Astrometry.net -- automatic recognition of astronomical images

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

A simple, distributed task scheduler and runner with a web based UI.

A lightweight GPT model, trained to discover subdomains.

The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cl…

AI/LLM local model integration for analysis of reconftw results

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Most advanced XSS scanner.

Web path scanner

An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability

Automatic SSRF fuzzer and exploitation tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An OOB interaction gathering server and client library

This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitter

A tool to dump a git repository from a website

Weaponized web shell

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Automatic SQL injection and database takeover tool

declutters url lists for crawling/pentesting

Pull out bits of URLs provided on stdin

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

A complete, beginner-friendly bug bounty roadmap that takes you from zero experience to earning your first bounty.

CeWL is a Custom Word List Generator

A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

A curated list of various bug bounty tools

A python script that finds endpoints in JavaScript files