browser Exploitation Framework Project
lninja is a tool targeted to exploit SQL Injection vulnerabilities.
tomated pentest framework for offensive security experts
XSS exploitation command-line interface and payload generator.
blazing fast™ multithreaded ROP Gadget finder. ropper
DNS rebinding attack framework.
advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
cal file inclusion exploitation tool
va RMI enumeration and attack tool.
mini webserver with FTP support for XXE payloads
s tool generates gopher link for exploiting SSRF and gaining RCE in various servers
e Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
entifying and exploiting CORS misconfigurations on the internal networks
command-line tool and library for generating regular expressions from user-provided test cases
s status code & content length checker
st of useful payloads and bypass for Web Application Security and Pentest/CTF
ty to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)
oof-of-concept codes created as part of security research done by Google Security Team.
open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses
s repository contains all the XSS cheatsheet data to allow contributions from the community.
tomated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
XSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server
curity test tool for Blind XSS
ncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic -

tator is a tool to generate DNS wordlists through permutations.

cLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in
epresent any GraphQL API as an interactive graph
ick SQLMap Tamper Suggester
Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In ad
serialization payload generator for a variety of .NET formatters
e Serverless Blind XSS App
coding Only Your Choices
cept URLs on stdin, replace all query string values with a user-supplied value
F Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic) parameters grep
rl, run and test HTTP requests.
OOB interaction gathering server and client library
plication for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
rses GraphQL introspection schema and generates possible queries
Out-of-Band XXE server for retrieving file contents over FTP.
TP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac
clutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability sca
ickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.
ool for embedding XXE/XML exploits into different filetypes
curity Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which on
sically a regexp over a GitHub search.
tomated Red Team Infrastructure deployement using Docker
mple command-line snippet manager, written in Go.
rbo Intruder Scripts
oudflare Checker written in Go
simple variable based template editor using handlebarjs+strapdownjs. The idea is to use variables in markdown based files to e
line tool for creating UML sequence diagrams
tomated & Manual Wordlists provided by Assetnote
oject-blacklist3r
cky Slack - a bash script that sends beautiful messages to Slack
s tool downloads, installs, and configures a shiny new copy of Chromium.
hwul's online tools
sted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
er and enrich a list of subdomains by level
neric colouriser
 ool to dump Java serialization streams in a more human readable form.
S payloads designed to turn alert(1) into P1
command-line fuzzy finder
I utility to post files and command output to slack
e BOAST Outpost for AppSec Testing (v0.1.0)
nd-XSS listener with payloads
eekly updated list of missing CVEs in nuclei templates official repository
kes a list of URLs and returns their HTTP response codes
ake JSON greppable!
incredibly fast proxy checker & IP rotator with ease.
mmunity curated list of templates for the nuclei engine to find security vulnerabilities.
ol for catching and logging different types of requests.
ery single day new templates are added to this repo based on updates on Wordfence.com
stom pentesting tools
odern, user-friendly command-line HTTP client for the API era
simple implementation of ZipBomb in Python
Broken-URL Checker
cat(1) clone with wings.
eate a ZIPBomb for a given uncompressed size (flat and nested modes).
nd notifications on different channels such as Slack, Telegram, Discord etc.
collection of hacks and one-off scripts
command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, S
e Fairly Fast Fetcher. Requests a bunch of URLs provided on stdin fairly quickly.
en source API development ecosystem
T - Bug Bounty Tools
wrapper around grep, to help you grep for things
me files for bruteforcing certain things.
ll out bits of URLs provided on stdin
an I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
d exploits in local and online databases instantly
mmunity edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in
nd XSS service alerting over slack or email
external brain that remembers anything, anytime, anywhere.
tructural diff that understands syntax
line CSP Evaluator from google
ite any JavaScript with 6 Characters
obe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
d blind XSS but why not gather data while you're at it.
PoC auto collect from GitHub. Be careful malware.
collapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
ool for adding new lines to files, skipping duplicates
 S'OR - Hack with JavaScript.
golang utility to spider through a website searching for additional links.
ting git repository from URL/User/Org
eractive cli tool for HTTP inspection
proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
e format of various s3 buckets is convert in one format. for bugbounty and security testing.
e Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
plication Security Automation
ntest environment deployer (kali linux + targets) using vagrant and chef.
eb Application Security Testing automation.

Star

Star
story of website
extension for checking if .git is exposed in visited websites
WT En/Decode and Verify
oxy Switch in Firefox and Chrome
browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configura
itThisCookie is the famous Google Chrome/Chromium extension for editing cookies
e all-in-one Red Team extension for Web Pentester 🛠
addon to manage (view, search, create, edit, remove, backup, restore) cookies on Firefox.
browser extension which allows ZAP to interact directly with the browser.
rk mode to any site
efox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs
sign a proxy to a Firefox container
efox/Burp extension that provide usefull tools for your security audit.
ick and easy way to switch between user-agents.
Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually
d-on to clear browser cache with a single click or via the F9 key.
rk mode to any site
Firefox Web Extension to improve the discovery of DOM XSS.

Star
e Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying p
e Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying p

Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful inf
entifies common parameters vulnerable to certain vulnerability classes

is is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for y

enBetter is a frontend Caido plugin that makes the Caido experience even better

ap importer for Burp

ackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protob
Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.
cause just a dark theme wasn't enough!

enBetterExtensions allows you to quicky install and keep updated Caido extensions.

rp Suite extension to perform Kerberos authentication

burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
PC-Pentest-Suite is set of tools for pentesting / hacking gRPC Web (gRPC-Web) applications.
P add-on which allows mapping of responses to content of a chosen local file.
rp Extension for Web3

idope - caido plugin

tomatically look for paramater reflections in the HTTP response
tebook Caido Plugin

Burp Extension designed to identify argument injection vulnerabilities.

proved decoder for Burp Suite

rp Extension for AWS Signing

tomated HTTP Request Repeating With Burp Suite

 Tags Badges
infra
pentest
live-audit
pentest crawl recon exploit
mitmproxy live-audit crawl
mitmproxy live-audit crawl
mitmproxy
mitmproxy
mitmproxy
mitmproxy
mitmproxy
mitmproxy
mitmproxy
param
subdomains
osint

favicon
dns

portscan

subdomains

subdomains
crawl
url
osint
portscan
dns

js-analysis
js-analysis
param

osint

url
subdomains
 endpoint url attack-surface

subdomains
url

subdomains
csp
osint crawl
subdomains

graphql
url
subdomains
js-analysis
dns

subdomains online
dns

applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather informatio

osint
subdomains takeover

subdomains takeover
dns
m scanning and finding out vulnerabilities
url
subdomains
subdomains
url
subdomains

dns online
subdomains
domain

crawl
 osint
js-analysis
js-analysis

subdomains
port
url subdomains
url
subdomains dns port
crawl
crawl
subdomains

port
param
dns subdomains
dns
subdomains dns
subdomains takeover

apk url endpoint

subdomains
portscan
results in separated files.
crawl

url

subdomains

param

dns

subdomains takeover

prototypepollution prototype-pollution
jwt
param
graphql

path-traversal
jwt
graphql
graphql
jwt
param cache-vuln

ssrf

graphql

ssti
smuggle fuzz
crlf

ssrf

header

sqli
s3

cors
header
sqli
xss
prototypepollution prototype-pollution
prototypepollution prototype-pollution
s3
xss
xss
sqli xss lfi rfi

ssl

xss
 js-analysis

ssl
sqli
cors

portscan
nosqli
dependency-confusion
cache-vuln
xss
xss
smuggle
xss
xss

dependency-confusion
nosqli
dependency-confusion

xss

xss
sqli
broken-link
xss
smuggle
und wildcards, aliases and dynamic default pages.
ssrf
cors

cache-vuln
prototypepollution prototype-pollution
xss
403
prototypepollution prototype-pollution
est Smuggling in 2020.
 header
exploit
ersion by the frontend server.
s3
xss
broken-link
ssl
cache-vuln
s and blog maintainers to test the security of their WordPress websites.
cache-vuln

smuggle

dependency-confusion

403
broken-link
smuggle
xxe
xxe
xss
sqli

xss
rop

sqli
lfi
RMI

ssrf

cors

url

xxe xss

xss
 report
xss blind-xss
oast dns
xss blind-xss
g magic - and its fully scriptable with Python (PSE)

wordlist documents
graphql
sqli
ence. In addition, it was written as go
deserialize
xss blind-xss
encode

oast

graphql
xxe

url

crawl

infra

d files to easily replace the variables with content. Data is saved temporarily in local storage. PHP is only needed to generate th
online
wordlist documents

notify

online
payload
subdomains
 deserialize
xss documents

notify
oast
xss blind-xss
nuclei-templates

json

nuclei-templates
oast
nuclei-templates

http
zipbomb
url

zipbomb
notify

R, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers
url
http

wordlist documents
url

exploit
nuclei-templates
xss blind-xss
clipboard
diff
csp
xss
deserialize
xss blind-xss

fuzz
xss
url

http
deserialize
s3

pentest

Tags Badges

Tags Badges

jwt

dom xss
cookie

cookie
browser-record
darkmode

js-analysis

xss

Tags Badges
endpoint url attack-surface
endpoint url attack-surface

param
param subdomains
js-analysis
 js-analysis
param
param cache-vuln
param
smuggle
smuggle
aaa
csp
aaa
oast
encode ssrf darkmode

jwt

the protobuf type definition.

encode ssrf darkmode

gRPC-Web

web3

xss
note
oints, and gather information.
only needed to generate the list of files in the dropdown of templates.
P and RTMP. libcurl offers a myriad of powerful features