Stars
SpideyX a multipurpose Web Penetration Testing tool with asynchronous concurrent performance with multiple mode and configurations.
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
A faster, simpler way to drive browsers supporting the Chrome DevTools Protocol.
Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Bypass-Four03 is a powerful bash tool designed to help testers bypass HTTP 403 forbidden errors through various path and header manipulation techniques. It also includes fuzzing for HTTP methods anโฆ
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
403/401 Bypass Methods + Bash Automation + Your Support ;)
Tool to look for several security related Android application vulnerabilities
A fast tool to fetch URLs from HTML attributes by crawl-in.
Making Favicon.ico based Recon Great again !
golang version for nmap service and application version detection (without nmap installation)
A humble, and ๐ณ๐ฎ๐๐, security-oriented HTTP headers analyzer.
Small, fast tool for performing reverse DNS lookups en masse.
The Swiss Army knife for automated Web Application Testing
ใ๐ใA tool used to hunt down API key leaks in JS files and pages
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Beda is a golang library for detecting how similar a two string
Firepwn is a tool made for testing the Security Rules of a firebase application.
This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.
๐ Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.