unc0ver: Directory Fuzzer for Pentesting and Host Recon
unc0ver An HTTP Recon tool unc0ver is a lightweight tool for performing HTTP reconnaissance. It is designed with the Unix principle of doing one thing and does it well. It is constantly...
Category: Web Information Gathering
HttpSecurityHeadersChecker: Http Security Headers Checker Tool
HttpSecurityHeadersChecker Http Security Headers Checker Tool written in PHP Cli + Useful Tips to set Http Security Headers in the most Webservers (Apache,nginx,IIS,…) Response Headers The following contains a list...
SubDomainizer v2.0 releases: find subdomains hidden in inline and external Javascript files of page
SubDomainizer SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascript present in the given URL. This tool also finds S3...
snallygaster v0.0.12 releases: scan for secret files on HTTP servers
snallygaster Tool to scan for secret files on HTTP servers. snallygaster is a tool that looks for files accessible on web servers that shouldn’t be public and can pose a...
Realtime scrapper: scrap all pasties,github,reddit..etc in real time
RTS (Realtime scrapper) is a tool developed to scrap all pasties,github,reddit..etc in real time to identify the occurrence of search terms configured. Upon the match, an email will be triggered....
Git-Hunter: monitor possible leaks on Github
Git-Hunter A tool to monitor possible key-leaks on Github, made by Ruby. Introduction If you come from a company or an organization, and you are a headache about your employee...
Anubis v1.1.3 releases: Subdomain enumeration and information gathering tool
Anubis, a subdomain enumerator, and information gathering tool. It collates data from a variety of sources to provide one of the most comprehensive tools for subdomain enumeration. It pulls subdomains...
CloudBunny v2.0 releases: capture the real IP of the server that uses a WAF as a proxy or protection
CloudBunny CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection. You can read more about the tool here. Changelog v2.0 Fixed issues...
Acamar: Python3 based single-file subdomain enumerator
Acamar A Python3 based single-file subdomain enumerator (with barely dependencies; BeautifulSoup is required tho). [1] Another… Why? Because I had some issues with other solutions and always try to expand...
reconspider v1.0.7 beta releases: perform Open Source Intelligence (OSINT) scan on email/domain/ip_address/organization
ReconSpider ReconSpider is a powerful tool to perform Open Source Intelligence (OSINT) scan on email/domain/ip_address/organization. ReconSpider aggregate all the raw data, visualize it on a dashboard and facilitate alerting and...
CMSmap: python open source CMS scanner
CMSmap CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate...
theHarvester 4.5 released: E-mails/subdomains/names Harvester – OSINT
theHarvester What is this? ————- theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, PGP...
squatm3: enumerate available domains
Squatm3 Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques: Substitution attacks Flipping attack Homoglyph attack Squatm3 will help penetration...
GoogleScraper: Scraping search engines professionally
GoogleScraper – Scraping search engines professionally GoogleScraper parses Google search engine results (and many other search engines _) easily and in a fast way. It allows you to extract all found...
harpoon: open source and threat intelligence
Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organized in plugins so the idea is to have one plugin...
