Network scanner for security auditing and network discovery.
Fast and multi-purpose HTTP toolkit for probing and reconnaissance.
In-depth attack surface mapping and asset discovery.
Fast subdomain enumeration tool using passive online sources.
Fast port scanner for reconnaissance and attack surface mapping.
DNS toolkit for advanced DNS queries and enumeration.
Fast vulnerability scanner for web applications with customizable templates.
Powerful XSS scanner and payload generator for web applications.
Automated tool for detecting and exploiting SQL injection flaws.
Fast web fuzzer for content discovery and brute-forcing directories/files.
Crawler for automating OSINT and gathering URLs, files, and secrets.
Simple and fast command-line tool for brute-forcing web directories and files.
Fast, simple, recursive content discovery tool for web applications.
High-performance DNS resolver for bulk DNS lookups and subdomain enumeration.
Fastest and cross-platform subdomain enumerator.
Integrated penetration testing tool for finding vulnerabilities in web apps.
Popular web vulnerability scanner and proxy for manual and automated testing.
Mass DNS resolver for subdomain enumeration using multiple resolvers.
Automated OSINT tool for threat intelligence and asset discovery.
Email, domain, and username enumeration from public sources.
Fast subdomain enumeration using OSINT techniques.
Check if an email is used on online services for OSINT investigations.
Domain flyover tool for visual inspection of targets.
Powerful AWS exploitation framework for security testing and automation.
Security tool to perform AWS security best practices assessments.
Cloud reconnaissance tool for AWS environments.
SQL Server security auditing and attack automation toolkit for cloud and on-prem.
Scan git repos for secrets and credentials, useful for cloud asset discovery.
Security scanner for Google Cloud Platform resources and misconfigurations.
Mobile Security Testing Guide with checklists and test cases for Android/iOS.
Automated framework for monitoring and tampering Android/iOS apps.
Reverse engineering and analysis toolkit for Android applications.
Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers.
Runtime mobile exploration toolkit powered by Frida for Android/iOS.
Automated tool for finding and exploiting command injection vulnerabilities in APIs.
HTTP parameter discovery suite.
Lightweight API security scanner for REST APIs.
Comprehensive checklist for testing API endpoints for vulnerabilities.
Automated API vulnerability scanner for REST APIs.
Fast HTTP request generator for advanced API and web fuzzing.
Completely ridiculous API for learning and practicing API security testing.
Automated API fuzzing tool for bug bounty and pentesting.
Find URL parameters for a given domain to help with bug hunting.
Extract subdomains from Certificate Transparency logs for reconnaissance.
List of services vulnerable to subdomain takeover.
Tool for scraping and enumerating cloud assets and endpoints.
Find publicly accessible AWS S3 buckets for bug bounty hunting.
Automated DNS reconnaissance tool for bug bounty hunters.
Find subdomains using multiple sources for better coverage.
Fast subdomains enumeration tool for penetration testers.
In-depth Attack Surface Mapping and Asset Discovery.
High-performance DNS stub resolver for bulk lookups and reconnaissance.
The fastest and cross-platform subdomain enumerator.
Automated subdomain enumeration and domain analysis for bug hunting.
Go client to communicate with Chaos DNS API.
Multi Tool Subdomain Enumeration.
Esoteric sub-domain enumeration techniques from Bugcrowd LevelUp 2017.
Wrapper around massdns for active bruteforce and wildcard handling.
Fast domain resolver and subdomain bruteforcing with wildcard filtering.
Subdomain enumeration using certificate transparency logs from Censys.
Subdomain enumeration tool with analysis features for discovered domains.
Extract subdomains/emails for a domain using Censys SSL/TLS dataset.
Fast subdomains enumeration tool for penetration testers.
Another Subdomain ENumeration Tool.
Web-UI for subdomain enumeration (subfinder).
Passive reconnaissance/enumeration by watching for SSL certificates.
Setup script for Regon-ng.
Generates permutations, alterations and mutations of subdomains.
Automation framework for running multiple subdomain bruteforcing tools.
Parallelised domain name prober for fast subdomain discovery.
Python wordlist-based DNS subdomain scanner.
Knockpy: Python tool for enumerating subdomains through a wordlist.
Small, fast tool for performing reverse DNS lookups en masse.
Fast and multi-purpose DNS toolkit for multiple DNS queries.
Subdomain discovery tool for valid subdomains.
Find domains and subdomains related to a given domain.
Yet another subdomain finder using certificate transparency logs.
Virtual host scanner that performs reverse lookups.
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.
Suite of tools for subdomain enumeration and attack surface mapping.
Scrape domain names from SSL certificates of arbitrary hosts.
Grab subdomains using Shodan API.
Golang client for querying SecurityTrails API data.
Recursive internet scanner for hackers.
Brute discover GET and POST parameters.
Extension to identify hidden, unlinked parameters.
Brute discover GET and POST parameters.
HTTP parameter discovery suite.
Mining parameters from dark corners of Web Archives.
Hidden parameters discovery suite written in Rust.
Python script that finds endpoints in JavaScript files.
PHP .js scanner designed to scrape URLs and other info.
Extract links/possible endpoints from responses & filter them via decoding/sorting.
Fast and minimal JS endpoint extractor.
Burp Extension for passive scanning JS files for endpoint links.
Golang utility to spider through a website searching for additional links.
Fetch all the URLs that the Wayback Machine knows about for a domain.
Fetch known URLs from AlienVault's OTX, Wayback Machine, and Common Crawl.
Tool to fastly get all javascript sources/files.
Reveals invisible links within JavaScript files.
Find way more from the Wayback Machine!
Discover endpoints, potential parameters, and a target specific wordlist for a given target.
Web application fuzzer.
Fast web fuzzer written in Go.
Dictionary of attack patterns and primitives for black-box application fault injection.
Collection of Burpsuite Intruder payloads, fuzz lists, and web pentesting methodologies.
Potentially dangerous files for fuzzing.
JavaScript Engine Fuzzer.
Tool for REST API pentesting using API_Fuzzer gem.
Build your own rules to fuzz query strings and identify vulnerabilities.
Very advanced (web) fuzzer written in Nim.
Official Burp Suite extension marketplace for web security testing.
Popular Chrome extension for manual web penetration testing and payload encoding.
Detects vulnerable JavaScript libraries in web pages.
Proxy management extension for switching between proxies easily.
Unpopular but useful extension for bug bounty hunters (quick links, payloads, tools).
Unpopular extension with CTF and bug bounty utilities (hashing, encoding, decoding).
View HTTP response headers for any web page.
Detects technologies used on websites (CMS, frameworks, analytics, etc).
Unpopular extension for detecting reflected XSS vulnerabilities in web pages.
Edit, delete, and create cookies for bug bounty and pentesting.
Extracts all links from web page, sorts them, removes duplicates, and displays them in a new tab for inspection or copy and paste into other systems.
Checks web pages for broken links and displays the results.
GitHub repository discovery tool for bug bounty hunters to check if .git is exposed in visited websites.
Open all links from a list in new tabs.
Open multiple URLs at once in new tabs.
Detects the use of JavaScript libraries with known vulnerabilities.
Searches through git repositories for high entropy strings and secrets.
Consolidates all your open tabs into a single tab for easier management.