This is your work, valued
pentest-tools. A collection of custom security tools for quick needs.
3.3kgithub-search. A collection of tools to perform searches on GitHub.
1.5kgithub-subdomains. Find subdomains on GitHub.
860s3-buckets-finder. Find AWS S3 buckets and test their permissions.
401cloudflare-origin-ip. Try to find the origin IP of a webapp protected by Cloudflare.
357BB-datas. Tools and datas related to Bug Bounty.
233github-endpoints. Find endpoints on GitHub.
219offsectools_www. A vast collection of security tools and resources curated by the community.
217DataExtractor. A Burp Suite extension to extract datas from source code while browsing.
162keyhacks.sh. Automation of tokens/api keys testing.
157related-domains. Find related domains of a given domain.
107gitlab-subdomains. Find subdomains on GitLab.
106vhost-brute. A PHP tool to brute force vhost configured on a server.
89dnspy. Find subdomains and takeovers.
85actarus. Actarus is a custom tool for bug bounty
75bugbountytips. Webapp to search tips on Twitter through #bugbountytips
71github-regexp. Basically a regexp over a GitHub search.
69google-search. Returns results from Google search.
52bxss. Alternative to XSS Hunter for blind XSS.
50myrecon.py. My recon script
50favicon-hashtrick. Python script implementing the favicon hash trick to find subdomains.
40BBstats. Bug Bounty statistics tool.
34csp-analyzer. Analyze Content-Security-Policy header of a given URL.
34apk-analyzer. Analyze an APK archive.
28BBvuln. A listing of the most common vuln that you can link in your PoCs
28extract-endpoints. Extract endpoints from source files.
25testxss. PHP tool to test XSS
22detectify-cves. Find CVEs that don't have a Detectify modules.
22graphql-introspection-analyzer. Graphql introspection query analyzer.
18gitgrep. Webapp to perform regexp search over GitHub search.
17gitpillage. Extract data from a .git directory.
15dnsexpire. Test domain expiration dates.
12shotTheWorld. PHP tool that takes screenshots of a given ips/ports combo list and then try to guess the service.
10urlgrabber. PHP tool to grab urls of a specific site.
9gwen001.
8testidor. PHP tool to test IDOR
8thegarden. Vulnerable web application made with Laravel.
7dotfiles. me dotfiles
7autoknoxss. Custom PHP tool to automate calls to KNOXSS
6icmp-send-file. send file with ping
6testcrlf. PHP tool to test CRLF
5php-stegano-lsb. Hide file using Least Significant bits method.
5act_custom. Custom scripts for Actarus
53rdparty-services. PHP tool to test 3rd party service validity
5testcors. PHP tool to test CORS
4ipsites. PHP tool to find websites hosted by a given ip
4github-stargazer. View stars evolution of GitHub repositories.
4testssrf. PHP tool to test SSRF
4ultimate-open-redirect. PHP tool to test open redirect
3testcsrf. PHP tool to test CSRF
3testionion. PHP script to find onion websites
3setricks. Small search engine tool usefull to find the position of a given website
310degres.net_jenkins. http://10degres.net
2gwen001.github.io. Silence is golden.
2MyPhpDirb. GoBuster like written in PHP
2domlink. A tool to link a domain with registered organisation names and emails, to other domains.
1poc_subto. JavaScript
1asnlookup. Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
1