SUBRAKE A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters. Key Features OSINT + Subdomain Bruteforcing Capable of handling outputs from multiple tools Handling False Positives and Filters...
Information Gathering / Web Information Gathering
by do son · Published August 25, 2021 · Last modified October 25, 2022
Dismap – Asset discovery and identification tool Dismap positioning is an asset discovery and identification tool; its characteristic function is to quickly identify Web fingerprint information and locate asset types....
Taken Takeover AWS ips and have a working POC for Subdomain Takeover. What all you can do with Subdomain Takeover – Cookies stealing, If cookies are set with domain attribute...
Perform Google Dork search with Dorkify Google dorking is a hacker technique that uses Google Search to find security holes in the configuration and computer code that websites use. Google Dorking...
jsleak jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it’s built for this, you can use it to identify anything as long as...
x8-Burp – Hidden parameters discovery suite wrapper The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is...
domhttpx domhttpx is a google search engine dorker with an HTTP toolkit built with python, which can make it easier for you to find many URLs/IPs at once in a fast...
inter-recon Script to perform automatic initial web and vulnerability recon. It has some checks in case of errors. There is a possibility to skip some checks, to restart them, and/or...
Javascript security analysis (JSA) Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment. Capabilities of jsa.py: Looking for js files inside the first, second,...
NExfil NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds. The goal behind this tool was to...
x8: Hidden parameters discovery suite written in Rust The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy...
GitDump GitDump dumps the source code from .git when the directory traversal is disabled Requirements Python3 Tested on Windows Kali Linux What it does Dump source code from website/.git directory...
lazyrecon Lazyrecon is a subdomain discovery tool that discovers and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing and port scanning. It has a simple modular architecture and is optimized for...
Black-Dragon An Advanced Automation Tool For Web-Recon Developed For Linux Systems. What Is Black Dragon? It’s A Tool To Automate The Web Reconnaissance Process, Which Make It Easier To Gather...
magicRecon MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an...
Support Securityonline.info site. Thanks!
