Roadmap for Web Application Penetration Testing | FREE Resources (Not Pirated)

all bruteforces with python, ssh bf, wordpress bf, cpanel bf, mysql bf, etc

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Most advanced XSS scanner.

Search for leaked credentials

Domain name permutation engine written in Go

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Search emails from a domain through search engines

checklist for testing the web applications

Hide a process under Linux using the ld preloader (https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/)

The XSS Hunter service - a portable version of XSSHunter.com

Fast passive subdomain enumeration tool.

Download pictures (or videos) along with their captions and other metadata from Instagram.

Python AV Evasion Tools

Instagram mass account creator with fake Emails.

Instagram account creator

Instagram Account Creator 2024 - Not Maintained

Use this Instagram Bot to spam someone!

An open-source project. Instagram Messages Spammer/Bomber

DNS Enumeration Script

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Checking

Работа с логами Echelon, RedLine, Racoon, DCRat etc

New Redline Leak

🔑 Stealer written on C#, logs will be sent to Telegram bot.

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

A social networking service scraper in Python

People tracker on the Internet: OSINT analysis and research tool by Jose Pino