A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Learn regex the easy way

Simple Python version management

Automatic SQL injection and database takeover tool

World's fastest and most advanced password recovery utility

😱 A curated list of amazingly awesome OSINT

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Manage your app's Ruby environment

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

E-mails, subdomains and names Harvester - OSINT

The Rogue Access Point Framework

Web path scanner

Open-Source Phishing Toolkit

Directory/File, DNS and VHost busting tool written in Go

Exploitation Framework for Embedded Devices

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

Incredibly fast crawler designed for OSINT.

Fast subdomains enumeration tool for penetration testers

Attack Surface Management Platform

Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝

Scripted Local Linux Enumeration & Privilege Escalation Checks

Rewrite of the popular wireless network auditor, "wifite"

Infection Monkey - An open-source adversary emulation platform

Next generation web scanner

ZMap is a fast single packet network scanner designed for Internet-wide network surveys.