Super vulnerable todo list application

A fast, simple, recursive content discovery tool written in Rust.

Fast web fuzzer written in Go

Burp Extensions

Take a list of domains and probe for working HTTP and HTTPS servers

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Damn Vulnerable NodeJS Application

A python tool used to discover endpoints (and potential parameters) for a given target

Fetch all the URLs that the Wayback Machine knows about for a domain

The Last Web Recon Tool You'll Need

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Find way more from the Wayback Machine!

Resolve bulk host file list to IP addresses, ASN, and validate DNS.

Simple Google Dorks search tool

PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.

The OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widesprea…

Contextual Content Discovery Tool

An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.

Nuclei plugin for BurpSuite

OWASP Web Application Security Testing Checklist

⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)

Take a list of IP addresses and probe for working HTTP and HTTPS servers