Get up and running with OpenAI gpt-oss, DeepSeek-R1, Gemma 3 and other models.

🌸 A command-line fuzzy finder

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

A vulnerability scanner for container images and filesystems

jq for binary formats - tool, language and decoders for working with binary and text formats

Go security checker

Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

A Workflow Engine for Offensive Security

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Fetch all the URLs that the Wayback Machine knows about for a domain

An OOB interaction gathering server and client library

Commandline tool for running SQL queries against JSON, CSV, Excel, Parquet, and more.

Scan for misconfigured S3 buckets across S3-compatible APIs!

iOS/macOS Research Swiss Army Knife

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

The Swiss Army knife for automated Web Application Testing

Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.

A wrapper around grep, to help you grep for things

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Extract URLs, paths, secrets, and other interesting bits from JavaScript

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

Pull out bits of URLs provided on stdin

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

Awesome cloud enumerator

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

A utility to detect various technology for a given IP address.

Accept URLs on stdin, replace all query string values with a user-supplied value