MandConsultingGroup / porch-pirate
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
☆389Updated last year
Alternatives and similar repositories for porch-pirate:
Users that are interested in porch-pirate are comparing it to the libraries listed below
- ☆462Updated 9 months ago
- AI-powered ffuf wrapper☆277Updated 2 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆411Updated this week
- ☆398Updated last week
- Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.☆455Updated this week
- Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.☆203Updated 4 months ago
- LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and e…☆345Updated last year
- CT Log Scanner☆306Updated 4 months ago
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆277Updated last year
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆232Updated this week
- A library for detecting known secrets across many web frameworks☆579Updated this week
- Small tool to Grab subdomains using Shodan api.☆386Updated 3 months ago
- Recon MindMap (RMM)☆146Updated 8 months ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆573Updated 2 months ago
- A tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon☆232Updated last year
- hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.☆436Updated 2 years ago
- Local File Inclusion discovery and exploitation tool☆266Updated 3 weeks ago
- Discover new target domains using Content Security Policy☆391Updated this week
- An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.☆580Updated last year
- Automated Tool for Testing Header Based Blind SQL Injection☆268Updated last year
- ☆519Updated 7 months ago
- This tool use fuuzzing to try to bypass unknown authentication methods, who knows...☆238Updated 5 months ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆229Updated last year
- A Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidde…☆335Updated 2 months ago
- ☆161Updated 2 months ago
- This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.☆240Updated last year
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆350Updated last year
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆396Updated last week
- Opensource assets and vulnerability scanning tool☆160Updated last month
- An Automated Subdomain Enumeration Tool☆253Updated 3 months ago