Vulnerable Client-Server Application (VuCSA) A vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface). Currently, the...
GitHound GitHound pinpoints exposed API keys on GitHub using pattern matching, commit history searching, and a unique result scoring system. It has earned me over $4000 applied to Bug Bounty research. Corporate and Bug...
RevSuit – A Flexible and Powerful Reverse Connection Platform RevSuit is a flexible and powerful reverse connection platform designed for receiving connections from the target hosts in penetration. It currently supports HTTP, DNS, RMI,...
RESTler What is RESTler? RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service...
murphysec MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline. Features Analyze dependencies being used by your project, including direct and indirect dependencies Detect...
Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for...
Faraday – Open Source Vulnerability Manager Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation, and analysis of the data generated during a security...
nuclei Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. It is used to send requests across targets based on a template leading to...
Truffle Hog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. NEW Trufflehog previously functioned by running entropy checks on git diffs....
Bug Bounty Reconnaissance Framework The Bug Bounty Reconnaissance Framework (BBRF) can be used to coordinate your reconnaissance workflows across multiple devices. For more background, read the original blog post. If you are new to BBRF,...
