Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find, verify, and analyze leaked credentials

In-depth attack surface mapping and asset discovery

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

Fast passive subdomain enumeration tool.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Go security checker

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

A Workflow Engine for Offensive Security

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

A Pluggable Terraform Linter

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Write tests against structured configuration data using the Open Policy Agent Rego query language

Scan for misconfigured S3 buckets across S3-compatible APIs!

Quickly discover exposed hosts on the internet using multiple search engines.

The Swiss Army knife for automated Web Application Testing

A tool to abuse Exchange services

Automating situational awareness for cloud penetration tests.

kubeaudit helps you audit your Kubernetes clusters against common security controls

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

OSINT tools and more but without API key

Peirates - Kubernetes Penetration Testing tool

The fastest dork scanner written in Go.

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).