Scan for misconfigured S3 buckets across S3-compatible APIs!

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

DNS Enumeration Script

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

Content and collateral for the Microsoft Sentinel SOC 101 series

⚡ XSSuccessor is a powerful, asynchronous Cross-Site Scripting (XSS) detection tool.

Portspoof

A python module for working with ATT&CK

The recursive internet scanner for hackers. 🧡

E-mails, subdomains and names Harvester - OSINT

In-depth attack surface mapping and asset discovery

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS

OWASP Foundation web repository

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝

DECeption with Evaluative Integrated Validation Engine (DECEIVE): Let an LLM do all the hard honeypot work!

🆕 The Multi-Tool Web Vulnerability Scanner.

Generate smart and powerful wordlists

Fast web fuzzer written in Go

Create a Content-Security-Policy for a website based on the statically detectable relations

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.