FastAPI framework, high performance, easy to learn, fast to code, ready for production

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

GFPGAN aims at developing Practical Algorithms for Real-world Face Restoration.

Most advanced XSS scanner.

Incredibly fast crawler designed for OSINT.

📱 objection - runtime mobile exploration

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

A python script that finds endpoints in JavaScript files

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

An on-path blackbox network traffic security testing tool

cve-search - a tool to perform local searches for known vulnerabilities

DOM fuzzer

ODAT: Oracle Database Attacking Tool

A friendly car security exploration tool for the CAN bus

Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".

AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.

Tools for auditing WAFS

Subdomain finder

Extracts Key Values from .keytab files

Correlated injection proxy tool for XSS Hunter

🏰 A Python script for AWS S3 bucket enumeration.

A tool to uncover undocumented APIs from the AWS Console.

FBPCP (Facebook Private Computation Platform) is a secure, privacy safe and scalable architecture to deploy MPC (Multi Party Computation) applications in a distributed way on virtual private clouds…

Tool for exploiting SQL injection vulnerabilities that sqlmap can't find.