offensive-security
WhiteWinterWolf's PHP web shell
Fast and customizable subdomain wordlist generator using DSL
This is Sherlock's sister, Modern shiny CLI tool written with Golang to help you: 🔎 Hunt down social media accounts by username across social networks
A fast tool to scan CRLF vulnerability written in Go
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
Gotator is a tool to generate DNS wordlists through permutations.
A vast collection of security tools and resources curated by the community.
A library for parsing .DS_Store files and extracting file names
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…
A next-generation crawling and spidering framework.
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Unified repository for different Metasploit Framework payloads
Adversary tradecraft detection, protection, and hunting
Go client to communicate with Chaos DB API.
Automating situational awareness for cloud penetration tests.
🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
List of Awesome Asset Discovery Resources
The ultimate WinRM shell for hacking/pentesting
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
The official Python library for Shodan
Quickly discover exposed hosts on the internet using multiple search engines.
An XSS exploitation command-line interface and payload generator.
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!