Domain and SSL Cert monitor System. 域名SSL证书监测平台

reNgine is an automated reconnaissance framework for web application

This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo

Web Pentesting Fuzz 字典,一个就够了。

A Workflow Engine for Offensive Security

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

Obfuscate Go builds

My Priv8 Nuclei Templates

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate re…

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

A list of public penetration test reports published by several consulting firms and academic security groups.

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amon…

Discover new target domains using Content Security Policy

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Interactive shell to execute commands anonymously using Proxychains and Tor

An step by step fuzzing tutorial. A GitHub Security Lab initiative

Tools to assess DNS security.

Exercises to learn how to fuzz with American Fuzzy Lop

Adversary Emulation Framework

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️