Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

OSINT tool - gets data from services like shodan, censys etc. in one app

Collect XSS vulnerable parameters from entire domain.

🤒 A modern alternative network traffic sniffer.

An Office365 User Attack Tool

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

A tool for generating reverse shell payloads on the fly.

Enumerate Typo3 version and extensions

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Collection of offensive tools targeting Microsoft Azure

Intelligence tool but without API key

pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate re…

A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC

Accept URLs on stdin, replace all query string values with a user-supplied value

Finding all things on-prem Microsoft for password spraying and enumeration.

List of Github repositories and articles with list of dorks for different search engines

Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API…

An automated e-mail OSINT tool

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

crawls the website and finds broken social media links that can be hijacked

HTTP parameter discovery suite.

Scanner Tool For XSS Vulnerability

a drop-in replacement for Nmap powered by shodan.io

Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.

The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator

A python3 script searching for secret on swaggerhub