ad ldap enum |
0.1 |
LDAP enumeration |
https://github.com/CroweCybersecurity/ad-ldap-enum |
No Audit |
amass |
3.10.5 |
Attack surface mapping and asset discovery |
https://github.com/OWASP/Amass |
No Audit |
anew |
0.1.0 |
Append lines from stdin to a file |
https://github.com/tomnomnom/anew |
No Audit |
anti-burl |
0.1.0 |
Takes URLs on stdin, prints them to stdout if they return a 200 OK |
https://github.com/tomnomnom/hacks/tree/master/anti-burl |
No Audit |
aquatone |
1.7.0 |
Tool for domain flyovers |
https://github.com/michenriksen/aquatone |
No Audit |
arjun |
1.6 |
HTTP parameter discovery suite |
https://github.com/s0md3v/Arjun |
No Audit |
asnlookup |
0.1 |
Leverage ASN to look up IP addresses |
https://github.com/yassineaboukir/asnlookup |
No Audit |
assetfinder |
0.1.0 |
Find domains and subdomains |
https://github.com/tomnomnom/assetfinder |
No Audit |
atscan |
17.0.0 |
Mass exploit scanner |
https://github.com/AlisamTechnology/ATSCAN |
No Audit |
automater |
0.21 |
IP URL and MD5 OSINT analysis |
https://github.com/1aN0rmus/TekDefense-Automater |
No Audit |
backfuzz |
0.3.2 |
Protocol fuzzing toolkit |
https://github.com/localh0t/backfuzz |
No Audit |
barmie |
1.01 |
Java RMI enumeration and attack tool |
https://github.com/NickstaDB/BaRMIe |
No Audit |
barq |
0.1 |
AWS cloud post exploitation framework |
https://github.com/Voulnet/barq |
No Audit |
bbqsql |
1.2 |
Blind SQL injection exploitation tool |
https://github.com/Neohapsis/bbqsql |
No Audit |
bed |
0.5 |
Brute exploit detector |
https://github.com/crunchsec/bed |
No Audit |
beef |
0.5.0.0 |
Browser exploitation framework |
https://github.com/beefproject/beef |
No Audit |
bfac |
1.4 |
Backup file artifacts checker tool |
https://github.com/mazen160/bfac |
No Audit |
blacknurse |
0.1 |
Blacknurse attack |
https://github.com/jedisct1/blacknurse |
No Audit |
blackwidow |
0.1 |
WebApp fuzz scanner |
https://github.com/1N3/BlackWidow |
No Audit |
breacher |
0.1 |
Admin panel finder |
https://github.com/s0md3v/Breacher |
No Audit |
brutespray |
1.6.6 |
Brute forcing from Nmap output |
https://github.com/x90skysn3k/brutespray |
No Audit |
cardpwn |
1.4 |
OSINT tool to find breached credit cards info |
https://github.com/itsmehacker/CardPwn |
No Audit |
chameleon |
0.1 |
Evading proxy tool |
https://github.com/mdsecactivebreach/Chameleon |
No Audit |
cloudbrute |
1.0.5 |
Find company infra-structure |
https://github.com/0xsha/CloudBrute |
No Audit |
cloudsplaining |
0.2.0 |
AWS IAM Security Assessment tool |
https://github.com/salesforce/cloudsplaining |
No Audit |
commix |
3.1.62 |
Command injection and exploitation tool |
https://github.com/commixproject/commix |
No Audit |
corstest |
0.1 |
CORS scanner |
https://github.com/RUB-NDS/CORStest |
No Audit |
corsy |
0.1 |
CORS scanner |
https://github.com/s0md3v/Corsy |
No Audit |
cr3d0v3r |
0.4.4 |
Credential reuse attacks tool |
https://github.com/D4Vinci/Cr3dOv3r |
No Audit |
creddump |
0.3 |
Dump cached credentials |
https://github.com/moyix/creddump |
No Audit |
crlfuzz |
1.4.0 |
CRLF vulnerability scanner |
https://github.com/dwisiswant0/crlfuzz |
No Audit |
crossweb |
0.1 |
Private-public website verification |
https://github.com/buanzo/crossweb |
No Audit |
cryptonark |
0.5.7 |
SSL and PCI compliance scan tool |
https://www.techstacks.com |
No Audit |
cupp |
3.2.5 |
Common user passwords profiler |
https://github.com/Mebus/cupp |
No Audit |
davtest |
1.0 |
WebDAV servers test tool |
https://code.google.com/archive/p/davtest |
No Audit |
dirsearch |
0.3.9 |
Web path scanner |
https://github.com/maurosoria/dirsearch |
No Audit |
dnsenum |
1.2.4.2 |
Enumerate DNS information |
https://github.com/fwaeytens/dnsenum |
No Audit |
dnsmap |
0.30 |
DNS brute forcing tool |
https://code.google.com/archive/p/dnsmap |
No Audit |
dnsrecon |
0.10.0 |
Perform multiple dns queries |
https://github.com/darkoperator/dnsrecon |
No Audit |
dnswalk |
2.0.2 |
DNS debugger |
http://dnswalk.sourceforge.net |
No Audit |
domlink |
0.1.2 |
Discover organisation name |
https://github.com/vysecurity/DomLink |
No Audit |
dotdotpwn |
3.0.2 |
Directory traversal fuzzer |
http://dotdotpwn.sectester.net |
No Audit |
dsfs |
0.2 |
File inclusion vulnerability scanner |
https://github.com/stamparm/DSFS |
No Audit |
dsss |
0.3 |
SQLi Scanner |
https://github.com/stamparm/DSSS |
No Audit |
dsxs |
0.3 |
XSS scanner |
https://github.com/stamparm/DSXS |
No Audit |
endpoint finder |
0.1 |
Endpoint finder |
https://github.com/tarunkant/EndPoint-Finder |
No Audit |
ettu |
0.1 |
Recursive DNS brute forcer |
https://github.com/tomnomnom/hacks/tree/master/ettu |
No Audit |
evilurl |
2.0 |
IDN homograph attack generator |
https://github.com/UndeadSec/EvilURL |
No Audit |
exploit pattern |
0.1 |
Pattern string for exploit dev |
https://github.com/Svenito/exploit-pattern |
No Audit |
ffuf |
1.1.0 |
Web fuzzer |
https://github.com/ffuf/ffuf |
No Audit |
fimap |
1.00 |
LFI RFI scanner |
https://tha-imax.de/git/root/fimap |
No Audit |
finalrecon |
1.0.7 |
Web reconnaissance tool |
https://github.com/thewhiteh4t/FinalRecon |
No Audit |
fuxploider |
1.0 |
File upload vulnerability scanner |
https://github.com/almandin/fuxploider |
No Audit |
gau |
1.1.0 |
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.2 |
https://github.com/lc/gau |
No Audit |
gf |
0.1 |
Wrapper around grep |
https://github.com/tomnomnom/gf |
No Audit |
gitgraber |
0.1 |
Monitor GitHub to find sensitive data |
https://github.com/hisxo/gitGraber |
No Audit |
gitjacker |
0.0.2 |
Downloads git repositories |
https://github.com/liamg/gitjacker |
No Audit |
gitleaks |
4.2.0 |
Audit git repos for secrets |
https://github.com/zricethezav/gitleaks |
No Audit |
gitrob |
2.0.0 |
Reconnaissance tool for GitHub |
https://github.com/michenriksen/gitrob |
No Audit |
gmapsapiscanner |
0.1 |
Used for determining whether a leaked/found Google Maps API Key is vulnerable |
https://github.com/ozguralp/gmapsapiscanner |
No Audit |
goaltdns |
0.1 |
Subdomains permutation tool |
https://github.com/subfinder/goaltdns |
No Audit |
gobuster |
3.0.1 |
Directory file and DNS busting tool |
https://github.com/OJ/gobuster |
No Audit |
golinkfinder |
1.0.0 |
JS endpoint extractor |
https://github.com/0xsha/GoLinkFinder |
No Audit |
golismero |
2.0 |
Framework for web security testing |
https://github.com/golismero/golismero |
No Audit |
goofile |
1.5 |
Search for a specific file in a given domain |
https://code.google.com/archive/p/goofile |
No Audit |
gopherus |
0.1 |
Gopher link generator for exploiting SSRF |
https://github.com/tarunkant/Gopherus |
No Audit |
gospider |
1.1.2 |
Web spider |
https://github.com/jaeles-project/gospider |
No Audit |
gowitness |
1.3.3 |
Web screenshot utility |
https://github.com/sensepost/gowitness |
No Audit |
gron |
0.6.0 |
Make JSON greppable |
https://github.com/tomnomnom/gron |
No Audit |
hakrawler |
1.1 |
Web crawler |
https://github.com/hakluke/hakrawler |
No Audit |
hash buster |
3.0 |
Hash buster tool |
https://github.com/s0md3v/Hash-Buster |
No Audit |
hosthunter |
1.5 |
Recon tool for discovering hostnames |
https://github.com/SpiderLabs/HostHunter |
No Audit |
hostile subbruteforcer |
1.0 |
Bruteforce for existing subdomains |
https://github.com/nahamsec/HostileSubBruteforcer |
No Audit |
html tool |
0.1 |
HTML tool |
https://github.com/tomnomnom/hacks/tree/master/html-tool |
No Audit |
httprobe |
0.1.2 |
Domains and probe for HTTP and HTTPS |
https://github.com/tomnomnom/httprobe |
No Audit |
ident user enum |
1.0 |
Query ident service |
http://pentestmonkey.net/tools/ident-user-enum |
No Audit |
iis shortname scanner |
2.3.9 |
IIS short filename disclosure vulnerability |
https://github.com/irsdl/IIS-ShortName-Scanner |
No Audit |
infoga |
0.1.5 |
Email OSINT |
https://github.com/m4ll0k/Infoga |
No Audit |
inspy |
3.0.0 |
LinkedIn enumeration tool |
https://github.com/leapsecurity/InSpy |
No Audit |
interlace |
1.8.0 |
Automate pentest and bug bounty workflow |
https://github.com/codingo/Interlace |
No Audit |
jaeles |
0.9 |
Automate WebApp testing |
https://github.com/jaeles-project/jaeles |
No Audit |
jaeles signatures |
0.1 |
Jaeles signatures |
https://github.com/jaeles-project/jaeles-signatures |
No Audit |
javasnoop |
1.1 |
Intercept Java applications locally |
https://code.google.com/archive/p/javasnoop |
No Audit |
joomscan |
0.0.7 |
OWASP Joomla vulnerability scanner |
https://github.com/rezasp/joomscan |
No Audit |
jsparser |
1.0 |
Parse relative URLs from JavaScript files |
https://github.com/nahamsec/JSParser |
No Audit |
konan |
0.1 |
Web application dir scanner |
https://github.com/m4ll0k/Konan |
No Audit |
kubolt |
0.1 |
Kubernete scanner |
https://github.com/averonesis/kubolt |
No Audit |
lazys3 |
1.0 |
Bruteforce for AWS s3 buckets |
https://github.com/nahamsec/lazys3 |
No Audit |
leaklooker |
0.1 |
Find open databases |
https://github.com/woj-ciech/LeakLooker |
No Audit |
linkfinder |
1.0 |
Find endpoints in JavaScript |
https://github.com/GerbenJavado/LinkFinder |
No Audit |
masscan |
1.0.5 |
Asynchronous TCP port scanner |
https://github.com/robertdavidgraham/masscan |
No Audit |
massdns |
0.3 |
Subdomain enumeration |
https://github.com/blechschmidt/massdns |
No Audit |
medusa |
2.2 |
Login brute-forcer |
https://github.com/jmk-foofus/medusa |
No Audit |
meg |
0.2.4 |
Fetch many paths for many hosts |
https://github.com/tomnomnom/meg |
No Audit |
metagoofil |
2.2 |
Metadata harvester |
https://github.com/laramies/metagoofil |
No Audit |
mongoaudit |
0.1.0 |
MongoDB auditing and pentesting tool |
https://mongoaud.it |
No Audit |
nosqlmap |
0.7 |
Automated NoSQL database enumeration |
https://github.com/codingo/NoSQLMap |
No Audit |
nuclei |
1.1.4 |
Configurable targeted scanning |
https://github.com/projectdiscovery/nuclei |
No Audit |
pack |
0.0.1 |
Password analysis and cracking kit |
https://github.com/iphelix/pack |
No Audit |
padbuster |
0.3.3 |
Oracle attack tool |
https://github.com/GDSSecurity/PadBuster |
No Audit |
parameth |
1.3 |
Brute discover GET and POST parameters |
https://github.com/maK-/parameth |
No Audit |
parsero |
0.81 |
Robot txt audit tool |
https://github.com/behindthefirewalls/Parsero |
No Audit |
photon |
1.3.2 |
Crawler for OSINT |
https://github.com/s0md3v/Photon |
No Audit |
pwndb |
0.1 |
Search for leaked credentials |
https://github.com/davidtavarez/pwndb |
No Audit |
pwnedornot |
1.2.8 |
Find passwords for compromised email |
https://github.com/thewhiteh4t/pwnedOrNot |
No Audit |
qrljacker |
2.1.1 |
QRLJacking exploitation framework |
https://github.com/OWASP/QRLJacking |
No Audit |
qsfuzz |
1.0.2 |
Query string fuzz |
https://github.com/ameenmaali/qsfuzz |
No Audit |
qsreplace |
0.0.1 |
Replace all query string values |
https://github.com/tomnomnom/qsreplace |
No Audit |
r3con1z3r |
1.0.6 |
Web information gathering tool |
https://github.com/abdulgaphy/r3con1z3r |
No Audit |
recon-ng |
5.1.1 |
Open Source Intelligence gathering tool |
https://github.com/lanmaster53/recon-ng |
No Audit |
reconnoitre |
1.0 |
OSINT and service enumeration tool |
https://github.com/codingo/Reconnoitre |
No Audit |
retirejs |
1.1.1 |
Scanner detecting the use of JavaScript libraries with known vulnerabilities |
https://github.com/retirejs/retire.js |
No Audit |
rsmangler |
1.5 |
Wordlist mangling tool |
https://github.com/digininja/RSMangler |
No Audit |
s3-bucketeers |
0.1 |
AWS S3 bucket tool |
https://github.com/tomdev/teh_s3_bucketeers |
No Audit |
sandcastle |
1.2.4 |
AWS S3 bucket enumeration |
https://github.com/0xSearches/sandcastle |
No Audit |
scli |
0.2.2 |
Simple terminal user interface for signal messenger |
https://github.com/isamert/scli |
No Audit |
seclists |
2020.4 |
Collection of multiple types of lists used during security assessments |
https://github.com/danielmiessler/SecLists |
No Audit |
shhgit |
0.2 |
Find GitHub secrets in real time |
https://github.com/eth0izzle/shhgit |
No Audit |
signal-cli |
0.6.7 |
Commandline and dbus interface for signal messenger |
https://github.com/AsamK/signal-cli |
No Audit |
sipvicious |
0.3.1 |
Audit SIP based VoIP systems |
https://github.com/EnableSecurity/sipvicious |
No Audit |
smbmap |
1.8.2 |
SMB enumeration tool |
https://github.com/ShawnDEvans/smbmap |
No Audit |
smtp user enum |
1.2 |
SMTP user enum |
http://pentestmonkey.net |
No Audit |
snallygaster |
0.0.6 |
Scan for secret files on HTTP servers |
https://github.com/hannob/snallygaster |
No Audit |
social engineer toolkit |
8.0.3 |
Social engineer toolkit |
https://github.com/trustedsec/social-engineer-toolkit |
No Audit |
socialscan |
1.1.6 |
Social network user scanner |
https://github.com/trustedsec/social-engineer-toolkit |
No Audit |
spiderfoot |
3.0 |
OSINT collection and reconnaissance tool |
https://github.com/smicallef/spiderfoot |
No Audit |
spoofcheck |
0.1 |
Checks a domain for email protections |
https://github.com/BishopFox/spoofcheck |
No Audit |
sqlninja |
0.2.6-r1 |
SQL injection tool |
http://sqlninja.sourceforge.net |
No Audit |
ssrf testing |
0.1 |
Server side request forgery tool |
https://github.com/cujanovic/SSRF-Testing |
No Audit |
ssrfmap |
0.1 |
SSRF fuzzer exploitation tool |
https://github.com/swisskyrepo/SSRFmap |
No Audit |
subdomains brute |
0.1 |
Subdomain brute tool |
https://github.com/lijiejie/subDomainsBrute |
No Audit |
subfinder |
2.3.4 |
Subdomain discovery tool |
https://github.com/subfinder/subfinder |
No Audit |
subjack |
2.1 |
Subdomain takeover |
https://github.com/haccer/subjack |
No Audit |
subjs |
1.0.1 |
Fetches javascript file from a list of URLS or subdomains |
https://github.com/lc/subjs |
No Audit |
sublist3r |
1.1 |
Subdomains enumeration tool |
https://github.com/aboul3la/Sublist3r |
No Audit |
subscraper |
2.1.0 |
DNS brute force |
https://github.com/m8r0wn/subscraper |
No Audit |
subzy |
2.1.0 |
Subdomain takeover vulnerability checker |
https://github.com/LukaSikic/subzy |
No Audit |
takeover |
0.2 |
Subdomain takeover vulnerability scanner |
https://github.com/m4ll0k/takeover |
No Audit |
tko-subs |
0.1 |
Detect and takeover subdomains |
https://github.com/anshumanbh/tko-subs |
No Audit |
tplmap |
0.5 |
Code injection detection and exploitation tool |
https://github.com/epinna/tplmap |
No Audit |
ttpassgen |
1.1.2 |
Scriptable password dictionary generator |
https://github.com/tp7309/TTPassGen |
No Audit |
ua tester |
1.0.6 |
User agent string tester |
https://code.google.com/archive/p/ua-tester |
No Audit |
unfurl |
0.2.0 |
Pull out bits of URLs provided on stdin |
https://github.com/tomnomnom/unfurl |
No Audit |
urlcrazy |
0.5 |
Typo squatting tool |
https://www.morningstarsecurity.com |
No Audit |
urlhunter |
0.1.1 |
Recon tool that allows searching on URLs that are exposed via shortener services |
https://github.com/utkusen/urlhunter |
No Audit |
urlinsane |
0.6.1 |
Domain typo permutation engine |
https://github.com/cybint/urlinsane |
No Audit |
vinetto |
0.07 |
Forensics tool to examine thumbs db files |
http://vinetto.sourceforge.net |
No Audit |
virtual host discovery |
1.0 |
Enumerate virtual hosts |
https://github.com/jobertabma/virtual-host-discovery |
No Audit |
vulnx |
1.9 |
Shell injector for CMS |
https://github.com/anouarbensaad/vulnx |
No Audit |
wafw00f |
2.0.1 |
Fingerprint web application firewall |
https://github.com/EnableSecurity/wafw00f |
No Audit |
waybackurls |
0.0.2 |
Fetch URLs that Wayback Machine |
https://github.com/tomnomnom/waybackurls |
No Audit |
weblogic scanner |
0.1 |
Weblogic vulnerability scanner |
https://github.com/0xn0ne/weblogicScanner |
No Audit |
webscarab |
1631 |
WebApp review tool |
https://github.com/OWASP/OWASP-WebScarab |
No Audit |
weevely3 |
4.0.1 |
Weaponized web shell |
https://github.com/epinna/weevely3 |
No Audit |
wfuzz |
3.1.0 |
Web application fuzzer |
https://github.com/xmendez/wfuzz |
No Audit |
wig |
0.6 |
WebApp information gatherer |
https://github.com/jekyc/wig |
No Audit |
wpbullet |
0.1 |
Static code analysis for WordPress and PHP |
https://github.com/OWASP/wpBullet |
No Audit |
wuzz |
0.4.0 |
Interactive cli tool for HTTP inspection |
https://github.com/asciimoo/wuzz |
No Audit |
xsstrike |
3.1.5 |
XSS scanner |
https://github.com/s0md3v/XSStrike |
No Audit |
zephrfish |
0.1 |
Various Payload wordlists |
https://github.com/ZephrFish/Wordlists |
No Audit |