Web Client for Interactsh

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

A tool to fastly get all javascript sources/files

A fast and minimal JS endpoint extractor

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.

jSQL Injection is a Java application for automatic SQL database injection.

The fastest and cross-platform subdomain enumerator, do not waste your time.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

An OOB interaction gathering server and client library

BBT - Bug Bounty Tools

Subdomain takeover vulnerability checker

ShodanX is a tool to gather information of targets using shodan dorks⚡.

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

Fast DNS Lookup Library and CLI Tool

A CLI utility to fetch known URLs.

Quickly discover exposed hosts on the internet using multiple search engines.

Fast and customizable subdomain wordlist generator using DSL

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

Find credentials all over the place

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Scan for open S3 buckets and dump the contents

「🔑」A tool used to hunt down API key leaks in JS files and pages

Extract JavaScript source trees from Sourcemap files