🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Detect and bypass web application firewalls and protection systems

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

A CLI Swiss Army Knife for ChatGPT

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!

A fork and successor of the Sulley Fuzzing Framework

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

The Security Toolkit for LLM Interactions

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

Extract credentials from lsass remotely

Tool to scan for secret files on HTTP servers

Bluetooth Low Energy Swiss-army knife

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…

Uncover the true IP address of websites safeguarded by Cloudflare & Others

DOM fuzzer

Publications from Trail of Bits

The SpecterOps project management and reporting engine

Quark Agent - Your AI-powered Android APK Analyst

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Web vulnerability scanner written in Python3

PoC to record audio from a Bluetooth device

declutters url lists for crawling/pentesting

Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

An XSS exploitation command-line interface and payload generator.

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Obtain GraphQL API schema even if the introspection is disabled