Web Application Security Testing Tools
☆251Mar 13, 2024Updated last year
Alternatives and similar repositories for crimson
Users that are interested in crimson are comparing it to the libraries listed below
Sorting:
- Guide to SSRF☆74Oct 10, 2023Updated 2 years ago
- A tools for JavaScript Recon☆24Jul 25, 2020Updated 5 years ago
- ☆45Jun 5, 2021Updated 4 years ago
- Subdomain takeover scanner using Python asyncio☆18Oct 24, 2022Updated 3 years ago
- An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and…☆802Jul 4, 2023Updated 2 years ago
- Linux Post-Exploitation tools wrapper☆20Mar 21, 2023Updated 2 years ago
- Automated Web Recon Shell Scripts☆53Dec 6, 2021Updated 4 years ago
- WaybackURLS + OtxURLS + CommonCrawl = The Best Results☆22Dec 7, 2019Updated 6 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆396Updated this week
- OpenBugBounty - https://www.openbugbounty.org/ programs list☆23Mar 15, 2021Updated 4 years ago
- Hidden parameters discovery suite☆2,028Sep 8, 2024Updated last year
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆1,039Aug 23, 2025Updated 6 months ago
- ☆12Jan 4, 2022Updated 4 years ago
- Little Bug Bounty & Hacking Tools⚔️☆372Nov 10, 2024Updated last year
- Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for m…☆705Oct 29, 2021Updated 4 years ago
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects☆970Dec 8, 2021Updated 4 years ago
- Tips For Bug Bounty Hunters☆86Jul 16, 2022Updated 3 years ago
- ☆15Mar 21, 2025Updated 11 months ago
- MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilitie…☆1,033Jul 23, 2024Updated last year
- An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.☆45Feb 10, 2021Updated 5 years ago
- declutters url lists for crawling/pentesting☆1,532Feb 23, 2025Updated last year
- A collection of custom built scripts to exploit known vulnerability chains☆25Jul 23, 2021Updated 4 years ago
- List of XSS Payloads☆15Jul 5, 2022Updated 3 years ago
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findin…☆7,280Updated this week
- A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.☆921Nov 19, 2025Updated 3 months ago
- Automating XSS using Bash☆362Jan 27, 2026Updated last month
- R3C0Nizer is the first ever CLI based menu-driven web application B-Tier recon framework.☆152Apr 2, 2021Updated 4 years ago
- Modern real world bug bounty payloads and exploitation techniques with may earn you some $$$.☆29Nov 7, 2023Updated 2 years ago
- A tool to fastly get all javascript sources/files☆859Jul 4, 2025Updated 8 months ago
- A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.☆1,983Sep 5, 2021Updated 4 years ago
- Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration☆1,196Jan 9, 2026Updated 2 months ago
- Secret and/or credential patterns used for gf.☆243Feb 10, 2023Updated 3 years ago
- Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files…��☆684Jul 15, 2024Updated last year
- HostHunter a recon tool for discovering hostnames using OSINT techniques.☆1,156Mar 30, 2023Updated 2 years ago
- ⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)☆940May 21, 2025Updated 9 months ago
- XSScope is one of the most powerful and advanced GUI Framework for Modern Browser exploitation via XSS.☆317Jun 1, 2022Updated 3 years ago
- Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hu…☆2,343Jun 27, 2024Updated last year
- A python script to scan for Apache Tomcat server vulnerabilities.☆887Jan 12, 2026Updated last month
- Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned ent…☆2,131Feb 23, 2026Updated 2 weeks ago