The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

A next-generation crawling and spidering framework.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Open-Source Phishing Toolkit

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Reconnaissance tool for GitHub organizations

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Cameradar hacks its way into RTSP videosurveillance cameras

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.

An OOB interaction gathering server and client library

A cross-platform command-line tool to convert images into ascii art and print them on the console. Now supports braille art!

Quickly discover exposed hosts on the internet using multiple search engines.

🔥 CHAOS is a free and open-source Remote Administration Tool that allow generate binaries to control remote operating systems.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

evilginx3 + gophish

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

A tool to capture all the git secrets by leveraging multiple open source git searching tools

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

search key to restore petya encrypted mft

HERCULES is a special payload generator that can bypass antivirus softwares.

nextnet is a pivot point discovery tool written in Go.

EGESPLOIT is a golang library for malware development

Library and tools to interact with and analyze Tor HSDirs.