├── Header Injection.md
├── Command Injection.md
├── CSRF Injection.md
├── Insecure Direct Object References.md
├── postMessage.md
├── Open Redirect.md
├── CORS Misconfiguration.md
├── CRLF Injection.md
├── File Inclusion.md
├── Request Smuggling.md
├── Directory Traversal.md
├── Git.md
├── GraphQL Injection.md
├── Insecure Deserialization.md
├── Passwords.md
├── Race Condition.md
├── Parameter.md
├── CMS.md
├── Port Scanning.md
├── JSON Web Token.md
├── README.md
├── Technologies.md
├── Fuzzing.md
├── XXE Injection.md
├── JavaScript Endpoint and Link Extraction Tools.md
├── Screenshot.md
├── Content Discovery.md
├── Subdomain Takeover.md
├── Uncategorized.md
├── SQL Injection.md
├── Buckets.md
├── Vulnerability Scanners.md
├── Server Side Request Forgery.md
├── Secrets.md
├── Subdomain Enumeration.md
└── XSS Injection.md


/Header Injection.md:
--------------------------------------------------------------------------------
1 | # Header Injection
2 | 
3 | - **headi** - Customizable and automated HTTP header injection
4 |   - [GitHub](https://github.com/mlcsec/headi)
5 | 


--------------------------------------------------------------------------------
/Command Injection.md:
--------------------------------------------------------------------------------
1 | # Command Injection
2 | 
3 | **commix** - Automated All-in-One OS command injection and exploitation tool.
4 | - [GitHub](https://github.com/commixproject/commix)
5 | 


--------------------------------------------------------------------------------
/CSRF Injection.md:
--------------------------------------------------------------------------------
1 | # CSRF Injection
2 | 
3 | **XSRFProbe** - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
4 | - [GitHub](https://github.com/0xInfection/XSRFProbe)
5 | 


--------------------------------------------------------------------------------
/Insecure Direct Object References.md:
--------------------------------------------------------------------------------
1 | # Insecure Direct Object References
2 | 
3 | - **Autorize** - Automatic authorization enforcement detection extension for Burp Suite written in Jython developed by Barak Tawily.
4 |   - [GitHub](https://github.com/Quitten/Autorize)
5 | 


--------------------------------------------------------------------------------
/postMessage.md:
--------------------------------------------------------------------------------
1 | # postMessage
2 | 
3 | - **postMessage-tracker** - A Chrome Extension to track postMessage usage (url, domain, and stack) both by logging using CORS and also visually as an extension-icon.
4 |   - [GitHub](https://github.com/fransr/postMessage-tracker)
5 | 
6 | - **PostMessage_Fuzz_Tool** - A tool for bug bounty hunters and web developers to fuzz test postMessage.
7 |   - [GitHub](https://github.com/kiranreddyrebel/PostMessage_Fuzz_Tool)
8 | 


--------------------------------------------------------------------------------
/Open Redirect.md:
--------------------------------------------------------------------------------
 1 | # Open Redirect 
 2 | - **Oralyzer** - Open Redirection Analyzer.
 3 |   - [GitHub](https://github.com/r0075h3ll/Oralyzer)
 4 | 
 5 | - **Injectus** - CRLF and open redirect fuzzer.
 6 |   - [GitHub](https://github.com/BountyStrike/Injectus)
 7 | 
 8 | - **dom-red** - Small script to check a list of domains against open redirect vulnerability.
 9 |   - [GitHub](https://github.com/Naategh/dom-red)
10 | 
11 | - **OpenRedireX** - A Fuzzer for OpenRedirect issues.
12 |   - [GitHub](https://github.com/devanshbatham/OpenRedireX)
13 | 


--------------------------------------------------------------------------------
/CORS Misconfiguration.md:
--------------------------------------------------------------------------------
 1 | # CORS Misconfiguration
 2 | 
 3 | - **Corsy** - CORS Misconfiguration Scanner
 4 |   - [GitHub](https://github.com/s0md3v/Corsy)
 5 | 
 6 | - **CORStest** - A simple CORS misconfiguration scanner
 7 |   - [GitHub](https://github.com/RUB-NDS/CORStest)
 8 | 
 9 | - **cors-scanner** - A multi-threaded scanner that helps identify CORS flaws/misconfigurations
10 |   - [GitHub](https://github.com/laconicwolf/cors-scanner)
11 | 
12 | - **CorsMe** - Cross Origin Resource Sharing MisConfiguration Scanner
13 |   - [GitHub](https://github.com/Shivangx01b/CorsMe)
14 | 


--------------------------------------------------------------------------------
/CRLF Injection.md:
--------------------------------------------------------------------------------
 1 | #  CRLF Injection
 2 | - **CRLFsuite** - A fast tool specially designed to scan CRLF injection
 3 |   - [GitHub](https://github.com/Nefcore/CRLFsuite)
 4 | 
 5 | - **crlfuzz** - A fast tool to scan CRLF vulnerability written in Go
 6 |   - [GitHub](https://github.com/dwisiswant0/crlfuzz)
 7 | 
 8 | - **CRLF-Injection-Scanner** - Command line tool for testing CRLF injection on a list of domains
 9 |   - [GitHub](https://github.com/MichaelStott/CRLF-Injection-Scanner)
10 | 
11 | - **Injectus** - CRLF and open redirect fuzzer
12 |   - [GitHub](https://github.com/BountyStrike/Injectus)
13 | 


--------------------------------------------------------------------------------
/File Inclusion.md:
--------------------------------------------------------------------------------
 1 | # File Inclusion
 2 | 
 3 | - **liffy** - Local file inclusion exploitation tool
 4 |   - [GitHub](https://github.com/mzfr/liffy)
 5 | 
 6 | - **Burp-LFI-tests** - Fuzzing for LFI using Burpsuite
 7 |   - [GitHub](https://github.com/Team-Firebugs/Burp-LFI-tests)
 8 | 
 9 | - **LFI-Enum** - Scripts to execute enumeration via LFI
10 |   - [GitHub](https://github.com/mthbernardes/LFI-Enum)
11 | 
12 | - **LFISuite** - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
13 |   - [GitHub](https://github.com/D35m0nd142/LFISuite)
14 | 
15 | - **LFI-files** - Wordlist to bruteforce for LFI
16 |   - [GitHub](https://github.com/hussein98d/LFI-files)
17 | 
18 | 


--------------------------------------------------------------------------------
/Request Smuggling.md:
--------------------------------------------------------------------------------
 1 | # Request Smuggling
 2 | 
 3 | - **http-request-smuggling** - HTTP Request Smuggling Detection Tool.
 4 |   - [GitHub](https://github.com/anshumanpattnaik/http-request-smuggling)
 5 | 
 6 | - **smuggler** - Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3.
 7 |   - [GitHub](https://github.com/defparam/smuggler)
 8 | 
 9 | - **h2csmuggler** - HTTP Request Smuggling over HTTP/2 Cleartext (h2c).
10 |   - [GitHub](https://github.com/BishopFox/h2csmuggler)
11 | 
12 | - **tiscripts** - These scripts I use to create Request Smuggling Desync payloads for CLTE and TECL style attack.
13 |   - [GitHub](https://github.com/defparam/tiscripts)
14 | 


--------------------------------------------------------------------------------
/Directory Traversal.md:
--------------------------------------------------------------------------------
 1 | # Directory Traversal
 2 | 
 3 | 
 4 | - **dotdotpwn** - DotDotPwn - The Directory Traversal Fuzzer
 5 |   - [GitHub](https://github.com/wireghoul/dotdotpwn)
 6 | 
 7 | - **FDsploit** - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
 8 |   - [GitHub](https://github.com/chrispetrou/FDsploit)
 9 | 
10 | - **off-by-slash** - Burp extension to detect alias traversal via NGINX misconfiguration at scale.
11 |   - [GitHub](https://github.com/bayotop/off-by-slash)
12 | 
13 | - **liffier** - Tired of manually adding dot-dot-slash to your possible path traversal? This short snippet will increment ../ in the URL.
14 |   - [GitHub](https://github.com/momenbasel/liffier)
15 | 


--------------------------------------------------------------------------------
/Git.md:
--------------------------------------------------------------------------------
 1 | # Git
 2 | 
 3 | - **GitTools** - A repository with 3 tools for pwn'ing websites with .git repositories available.
 4 |   - [GitHub](https://github.com/internetwache/GitTools)
 5 | 
 6 | - **gitjacker** - Leak git repositories from misconfigured websites.
 7 |   - [GitHub](https://github.com/liamg/gitjacker)
 8 | 
 9 | - **git-dumper** - A tool to dump a git repository from a website.
10 |   - [GitHub](https://github.com/arthaud/git-dumper)
11 | 
12 | - **GitHunter** - A tool for searching a Git repository for interesting content.
13 |   - [GitHub](https://github.com/digininja/GitHunter)
14 | 
15 | - **dvcs-ripper** - Rip web accessible (distributed) version control systems: SVN/GIT/HG...
16 |   - [GitHub](https://github.com/kost/dvcs-ripper)
17 | 


--------------------------------------------------------------------------------
/GraphQL Injection.md:
--------------------------------------------------------------------------------
 1 | # GraphQL Injection
 2 | 
 3 | - **inql** - InQL - A Burp Extension for GraphQL Security Testing
 4 |   - [GitHub](https://github.com/doyensec/inql)
 5 | 
 6 | - **GraphQLmap** - GraphQLmap is a scripting engine to interact with a GraphQL endpoint for pentesting purposes.
 7 |   - [GitHub](https://github.com/swisskyrepo/GraphQLmap)
 8 | 
 9 | - **shapeshifter** - GraphQL security testing tool
10 |   - [GitHub](https://github.com/szski/shapeshifter)
11 | 
12 | - **graphql_beautifier** - Burp Suite extension to help make GraphQL requests more readable
13 |   - [GitHub](https://github.com/zidekmat/graphql_beautifier)
14 | 
15 | - **clairvoyance** - Obtain GraphQL API schema despite disabled introspection!
16 |   - [GitHub](https://github.com/nikitastupin/clairvoyance)
17 | 


--------------------------------------------------------------------------------
/Insecure Deserialization.md:
--------------------------------------------------------------------------------
 1 | # Insecure Deserialization
 2 | 
 3 | - **ysoserial** - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
 4 |   - [GitHub](https://github.com/frohoff/ysoserial)
 5 | 
 6 | - **GadgetProbe** - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
 7 |   - [GitHub](https://github.com/BishopFox/GadgetProbe)
 8 | 
 9 | - **ysoserial.net** - Deserialization payload generator for a variety of .NET formatters.
10 |   - [GitHub](https://github.com/pwntester/ysoserial.net)
11 | 
12 | - **phpggc** - PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
13 |   - [GitHub](https://github.com/ambionics/phpggc)
14 | 


--------------------------------------------------------------------------------
/Passwords.md:
--------------------------------------------------------------------------------
 1 | # Passwords
 2 | 
 3 | - **thc-hydra** - Hydra is a parallelized login cracker which supports numerous protocols to attack.
 4 |   - [GitHub](https://github.com/vanhauser-thc/thc-hydra)
 5 | 
 6 | - **DefaultCreds-cheat-sheet** - One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password.
 7 |   - [GitHub](https://github.com/ihebski/DefaultCreds-cheat-sheet)
 8 | 
 9 | - **changeme** - A default credential scanner.
10 |   - [GitHub](https://github.com/ztgrace/changeme)
11 | 
12 | - **BruteX** - Automatically brute force all services running on a target.
13 |   - [GitHub](https://github.com/1N3/BruteX)
14 | 
15 | - **patator** - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
16 |   - [GitHub](https://github.com/lanjelot/patator)
17 | 


--------------------------------------------------------------------------------
/Race Condition.md:
--------------------------------------------------------------------------------
 1 | # Race Condition
 2 | 
 3 | - **razzer** - A Kernel fuzzer focusing on race bugs.
 4 |   - [GitHub](https://github.com/compsec-snu/razzer)
 5 | 
 6 | - **racepwn** - Race Condition framework.
 7 |   - [GitHub](https://github.com/racepwn/racepwn)
 8 | 
 9 | - **requests-racer** - Small Python library that makes it easy to exploit race conditions in web apps with Requests.
10 |   - [GitHub](https://github.com/nccgroup/requests-racer)
11 | 
12 | - **turbo-intruder** - Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
13 |   - [GitHub](https://github.com/PortSwigger/turbo-intruder)
14 | 
15 | - **race-the-web** - Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
16 |   - [GitHub](https://github.com/TheHackerDev/race-the-web)
17 | 


--------------------------------------------------------------------------------
/Parameter.md:
--------------------------------------------------------------------------------
 1 | # HTTP Parameter Discovery Tools
 2 | 
 3 | - **parameth** - Tool for brute discovering GET and POST parameters.
 4 |   - [GitHub](https://github.com/maK-/parameth)
 5 | 
 6 | - **param-miner** - Extension that identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.
 7 |   - [GitHub](https://github.com/PortSwigger/param-miner)
 8 | 
 9 | - **ParamPamPam** - Tool for brute discovering GET and POST parameters.
10 |   - [GitHub](https://github.com/Bo0oM/ParamPamPam)
11 | 
12 | - **Arjun** - HTTP parameter discovery suite.
13 |   - [GitHub](https://github.com/s0md3v/Arjun)
14 | 
15 | - **ParamSpider** - Mines parameters from dark corners of Web Archives.
16 |   - [GitHub](https://github.com/devanshbatham/ParamSpider)
17 | 
18 | - **x8** - Hidden parameters discovery suite written in Rust.
19 |   - [GitHub](https://github.com/Sh1Yo/x8)
20 | 


--------------------------------------------------------------------------------
/CMS.md:
--------------------------------------------------------------------------------
 1 | # CMS
 2 | 
 3 | - **wpscan** - WPScan is a free, for non-commercial use, black box WordPress security scanner.
 4 |   - [GitHub](https://github.com/wpscanteam/wpscan)
 5 | 
 6 | - **WPSpider** - A centralized dashboard for running and scheduling WordPress scans powered by WPScan utility.
 7 |   - [GitHub](https://github.com/cyc10n3/WPSpider)
 8 | 
 9 | - **wprecon** - Wordpress Recon.
10 |   - [GitHub](https://github.com/blackcrw/wprecon)
11 | 
12 | - **CMSmap** - CMSmap is a Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
13 |   - [GitHub](https://github.com/Dionach/CMSmap)
14 | 
15 | - **joomscan** - OWASP Joomla Vulnerability Scanner Project.
16 |   - [GitHub](https://github.com/OWASP/joomscan)
17 | 
18 | - **pyfiscan** - Free web-application vulnerability and version scanner.
19 |   - [GitHub](https://github.com/fgeek/pyfiscan)
20 | 


--------------------------------------------------------------------------------
/Port Scanning.md:
--------------------------------------------------------------------------------
 1 | # Awesome Port Scanning Tools
 2 | 
 3 | - **masscan** - TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
 4 |   - [GitHub](https://github.com/robertdavidgraham/masscan)
 5 | 
 6 | - **RustScan** - The Modern Port Scanner
 7 |   - [GitHub](https://github.com/RustScan/RustScan)
 8 | 
 9 | - **naabu** - A fast port scanner written in Go with a focus on reliability and simplicity.
10 |   - [GitHub](https://github.com/projectdiscovery/naabu)
11 | 
12 | - **nmap** - Nmap - the Network Mapper. Github mirror of official SVN repository.
13 |   - [GitHub](https://github.com/nmap/nmap)
14 | 
15 | - **sandmap** - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
16 |   - [GitHub](https://github.com/trimstray/sandmap)
17 | 
18 | - **ScanCannon** - Combines the speed of masscan with the reliability and detailed enumeration of nmap
19 |   - [GitHub](https://github.com/johnnyxmas/ScanCannon)
20 | 


--------------------------------------------------------------------------------
/JSON Web Token.md:
--------------------------------------------------------------------------------
 1 | # JSON Web Token
 2 | 
 3 | - **jwt_tool** - A toolkit for testing, tweaking, and cracking JSON Web Tokens.
 4 |   - [GitHub](https://github.com/ticarpi/jwt_tool)
 5 | 
 6 | - **c-jwt-cracker** - JWT brute force cracker written in C.
 7 |   - [GitHub](https://github.com/brendan-rius/c-jwt-cracker)
 8 | 
 9 | - **jwt-heartbreaker** - The Burp extension to check JWT (JSON Web Tokens) for using keys known from public sources.
10 |   - [GitHub](https://github.com/wallarm/jwt-heartbreaker)
11 | 
12 | - **jwtear** - Modular command-line tool to parse, create, and manipulate JWT tokens for hackers.
13 |   - [GitHub](https://github.com/KINGSABRI/jwtear)
14 | 
15 | - **jwt-key-id-injector** - Simple Python script to check against hypothetical JWT vulnerabilities.
16 |   - [GitHub](https://github.com/dariusztytko/jwt-key-id-injector)
17 | 
18 | - **jwt-hack** - Tool for hacking/security testing JWT.
19 |   - [GitHub](https://github.com/hahwul/jwt-hack)
20 | 
21 | - **jwt-cracker** - Simple HS256 JWT token brute force cracker.
22 |   - [GitHub](https://github.com/lmammino/jwt-cracker)
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Awesome Bug Bounty Tools
 2 | 
 3 | - **Recon**
 4 |   - [Subdomain Enumeration](#)
 5 |   - [Port Scanning](#)
 6 |   - [Screenshots](#)
 7 |   - [Technologies](#)
 8 |   - [Content Discovery](#)
 9 |   - [Links](#)
10 |   - [Parameters](#)
11 |   - [Fuzzing](#)
12 |   
13 | - **Exploitation**
14 |   - [Command Injection](#)
15 |   - [CORS Misconfiguration](#)
16 |   - [CRLF Injection](#)
17 |   - [CSRF Injection](#)
18 |   - [Directory Traversal](#)
19 |   - [File Inclusion](#)
20 |   - [GraphQL Injection](#)
21 |   - [Header Injection](#)
22 |   - [Insecure Deserialization](#)
23 |   - [Insecure Direct Object References](#)
24 |   - [Open Redirect](#)
25 |   - [Race Condition](#)
26 |   - [Request Smuggling](#)
27 |   - [Server Side Request Forgery](#)
28 |   - [SQL Injection](#)
29 |   - [XSS Injection](#)
30 |   - [XXE Injection](#)
31 |   
32 | - **Miscellaneous**
33 |   - [Passwords](#)
34 |   - [Secrets](#)
35 |   - [Git](#)
36 |   - [Buckets](#)
37 |   - [CMS](#)
38 |   - [JSON Web Token](#)
39 |   - [postMessage](#)
40 |   - [Subdomain Takeover](#)
41 |   - [Uncategorized](#)
42 | 


--------------------------------------------------------------------------------
/Technologies.md:
--------------------------------------------------------------------------------
 1 | # Website Technology Identification and Scanning Tools
 2 | 
 3 | - **wappalyzer** - Identify technology on websites.
 4 |   - [GitHub](https://github.com/AliasIO/wappalyzer)
 5 | 
 6 | - **webanalyze** - Port of Wappalyzer to automate mass scanning and uncover technologies used on websites.
 7 |   - [GitHub](https://github.com/rverton/webanalyze)
 8 | 
 9 | - **python-builtwith** - BuiltWith API client.
10 |   - [GitHub](https://github.com/claymation/python-builtwith)
11 | 
12 | - **whatweb** - Next generation web scanner.
13 |   - [GitHub](https://github.com/urbanadventurer/whatweb)
14 | 
15 | - **retire.js** - Scanner detecting the use of JavaScript libraries with known vulnerabilities.
16 |   - [GitHub](https://github.com/RetireJS/retire.js)
17 | 
18 | - **httpx** - Fast and multi-purpose HTTP toolkit that allows running multiple probers using retryablehttp library, designed for result reliability with increased threads.
19 |   - [GitHub](https://github.com/projectdiscovery/httpx)
20 | 
21 | - **fingerprintx** - Standalone utility for service discovery on open ports that works well with other popular bug bounty command line tools.
22 |   - [GitHub](https://github.com/praetorian-inc/fingerprintx)
23 | 


--------------------------------------------------------------------------------
/Fuzzing.md:
--------------------------------------------------------------------------------
 1 | # Web Application Fuzzing Tools
 2 | 
 3 | - **wfuzz** - Web application fuzzer.
 4 |   - [GitHub](https://github.com/xmendez/wfuzz)
 5 | 
 6 | - **ffuf** - Fast web fuzzer written in Go.
 7 |   - [GitHub](https://github.com/ffuf/ffuf)
 8 | 
 9 | - **fuzzdb** - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
10 |   - [GitHub](https://github.com/fuzzdb-project/fuzzdb)
11 | 
12 | - **IntruderPayloads** - Collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads, and web pentesting methodologies and checklists.
13 |   - [GitHub](https://github.com/1N3/IntruderPayloads)
14 | 
15 | - **fuzz.txt** - Collection of potentially dangerous files.
16 |   - [GitHub](https://github.com/Bo0oM/fuzz.txt)
17 | 
18 | - **fuzzilli** - JavaScript Engine Fuzzer.
19 |   - [GitHub](https://github.com/googleprojectzero/fuzzilli)
20 | 
21 | - **fuzzapi** - Tool for REST API pentesting using API_Fuzzer gem.
22 |   - [GitHub](https://github.com/Fuzzapi/fuzzapi)
23 | 
24 | - **qsfuzz** - Query String Fuzz allows you to build your own rules to fuzz query strings and identify vulnerabilities.
25 |   - [GitHub](https://github.com/ameenmaali/qsfuzz)
26 | 
27 | - **vaf** - Very advanced (web) fuzzer written in Nim.
28 |   - [GitHub](https://github.com/d4rckh/vaf)
29 | 


--------------------------------------------------------------------------------
/XXE Injection.md:
--------------------------------------------------------------------------------
 1 | # XXE Injection
 2 | 
 3 | - **ground-control** - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
 4 |   - [GitHub](https://github.com/jobertabma/ground-control)
 5 | 
 6 | - **dtd-finder** - List DTDs and generate XXE payloads using those local DTDs.
 7 |   - [GitHub](https://github.com/GoSecure/dtd-finder)
 8 | 
 9 | - **docem** - Utility to embed XXE and XSS payloads in docx, odt, pptx, etc. (OXML_XEE on steroids).
10 |   - [GitHub](https://github.com/whitel1st/docem)
11 | 
12 | - **xxeserv** - A mini webserver with FTP support for XXE payloads.
13 |   - [GitHub](https://github.com/staaldraad/xxeserv)
14 | 
15 | - **xxexploiter** - Tool to help exploit XXE vulnerabilities.
16 |   - [GitHub](https://github.com/luisfontes19/xxexploiter)
17 | 
18 | - **B-XSSRF** - Toolkit to detect and keep track of Blind XSS, XXE & SSRF.
19 |   - [GitHub](https://github.com/SpiderMate/B-XSSRF)
20 | 
21 | - **XXEinjector** - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
22 |   - [GitHub](https://github.com/enjoiz/XXEinjector)
23 | 
24 | - **oxml_xxe** - A tool for embedding XXE/XML exploits into different file types.
25 |   - [GitHub](https://github.com/BuffaloWill/oxml_xxe)
26 | 
27 | - **metahttp** - A bash script that automates the scanning of a target network for HTTP resources through XXE.
28 |   - [GitHub](https://github.com/vp777/metahttp)
29 | 


--------------------------------------------------------------------------------
/JavaScript Endpoint and Link Extraction Tools.md:
--------------------------------------------------------------------------------
 1 | # JavaScript Endpoint and Link Extraction Tools
 2 | 
 3 | - **LinkFinder** - A Python script that finds endpoints in JavaScript files.
 4 |   - [GitHub](https://github.com/GerbenJavado/LinkFinder)
 5 | 
 6 | - **JS-Scan** - A .js scanner built in PHP, designed to scrape URLs and other info.
 7 |   - [GitHub](https://github.com/zseano/JS-Scan)
 8 | 
 9 | - **LinksDumper** - Extracts links/possible endpoints from responses and filters them via decoding/sorting.
10 |   - [GitHub](https://github.com/arbazkiraak/LinksDumper)
11 | 
12 | - **GoLinkFinder** - A fast and minimal JS endpoint extractor.
13 |   - [GitHub](https://github.com/0xsha/GoLinkFinder)
14 | 
15 | - **BurpJSLinkFinder** - Burp Extension for passive scanning of JS files for endpoint links.
16 |   - [GitHub](https://github.com/InitRoot/BurpJSLinkFinder)
17 | 
18 | - **urlgrab** - A Golang utility to spider through a website searching for additional links.
19 |   - [GitHub](https://github.com/IAmStoxe/urlgrab)
20 | 
21 | - **waybackurls** - Fetch all the URLs that the Wayback Machine knows about for a domain.
22 |   - [GitHub](https://github.com/tomnomnom/waybackurls)
23 | 
24 | - **gau** - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
25 |   - [GitHub](https://github.com/lc/gau)
26 | 
27 | - **getJS** - A tool to quickly get all JavaScript sources/files.
28 |   - [GitHub](https://github.com/003random/getJS)
29 | 
30 | - **linx** - Reveals invisible links within JavaScript files.
31 |   - [GitHub](https://github.com/riza/linx)
32 | 


--------------------------------------------------------------------------------
/Screenshot.md:
--------------------------------------------------------------------------------
 1 | # Website Screenshot and Analysis Tools
 2 | 
 3 | - **EyeWitness** - Designed to take screenshots of websites, provide server header info, and identify default credentials if possible.
 4 |   - [GitHub](https://github.com/FortyNorthSecurity/EyeWitness)
 5 | 
 6 | - **aquatone** - A tool for visual inspection of websites across a large amount of hosts, convenient for quickly gaining an overview of HTTP-based attack surface.
 7 |   - [GitHub](https://github.com/michenriksen/aquatone)
 8 | 
 9 | - **screenshoteer** - Make website screenshots and mobile emulations from the command line.
10 |   - [GitHub](https://github.com/vladocar/screenshoteer)
11 | 
12 | - **gowitness** - A web screenshot utility using Chrome Headless, written in Golang.
13 |   - [GitHub](https://github.com/sensepost/gowitness)
14 | 
15 | - **WitnessMe** - Web inventory tool that takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides extra features.
16 |   - [GitHub](https://github.com/byt3bl33d3r/WitnessMe)
17 | 
18 | - **eyeballer** - Convolutional neural network for analyzing pentest screenshots.
19 |   - [GitHub](https://github.com/BishopFox/eyeballer)
20 | 
21 | - **scrying** - A tool for collecting RDP, web, and VNC screenshots all in one place.
22 |   - [GitHub](https://github.com/nccgroup/scrying)
23 | 
24 | - **Depix** - Recovers passwords from pixelized screenshots.
25 |   - [GitHub](https://github.com/beurtschipper/Depix)
26 | 
27 | - **httpscreenshot** - A tool for grabbing screenshots and HTML of large numbers of websites.
28 |   - [GitHub](https://github.com/breenmachine/httpscreenshot/)
29 | 


--------------------------------------------------------------------------------
/Content Discovery.md:
--------------------------------------------------------------------------------
 1 | # Web Path and Content Discovery Tools
 2 | 
 3 | - **gobuster** - Directory/File, DNS, and VHost busting tool written in Go.
 4 |   - [GitHub](https://github.com/OJ/gobuster)
 5 | 
 6 | - **recursebuster** - Rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments.
 7 |   - [GitHub](https://github.com/C-Sto/recursebuster)
 8 | 
 9 | - **feroxbuster** - A fast, simple, recursive content discovery tool written in Rust.
10 |   - [GitHub](https://github.com/epi052/feroxbuster)
11 | 
12 | - **dirsearch (maurosoria)** - Web path scanner.
13 |   - [GitHub](https://github.com/maurosoria/dirsearch)
14 | 
15 | - **dirsearch (evilsocket)** - A Go implementation of dirsearch.
16 |   - [GitHub](https://github.com/evilsocket/dirsearch)
17 | 
18 | - **filebuster** - An extremely fast and flexible web fuzzer.
19 |   - [GitHub](https://github.com/henshin/filebuster)
20 | 
21 | - **dirstalk** - Modern alternative to dirbuster/dirb.
22 |   - [GitHub](https://github.com/stefanoj3/dirstalk)
23 | 
24 | - **dirbuster-ng** - C CLI implementation of the Java dirbuster tool.
25 |   - [GitHub](https://github.com/digination/dirbuster-ng)
26 | 
27 | - **gospider** - Fast web spider written in Go.
28 |   - [GitHub](https://github.com/jaeles-project/gospider)
29 | 
30 | - **hakrawler** - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
31 |   - [GitHub](https://github.com/hakluke/hakrawler)
32 | 
33 | - **crawley** - Fast, feature-rich Unix-way web scraper/crawler written in Golang.
34 |   - [GitHub](https://github.com/s0rg/crawley)
35 | 


--------------------------------------------------------------------------------
/Subdomain Takeover.md:
--------------------------------------------------------------------------------
 1 | # Subdomain Takeover
 2 | 
 3 | - **subjack** - Subdomain Takeover tool written in Go.
 4 |   - [GitHub](https://github.com/haccer/subjack)
 5 | 
 6 | - **SubOver** - A Powerful Subdomain Takeover Tool.
 7 |   - [GitHub](https://github.com/Ice3man543/SubOver)
 8 | 
 9 | - **autoSubTakeover** - A tool used to check if a CNAME resolves to the scope address to detect subdomain takeover possibilities.
10 |   - [GitHub](https://github.com/JordyZomer/autoSubTakeover)
11 | 
12 | - **NSBrute** - Python utility to takeover domains vulnerable to AWS NS Takeover.
13 |   - [GitHub](https://github.com/shivsahni/NSBrute)
14 | 
15 | - **can-i-take-over-xyz** - A list of services and how to claim (sub)domains with dangling DNS records.
16 |   - [GitHub](https://github.com/EdOverflow/can-i-take-over-xyz)
17 | 
18 | - **cnames** - Tool to take a list of resolved subdomains and output any corresponding CNAMES en masse.
19 |   - [GitHub](https://github.com/cybercdh/cnames)
20 | 
21 | - **subHijack** - Hijacking forgotten & misconfigured subdomains.
22 |   - [GitHub](https://github.com/vavkamil/old-repos-backup/tree/master/subHijack-master)
23 | 
24 | - **tko-subs** - A tool to detect and takeover subdomains with dead DNS records.
25 |   - [GitHub](https://github.com/anshumanbh/tko-subs)
26 | 
27 | - **HostileSubBruteforcer** - App to bruteforce for existing subdomains and check 3rd party host setups.
28 |   - [GitHub](https://github.com/nahamsec/HostileSubBruteforcer)
29 | 
30 | - **second-order** - Second-order subdomain takeover scanner.
31 |   - [GitHub](https://github.com/mhmdiaa/second-order)
32 | 
33 | - **takeover** - Tool for testing subdomain takeover possibilities at a mass scale.
34 |   - [GitHub](https://github.com/mzfr/takeover)
35 | 
36 | - **dnsReaper** - DNS Reaper, emphasizing accuracy, speed, and a large number of signatures for subdomain takeover.
37 |   - [GitHub](https://github.com/punk-security/dnsReaper)
38 | 


--------------------------------------------------------------------------------
/Uncategorized.md:
--------------------------------------------------------------------------------
 1 | # Uncategorized
 2 | 
 3 | - **JSONBee** - A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
 4 |   - [GitHub](https://github.com/zigoo0/JSONBee)
 5 | 
 6 | - **CyberChef** - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.
 7 |   - [GitHub](https://github.com/gchq/CyberChef)
 8 | 
 9 | - **bountyplz** - Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported).
10 |   - [GitHub](https://github.com/fransr/bountyplz)
11 | 
12 | - **PayloadsAllTheThings** - A list of useful payloads and bypass for Web Application Security and Pentest/CTF.
13 |   - [GitHub](https://github.com/swisskyrepo/PayloadsAllTheThings)
14 | 
15 | - **bounty-targets-data** - This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports.
16 |   - [GitHub](https://github.com/arkadiyt/bounty-targets-data)
17 | 
18 | - **android-security-awesome** - A collection of android security related resources.
19 |   - [GitHub](https://github.com/ashishb/android-security-awesome)
20 | 
21 | - **awesome-mobile-security** - An effort to build a single place for all useful android and iOS security related stuff.
22 |   - [GitHub](https://github.com/vaib25vicky/awesome-mobile-security)
23 | 
24 | - **awesome-vulnerable-apps** - Awesome Vulnerable Applications.
25 |   - [GitHub](https://github.com/vavkamil/awesome-vulnerable-apps)
26 | 
27 | - **XFFenum** - X-Forwarded-For [403 forbidden] enumeration.
28 |   - [GitHub](https://github.com/vavkamil/XFFenum)
29 | 
30 | - **httpx** - httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads.
31 |   - [GitHub](https://github.com/projectdiscovery/httpx)
32 | 


--------------------------------------------------------------------------------
/SQL Injection.md:
--------------------------------------------------------------------------------
 1 | # SQL Injection
 2 | 
 3 | - **sqlmap** - Automatic SQL injection and database takeover tool.
 4 |   - [GitHub](https://github.com/sqlmapproject/sqlmap)
 5 | 
 6 | - **NoSQLMap** - Automated NoSQL database enumeration and web application exploitation tool.
 7 |   - [GitHub](https://github.com/codingo/NoSQLMap)
 8 | 
 9 | - **SQLiScanner** - Automatic SQL injection with Charles and sqlmap API.
10 |   - [GitHub](https://github.com/0xbug/SQLiScanner)
11 | 
12 | - **SleuthQL** - Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
13 |   - [GitHub](https://github.com/RhinoSecurityLabs/SleuthQL)
14 | 
15 | - **mssqlproxy** - A toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse.
16 |   - [GitHub](https://github.com/blackarrowsec/mssqlproxy)
17 | 
18 | - **sqli-hunter** - A simple HTTP/HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
19 |   - [GitHub](https://github.com/zt2/sqli-hunter)
20 | 
21 | - **waybackSqliScanner** - Gather URLs from Wayback Machine then test each GET parameter for SQL injection.
22 |   - [GitHub](https://github.com/ghostlulzhacks/waybackSqliScanner)
23 | 
24 | - **ESC** - Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.
25 |   - [GitHub](https://github.com/NetSPI/ESC)
26 | 
27 | - **mssqli-duet** - SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing.
28 |   - [GitHub](https://github.com/Keramas/mssqli-duet)
29 | 
30 | - **burp-to-sqlmap** - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.
31 |   - [GitHub](https://github.com/Miladkhoshdel/burp-to-sqlmap)
32 | 
33 | - **BurpSQLTruncSanner** - Messy BurpSuite plugin for SQL Truncation vulnerabilities.
34 |   - [GitHub](https://github.com/InitRoot/BurpSQLTruncSanner)
35 | 
36 | - **andor** - Blind SQL Injection Tool with Golang.
37 |   - [GitHub](https://github.com/sadicann/andor)
38 | 
39 | - **Blinder** - A Python library to automate time-based blind SQL injection.
40 |   - [GitHub](https://github.com/mhaskar/Blinder)
41 | 
42 | - **sqliv** - Massive SQL injection vulnerability scanner.
43 |   - [GitHub](https://github.com/the-robot/sqliv)
44 | 
45 | - **nosqli** - NoSQL Injection CLI tool, for finding vulnerable websites using MongoDB.
46 |   - [GitHub](https://github.com/Charlie-belmer/nosqli)
47 | 


--------------------------------------------------------------------------------
/Buckets.md:
--------------------------------------------------------------------------------
 1 | # Buckets
 2 | 
 3 | - **S3Scanner** - Scan for open AWS S3 buckets and dump the contents.
 4 |   - [GitHub](https://github.com/sa7mon/S3Scanner)
 5 | 
 6 | - **AWSBucketDump** - Security Tool to Look For Interesting Files in S3 Buckets.
 7 |   - [GitHub](https://github.com/jordanpotti/AWSBucketDump)
 8 | 
 9 | - **CloudScraper** - Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
10 |   - [GitHub](https://github.com/jordanpotti/CloudScraper)
11 | 
12 | - **s3viewer** - Publicly Open Amazon AWS S3 Bucket Viewer.
13 |   - [GitHub](https://github.com/SharonBrizinov/s3viewer)
14 | 
15 | - **festin** - FestIn - S3 Bucket Weakness Discovery.
16 |   - [GitHub](https://github.com/cr0hn/festin)
17 | 
18 | - **s3reverse** - Convert various S3 bucket formats for bug bounty and security testing.
19 |   - [GitHub](https://github.com/hahwul/s3reverse)
20 | 
21 | - **mass-s3-bucket-tester** - Test a list of S3 buckets for directory listings or upload capabilities.
22 |   - [GitHub](https://github.com/random-robbie/mass-s3-bucket-tester)
23 | 
24 | - **S3BucketList** - Firefox plugin that lists Amazon S3 Buckets found in requests.
25 |   - [GitHub](https://github.com/AlecBlance/S3BucketList)
26 | 
27 | - **dirlstr** - Finds Directory Listings or open S3 buckets from a list of URLs.
28 |   - [GitHub](https://github.com/cybercdh/dirlstr)
29 | 
30 | - **Burp-AnonymousCloud** - Burp extension that identifies cloud buckets and tests for vulnerabilities.
31 |   - [GitHub](https://github.com/codewatchorg/Burp-AnonymousCloud)
32 | 
33 | - **kicks3** - S3 bucket finder from HTML, JS, and bucket misconfiguration testing tool.
34 |   - [GitHub](https://github.com/abuvanth/kicks3)
35 | 
36 | - **2tearsinabucket** - Enumerate S3 buckets for a specific target.
37 |   - [GitHub](https://github.com/Revenant40/2tearsinabucket)
38 | 
39 | - **s3_objects_check** - Evaluate effective S3 object permissions to identify publicly accessible files.
40 |   - [GitHub](https://github.com/nccgroup/s3_objects_check)
41 | 
42 | - **s3tk** - A security toolkit for Amazon S3.
43 |   - [GitHub](https://github.com/ankane/s3tk)
44 | 
45 | - **CloudBrute** - Awesome cloud enumerator.
46 |   - [GitHub](https://github.com/0xsha/CloudBrute)
47 | 
48 | - **s3cario** - Tool to check if a domain is a valid Amazon S3 bucket and retrieve its CNAME.
49 |   - [GitHub](https://github.com/0xspade/s3cario)
50 | 
51 | - **S3Cruze** - All-in-one AWS S3 bucket tool for pentesters.
52 |   - [GitHub](https://github.com/JR0ch17/S3Cruze)
53 | 


--------------------------------------------------------------------------------
/Vulnerability Scanners.md:
--------------------------------------------------------------------------------
 1 | # Vulnerability Scanners
 2 | 
 3 | - **nuclei** - Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
 4 |   - [GitHub](https://github.com/projectdiscovery/nuclei)
 5 | 
 6 | - **Sn1per** - Automated pentest framework for offensive security experts.
 7 |   - [GitHub](https://github.com/1N3/Sn1per)
 8 | 
 9 | - **metasploit-framework** - Metasploit Framework.
10 |   - [GitHub](https://github.com/rapid7/metasploit-framework)
11 | 
12 | - **nikto** - Nikto web server scanner.
13 |   - [GitHub](https://github.com/sullo/nikto)
14 | 
15 | - **arachni** - Web Application Security Scanner Framework.
16 |   - [GitHub](https://github.com/Arachni/arachni)
17 | 
18 | - **jaeles** - The Swiss Army knife for automated Web Application Testing.
19 |   - [GitHub](https://github.com/jaeles-project/jaeles)
20 | 
21 | - **retire.js** - Scanner detecting the use of JavaScript libraries with known vulnerabilities.
22 |   - [GitHub](https://github.com/RetireJS/retire.js)
23 | 
24 | - **Osmedeus** - Fully automated offensive security framework for reconnaissance and vulnerability scanning.
25 |   - [GitHub](https://github.com/j3ssie/Osmedeus)
26 | 
27 | - **getsploit** - Command line utility for searching and downloading exploits.
28 |   - [GitHub](https://github.com/vulnersCom/getsploit)
29 | 
30 | - **flan** - A vulnerability scanner.
31 |   - [GitHub](https://github.com/cloudflare/flan)
32 | 
33 | - **Findsploit** - Find exploits in local and online databases instantly.
34 |   - [GitHub](https://github.com/1N3/Findsploit)
35 | 
36 | - **BlackWidow** - Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
37 |   - [GitHub](https://github.com/1N3/BlackWidow)
38 | 
39 | - **backslash-powered-scanner** - Finds unknown classes of injection vulnerabilities.
40 |   - [GitHub](https://github.com/PortSwigger/backslash-powered-scanner)
41 | 
42 | - **Eagle** - Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities.
43 |   - [GitHub](https://github.com/BitTheByte/Eagle)
44 | 
45 | - **cariddi** - Take a list of domains, crawl URLs, and scan for endpoints, secrets, API keys, file extensions, tokens, and more.
46 |   - [GitHub](https://github.com/edoardottt/cariddi)
47 | 
48 | - **OWASP ZAP** - World’s most popular free web security tools and is actively maintained by a dedicated international team of volunteers.
49 |   - [GitHub](https://github.com/zaproxy/zaproxy)
50 | 


--------------------------------------------------------------------------------
/Server Side Request Forgery.md:
--------------------------------------------------------------------------------
 1 | # Server Side Request Forgery
 2 | 
 3 | - **SSRFmap** - Automatic SSRF fuzzer and exploitation tool.
 4 |   - [GitHub](https://github.com/swisskyrepo/SSRFmap)
 5 | 
 6 | - **Gopherus** - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers.
 7 |   - [GitHub](https://github.com/tarunkant/Gopherus)
 8 | 
 9 | - **ground-control** - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
10 |   - [GitHub](https://github.com/jobertabma/ground-control)
11 | 
12 | - **SSRFire** - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects.
13 |   - [GitHub](https://github.com/micha3lb3n/SSRFire)
14 | 
15 | - **httprebind** - Automatic tool for DNS rebinding-based SSRF attacks.
16 |   - [GitHub](https://github.com/daeken/httprebind)
17 | 
18 | - **ssrf-sheriff** - A simple SSRF-testing sheriff written in Go.
19 |   - [GitHub](https://github.com/teknogeek/ssrf-sheriff)
20 | 
21 | - **B-XSSRF** - Toolkit to detect and keep track on Blind XSS, XXE & SSRF.
22 |   - [GitHub](https://github.com/SpiderMate/B-XSSRF)
23 | 
24 | - **extended-ssrf-search** - Smart ssrf scanner using different methods like parameter brute forcing in post and get.
25 |   - [GitHub](https://github.com/Damian89/extended-ssrf-search)
26 | 
27 | - **gaussrf** - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.
28 |   - [GitHub](https://github.com/KathanP19/gaussrf)
29 | 
30 | - **ssrfDetector** - Server-side request forgery detector.
31 |   - [GitHub](https://github.com/JacobReynolds/ssrfDetector)
32 | 
33 | - **grafana-ssrf** - Authenticated SSRF in Grafana.
34 |   - [GitHub](https://github.com/RandomRobbieBF/grafana-ssrf)
35 | 
36 | - **sentrySSRF** - Tool to searching sentry config on page or in javascript files and check blind SSRF.
37 |   - [GitHub](https://github.com/xawdxawdx/sentrySSRF)
38 | 
39 | - **lorsrf** - Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods.
40 |   - [GitHub](https://github.com/knassar702/lorsrf)
41 | 
42 | - **singularity** - A DNS rebinding attack framework.
43 |   - [GitHub](https://github.com/nccgroup/singularity)
44 | 
45 | - **whonow** - A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53).
46 |   - [GitHub](https://github.com/brannondorsey/whonow)
47 | 
48 | - **dns-rebind-toolkit** - A front-end JavaScript toolkit for creating DNS rebinding attacks.
49 |   - [GitHub](https://github.com/brannondorsey/dns-rebind-toolkit)
50 | 
51 | - **dref** - DNS Rebinding Exploitation Framework.
52 |   - [GitHub](https://github.com/FSecureLABS/dref)
53 | 
54 | - **rbndr** - Simple DNS Rebinding Service.
55 |   - [GitHub](https://github.com/taviso/rbndr)
56 | 
57 | - **dnsFookup** - DNS rebinding toolkit.
58 |   - [GitHub](https://github.com/makuga01/dnsFookup)
59 | 


--------------------------------------------------------------------------------
/Secrets.md:
--------------------------------------------------------------------------------
 1 | # Secrets
 2 | 
 3 | - **git-secrets** - Prevents you from committing secrets and credentials into git repositories.
 4 |   - [GitHub](https://github.com/awslabs/git-secrets)
 5 | 
 6 | - **gitleaks** - Scan git repos (or files) for secrets using regex and entropy.
 7 |   - [GitHub](https://github.com/zricethezav/gitleaks)
 8 | 
 9 | - **truffleHog** - Searches through git repositories for high entropy strings and secrets, digging deep into commit history.
10 |   - [GitHub](https://github.com/dxa4481/truffleHog)
11 | 
12 | - **gitGraber** - Monitor GitHub to search and find sensitive data in real-time for different online services.
13 |   - [GitHub](https://github.com/hisxo/gitGraber)
14 | 
15 | - **talisman** - By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.
16 |   - [GitHub](https://github.com/thoughtworks/talisman)
17 | 
18 | - **GitGot** - Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
19 |   - [GitHub](https://github.com/BishopFox/GitGot)
20 | 
21 | - **git-all-secrets** - A tool to capture all the git secrets by leveraging multiple open source git searching tools.
22 |   - [GitHub](https://github.com/anshumanbh/git-all-secrets)
23 | 
24 | - **github-search** - Tools to perform basic search on GitHub.
25 |   - [GitHub](https://github.com/gwen001/github-search)
26 | 
27 | - **git-vuln-finder** - Finding potential software vulnerabilities from git commit messages.
28 |   - [GitHub](https://github.com/cve-search/git-vuln-finder)
29 | 
30 | - **commit-stream** - OSINT tool for finding GitHub repositories by extracting commit logs in real time from the GitHub event API.
31 |   - [GitHub](https://github.com/x1sec/commit-stream)
32 | 
33 | - **gitrob** - Reconnaissance tool for GitHub organizations.
34 |   - [GitHub](https://github.com/michenriksen/gitrob)
35 | 
36 | - **repo-supervisor** - Scan your code for security misconfiguration, search for passwords and secrets.
37 |   - [GitHub](https://github.com/auth0/repo-supervisor)
38 | 
39 | - **GitMiner** - Tool for advanced mining for content on GitHub.
40 |   - [GitHub](https://github.com/UnkL4b/GitMiner)
41 | 
42 | - **shhgit** - Ah shhgit! Find GitHub secrets in real time.
43 |   - [GitHub](https://github.com/eth0izzle/shhgit)
44 | 
45 | - **detect-secrets** - An enterprise friendly way of detecting and preventing secrets in code.
46 |   - [GitHub](https://github.com/Yelp/detect-secrets)
47 | 
48 | - **rusty-hog** - A suite of secret scanners built in Rust for performance. Based on TruffleHog.
49 |   - [GitHub](https://github.com/newrelic/rusty-hog)
50 | 
51 | - **whispers** - Identify hardcoded secrets and dangerous behaviours.
52 |   - [GitHub](https://github.com/Skyscanner/whispers)
53 | 
54 | - **yar** - Yar is a tool for plunderin' organizations, users and/or repositories.
55 |   - [GitHub](https://github.com/nielsing/yar)
56 | 
57 | - **dufflebag** - Search exposed EBS volumes for secrets.
58 |   - [GitHub](https://github.com/BishopFox/dufflebag)
59 | 
60 | - **secret-bridge** - Monitors Github for leaked secrets.
61 |   - [GitHub](https://github.com/duo-labs/secret-bridge)
62 | 
63 | - **earlybird** - EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
64 |   - [GitHub](https://github.com/americanexpress/earlybird)
65 | 
66 | - **Trufflehog-Chrome-Extension** - Trufflehog-Chrome-Extension.
67 |   - [GitHub](https://github.com/trufflesecurity/Trufflehog-Chrome-Extension)
68 | 


--------------------------------------------------------------------------------
/Subdomain Enumeration.md:
--------------------------------------------------------------------------------
 1 | # Subdomain Enumeration
 2 | 
 3 | - **Sublist3r** - Fast subdomains enumeration tool for penetration testers
 4 |   - [GitHub](https://github.com/aboul3la/Sublist3r)
 5 | 
 6 | - **Amass** - In-depth Attack Surface Mapping and Asset Discovery
 7 |   - [GitHub](https://github.com/OWASP/Amass)
 8 | 
 9 | - **massdns** - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
10 |   - [GitHub](https://github.com/blechschmidt/massdns)
11 | 
12 | - **Findomain** - The fastest and cross-platform subdomain enumerator, do not waste your time
13 |   - [GitHub](https://github.com/Findomain/Findomain)
14 | 
15 | - **Sudomy** - Sudomy is a subdomain enumeration tool to collect subdomains and analyze domains performing automated reconnaissance (recon) for bug hunting / pentesting
16 |   - [GitHub](https://github.com/Screetsec/Sudomy)
17 | 
18 | - **chaos-client** - Go client to communicate with Chaos DNS API
19 |   - [GitHub](https://github.com/projectdiscovery/chaos-client)
20 | 
21 | - **domained** - Multi Tool Subdomain Enumeration
22 |   - [GitHub](https://github.com/TypeError/domained)
23 | 
24 | - **bugcrowd-levelup-subdomain-enumeration** - Repository containing material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
25 |   - [GitHub](https://github.com/appsecco/bugcrowd-levelup-subdomainenumeration)
26 | 
27 | - **shuffledns** - shuffleDNS is a wrapper around massdns written in Go that allows you to enumerate valid subdomains using active bruteforce and resolves subdomains with wildcard handling and easy input-output
28 |   - [GitHub](https://github.com/projectdiscovery/shuffledns)
29 | 
30 | - **censys-subdomain-finder** - Perform subdomain enumeration using the certificate transparency logs from Censys
31 |   - [GitHub](https://github.com/christophetd/censys-subdomain-finder)
32 | 
33 | - **Turbolist3r** - Subdomain enumeration tool with analysis features for discovered domains
34 |   - [GitHub](https://github.com/fleetcaptain/Turbolist3r)
35 | 
36 | - **censys-enumeration** - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
37 |   - [GitHub](https://github.com/0xbharath/censys-enumeration)
38 | 
39 | - **tugarecon** - Fast subdomains enumeration tool for penetration testers
40 |   - [GitHub](https://github.com/LordNeoStark/tugarecon)
41 | 
42 | - **as3nt** - Another Subdomain Enumeration Tool
43 |   - [GitHub](https://github.com/cinerieus/as3nt)
44 | 
45 | - **Subra** - A Web-UI for subdomain enumeration (subfinder)
46 |   - [GitHub](https://github.com/si9int/Subra)
47 | 
48 | - **Substr3am** - Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
49 |   - [GitHub](https://github.com/nexxai/Substr3am)
50 | 
51 | - **domain** - enumall.py Setup script for Regon-ng
52 |   - [GitHub](https://github.com/jhaddix/domain/)
53 | 
54 | - **altdns** - Generates permutations, alterations and mutations of subdomains and then resolves them
55 |   - [GitHub](https://github.com/infosec-au/altdns)
56 | 
57 | - **brutesubs** - An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
58 |   - [GitHub](https://github.com/anshumanbh/brutesubs)
59 | 
60 | - **dns-parallel-prober** - Parallelised domain name prober to find as many subdomains of a given domain as fast as possible
61 |   - [GitHub](https://github.com/lorenzog/dns-parallel-prober)
62 | 
63 | - **dnscan** - dnscan is a Python wordlist-based DNS subdomain scanner
64 |   - [GitHub](https://github.com/rbsec/dnscan)
65 | 
66 | - **knock** - Knockpy is a Python tool designed to enumerate subdomains on a target domain through a wordlist
67 |   - [GitHub](https://github.com/guelfoweb/knock)
68 | 
69 | - **hakrevdns** - Small, fast tool for performing reverse DNS lookups en masse
70 |   - [GitHub](https://github.com/hakluke/hakrevdns)
71 | 
72 | - **dnsx** - Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers
73 |   - [GitHub](https://github.com/projectdiscovery/dnsx)
74 | 
75 | - **subfinder** - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites
76 |   - [GitHub](https://github.com/projectdiscovery/subfinder)
77 | 
78 | - **assetfinder** - Find domains and subdomains related to a given domain
79 |   - [GitHub](https://github.com/tomnomnom/assetfinder)
80 | 
81 | - **crtndstry** - Yet another subdomain finder
82 |   - [GitHub](https://github.com/nahamsec/crtndstry)
83 | 
84 | - **VHostScan** - A virtual host scanner that performs reverse lookups
85 |   - [GitHub](https://github.com/codingo/VHostScan)
86 | 
87 | - **scilla** - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
88 |   - [GitHub](https://github.com/edoardottt/scilla)
89 | 
90 | - **sub3suite** - A research-grade suite of tools for subdomain enumeration, intelligence gathering and attack surface mapping
91 |   - [GitHub](https://github.com/3nock/sub3suite)
92 | 


--------------------------------------------------------------------------------
/XSS Injection.md:
--------------------------------------------------------------------------------
  1 | # XSS Injection
  2 | 
  3 | - **XSStrike** - Most advanced XSS scanner.
  4 |   - [GitHub](https://github.com/s0md3v/XSStrike)
  5 | 
  6 | - **xssor2** - XSS'OR - Hack with JavaScript.
  7 |   - [GitHub](https://github.com/evilcos/xssor2)
  8 | 
  9 | - **xsscrapy** - XSS spider - 66/66 wavsep XSS detected.
 10 |   - [GitHub](https://github.com/DanMcInerney/xsscrapy)
 11 | 
 12 | - **sleepy-puppy** - Sleepy Puppy XSS Payload Management Framework.
 13 |   - [GitHub](https://github.com/Netflix-Skunkworks/sleepy-puppy)
 14 | 
 15 | - **ezXSS** - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
 16 |   - [GitHub](https://github.com/ssl/ezXSS)
 17 | 
 18 | - **xsshunter** - The XSS Hunter service - a portable version of XSSHunter.com.
 19 |   - [GitHub](https://github.com/mandatoryprogrammer/xsshunter)
 20 | 
 21 | - **dalfox** - DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang.
 22 |   - [GitHub](https://github.com/hahwul/dalfox)
 23 | 
 24 | - **xsser** - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
 25 |   - [GitHub](https://github.com/epsylon/xsser)
 26 | 
 27 | - **XSpear** - Powerful XSS Scanning and Parameter analysis tool&gem.
 28 |   - [GitHub](https://github.com/hahwul/XSpear)
 29 | 
 30 | - **weaponised-XSS-payloads** - XSS payloads designed to turn alert(1) into P1.
 31 |   - [GitHub](https://github.com/hakluke/weaponised-XSS-payloads)
 32 | 
 33 | - **tracy** - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
 34 |   - [GitHub](https://github.com/nccgroup/tracy)
 35 | 
 36 | - **ground-control** - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
 37 |   - [GitHub](https://github.com/jobertabma/ground-control)
 38 | 
 39 | - **xssValidator** - This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
 40 |   - [GitHub](https://github.com/nVisium/xssValidator)
 41 | 
 42 | - **JSShell** - An interactive multi-user web JS shell.
 43 |   - [GitHub](https://github.com/Den1al/JSShell)
 44 | 
 45 | - **bXSS** - bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
 46 |   - [GitHub](https://github.com/LewisArdern/bXSS)
 47 | 
 48 | - **docem** - Utility to embed XXE and XSS payloads in docx, odt, pptx, etc. (OXML_XEE on steroids).
 49 |   - [GitHub](https://github.com/whitel1st/docem)
 50 | 
 51 | - **XSS-Radar** - XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
 52 |   - [GitHub](https://github.com/bugbountyforum/XSS-Radar)
 53 | 
 54 | - **BruteXSS** - BruteXSS is a tool written in python simply to find XSS vulnerabilities in web application.
 55 |   - [GitHub](https://github.com/rajeshmajumdar/BruteXSS)
 56 | 
 57 | - **findom-xss** - A fast DOM based XSS vulnerability scanner with simplicity.
 58 |   - [GitHub](https://github.com/dwisiswant0/findom-xss)
 59 | 
 60 | - **domdig** - DOM XSS scanner for Single Page Applications.
 61 |   - [GitHub](https://github.com/fcavallarin/domdig)
 62 | 
 63 | - **femida** - Automated blind-XSS search for Burp Suite.
 64 |   - [GitHub](https://github.com/wish-i-was/femida)
 65 | 
 66 | - **B-XSSRF** - Toolkit to detect and keep track on Blind XSS, XXE & SSRF.
 67 |   - [GitHub](https://github.com/SpiderMate/B-XSSRF)
 68 | 
 69 | - **domxssscanner** - DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities.
 70 |   - [GitHub](https://github.com/yaph/domxssscanner)
 71 | 
 72 | - **xsshunter_client** - Correlated injection proxy tool for XSS Hunter.
 73 |   - [GitHub](https://github.com/mandatoryprogrammer/xsshunter_client)
 74 | 
 75 | - **extended-xss-search** - A better version of my xssfinder tool - scans for different types of XSS on a list of URLs.
 76 |   - [GitHub](https://github.com/Damian89/extended-xss-search)
 77 | 
 78 | - **xssmap** - XSSMap is a tool developed in Python3 for detecting XSS vulnerabilities.
 79 |   - [GitHub](https://github.com/Jewel591/xssmap)
 80 | 
 81 | - **XSSCon** - Simple XSS Scanner tool.
 82 |   - [GitHub](https://github.com/menkrep1337/XSSCon)
 83 | 
 84 | - **BitBlinder** - BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities.
 85 |   - [GitHub](https://github.com/BitTheByte/BitBlinder)
 86 | 
 87 | - **XSSOauthPersistence** - Maintaining account persistence via XSS and OAuth.
 88 |   - [GitHub](https://github.com/dxa4481/XSSOauthPersistence)
 89 | 
 90 | - **shadow-workers** - Shadow Workers is a free and open-source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW).
 91 |   - [GitHub](https://github.com/shadow-workers/shadow-workers)
 92 | 
 93 | - **rexsser** - This is a Burp plugin that extracts keywords from response using regexes and tests for reflected XSS on the target scope.
 94 |   - [GitHub](https://github.com/profmoriarity/rexsser)
 95 | 
 96 | - **xss-flare** - XSS hunter on Cloudflare serverless workers.
 97 |   - [GitHub](https://github.com/EgeBalci/xss-flare)
 98 | 
 99 | - **Xss-Sql-Fuzz** - Burpsuite plugin to add XSS and SQL payloads to all parameters and perform fuzzing.
100 |   - [GitHub](https://github.com/jiangsir404/Xss-Sql-Fuzz)
101 | 
102 | - **vaya-ciego-nen** - Detect, manage and exploit Blind Cross-site Scripting (XSS) vulnerabilities.
103 |   - [GitHub](https://github.com/hipotermia/vaya-ciego-nen)
104 | 
105 | - **dom-based-xss-finder** - Chrome extension that finds DOM based XSS vulnerabilities.
106 |   - [GitHub](https://github.com/AsaiKen/dom-based-xss-finder)
107 | 
108 | - **XSSTerminal** - Develop your own XSS Payload using interactive typing.
109 |   - [GitHub](https://github.com/machinexa2/XSSTerminal)
110 | 
111 | - **xss2png** - PNG IDAT chunks XSS payload generator.
112 |   - [GitHub](https://github.com/vavkamil/xss2png)
113 | 
114 | - **XSSwagger** - A simple Swagger-UI scanner that can detect old versions vulnerable to various XSS attacks.
115 |   - [GitHub](https://github.com/vavkamil/XSSwagger)
116 | 


--------------------------------------------------------------------------------