dt DNS tool that displays information about your domain. Features common records scanning (use -scan) validate DNSSEC chain (use -debug to see more info) change query speed for scanning (default 10 queries per second)...
OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...
murphysec MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline. Features Analyze dependencies being used by your project, including direct and indirect dependencies Detect...
h8mail Email OSINT and password finder. Use h8mail to find passwords through a different breach and reconnaissance services, or the infamous “Breach Compilation” torrent. Features 🔎 Email pattern matching (regexp), useful for all those raw HTML...
Truffle Hog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. NEW Trufflehog previously functioned by running entropy checks on git diffs....
HaE – Highlighter and Extractor HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names, and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
interactsh Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc. Features DNS/HTTP/SMTP Interaction support...
DongTai DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to...
sslscan tests SSL/TLS enabled services to discover supported cipher suites. This is a fork of ioerror’s version of sslscan. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 (POODLE)....
