Ostorlab / oxo
OXO is a security scanning orchestrator for the modern age.
☆529Updated last week
Related projects ⓘ
Alternatives and complementary repositories for oxo
- A utility to detect various technology for a given IP address.☆775Updated this week
- Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.☆354Updated last month
- APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and …☆303Updated 3 weeks ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆861Updated this week
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆448Updated 7 months ago
- Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's …☆544Updated this week
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆381Updated 3 months ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆392Updated 3 weeks ago
- A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot), sqlite, excel and d2-lang. Simply put it's n…☆654Updated 3 months ago
- Attack surface detector that identifies endpoints by static analysis☆607Updated this week
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆313Updated 6 months ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,048Updated 9 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆569Updated 3 months ago
- Kubernetes exploitation tool☆355Updated 3 months ago
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆166Updated 6 months ago
- Black box fuzzer for web applications☆405Updated 4 months ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆183Updated last year
- Utility program to perform multiple operations for a given subnet/CIDR ranges.☆998Updated this week
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆579Updated last month
- A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.☆262Updated this week
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆252Updated 4 months ago
- Awesome cloud enumerator☆895Updated 3 months ago
- Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.☆634Updated last month
- Discover new target domains using Content Security Policy☆383Updated this week
- CrackQL is a GraphQL password brute-force and fuzzing utility.☆315Updated 3 months ago
- Tools to assess DNS security.☆148Updated 8 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆845Updated 10 months ago
- API Security Project aims to present unique attack & defense methods in API Security field☆278Updated 2 years ago
- A tool to test security of json web token☆271Updated 3 years ago
- Fast and configurable TLS grabber focused on TLS based data collection.☆863Updated this week