domainim Domainim is a Blazing fast domain reconnaissance tool for bounty hunters written in Nim. Features Virtual hostname enumeration Reverse DNS lookup Subdomains as input Verbose output TCP port scanning with full user control...
JS-Tap JS-Tap is a generic JavaScript payload and supporting software to help red teamers attack webapps. The JS-Tap payload can be used as an XSS payload or as a post-exploitation implant. The payload does...
PeCoReT PeCoReT (Pentest Collaboration and Reporting Tool) is an open-source application to manage your pentest projects. PeCoReT allows pentesters to focus on testing instead of writing the report. It can be customized and once...
LEAKEY LEAKEY is a tool for validation of leaked API tokens/keys found during pentesting and Red Team Engagements. The script is really useful for Bug Hunters in order to validate and determine the impact...
Porch Pirate Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconnaissance / OSINT framework for Postman. While existing tools are great proof...
vhostawesome A tool designed to efficiently check for virtual hosts across multiple IP addresses. FunWithVhosts automates the process of identifying virtual hosts on given IP addresses. The script checks for open ports, specifically web...
MCPTool – Pentesting tool for Minecraft Features See information of a server. View player information. Get information about an ip address. Obtain the domains associated with an IP address. Get the DNS records for...
GAP This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters...
XnlReveal This is a Chrome Extension that can do the following: Show an alert for any query parameters that are reflected. Show the Wayback Archive endpoints for the path visited Show any hidden elements on the...
SBSCAN SBSCAN is a penetration testing tool specifically designed for the Spring framework, capable of scanning specified sites for Spring Boot sensitive information and verifying related Spring vulnerabilities. Most Comprehensive Dictionary for Sensitive Paths:...
xeol A scanner for end-of-life (EOL) packages in container images, filesystems, and SBOMs What is EOL software? End of Life (EOL) means the vendor has decided the software in question has reached the end...
FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web...
Subdominator Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools. Benchmark 📊 A benchmark was run across...
Bypass Fuzzer Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACLs or URL validation. It will output the response codes and length...
kanha Kanha is a tool that can help you perform, a variety of attacks based on the target domain. With just kanha, you can do, Fuzzing, Reverse dns lookup, common http response, subdomain takeover detection and many more. The project...
Support Securityonline.info site. Thanks!
