🌸 A command-line fuzzy finder

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find, verify, and analyze leaked credentials

Render markdown on the CLI, with pizzazz! 💅🏻

Make JSON greppable!

Fast web fuzzer written in Go

Fast passive subdomain enumeration tool.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

An OOB interaction gathering server and client library

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

A tool for adding new lines to files, skipping duplicates

A fast tool to scan CRLF vulnerability written in Go

Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.

Extract urls from text

Tool to bypass 403/40X response codes.

Subdomain takeover vulnerability checker

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

A utility to detect various technology for a given IP address.

🔒 Chromium's HSTS preload list submission website.

crawls the website and finds broken social media links that can be hijacked

Scrape domain names from SSL certificates of arbitrary hosts

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

DoS tool for HTTP requests (inspired by hulk but has more functionalities)

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across …