exploit-workshop In this step by step workshop, you’ll learn how to exploit various real-world vulnerabilities existing in...
WebApp PenTest
Opal Stealth post-exploitation framework for WordPress CMS What is it and why was it made? We intentionally...
pwndb.py pwndb.py is a python command-line tool for searching leaked credentials using the Onion service with the...
shuffledns shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains...
DOMDig DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can...
Spartan Recon Like a Pro Features Subdomain Scan Using Aquatone & Sublist3r Httprob for only Live sites...
SSRF Sheriff This is an SSRF testing sheriff written in Go. It was originally created for the Uber...
BridgeKeeper Scrape employee names from search engine LinkedIn profiles. Convert employee names to a specified username format....
Extended XSS Searcher and Finder This is the extended version based on the initial idea already published...
DnsFookup DNS Rebinding framework containing: a dns server obviously web api to create new subdomains and control...
Extended ssrf search This tool search for Server-Side Request Forgery (SSRF) using predefined settings in different parts...
Syborg Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool...
AuthCov Web app authorization coverage scanning. AuthCov crawls your web application using a Chrome headless browser while...
github search: Tools to perform basic search on GitHub All tools who contact the GitHub API require...
Rusty Hogs Rusty Hog is a secret scanner built in Rust for performance and based on TruffleHog...