Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Disk Usage/Free Utility - a better 'df' alternative

A next-generation crawling and spidering framework.

In-depth attack surface mapping and asset discovery

Fast passive subdomain enumeration tool.

Directory/File, DNS and VHost busting tool written in Go

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

IP address lookup service

The Swiss Army knife for automated Web Application Testing

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

Community curated list of public bug bounty and responsible disclosure programs.

An IIS short filename enumeration tool

Fetches javascript file from a list of URLS or subdomains.

Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

INFRASTRUCTURE、OPERATION SYSTEM and APPLICATION monitoring tools.

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Turns any junk text into a usable wordlist for brute-forcing.

Reveals invisible links within JavaScript files

Cross Origin Resource Sharing MisConfiguration Scanner

Urls status code & content length checker

Tool for making it easy to collect dns results from the CLI