Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Fetch all the URLs that the Wayback Machine knows about for a domain

Gospider - Fast web spider written in Go

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

✂️ Removing CDN IPs from the list of IP addresses

A tool for adding new lines to files, skipping duplicates

MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.

A next-generation crawling and spidering framework.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Pull out bits of URLs provided on stdin

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

A list of interesting payloads, tips and tricks for bug bounty hunters.

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

Fast passive subdomain enumeration tool.

This is a useful Python script for extracting bug bounty or any other write-ups from every RSS.

An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms.

Automatic SQL injection and database takeover tool

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Fast web fuzzer written in Go

Hidden parameters discovery suite

HTTP parameter discovery suite.

In-depth attack surface mapping and asset discovery

Find domains and subdomains related to a given domain

Smart Setup Server For BugBounty

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Fback is a tool that helps you create target-specific wordlists using a .json pattern.