Alternatives and similar repositories for CTF

Users that are interested in CTF are comparing it to the libraries listed below

• eur0pa / goGetBucket
  A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
  ☆26Updated 6 years ago
• BountyMachine / about
  A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!
  ☆33Updated 6 years ago
• bugbounty-site / GitSecure
  Detect exposed API keys on GitHub commits.
  ☆34Updated 3 years ago
• random-robbie / metadata-one-liners
  retrive metadata endpoint data with these one liners.
  ☆41Updated 5 years ago
• PortSwigger / burp-smart-buster
  A Burp Suite content discovery plugin that add the smart into the Buster!
  ☆32Updated 7 years ago
• rojan-rijal / ReconUI
  Alpha version code of Recon UI
  ☆14Updated 7 years ago
• random-robbie / s3-tko
  AWS S3 Bucket Finder.
  ☆15Updated 5 years ago
• lc / cspparse
  A tool to evaluate Content Security Policies.
  ☆71Updated 5 years ago
• kelbyludwig / saml-attack-surface
  ☆29Updated 8 years ago
• appsecco / practical-recon-levelup0x02
  This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level…
  ☆61Updated 6 years ago
• almroot / dnsresolvers
  A bash script that fetches and maintains thousands of DNS resolvers
  ☆65Updated 5 years ago
• plenumlab / lazyrecon
  This script is intended to automate your reconnaissance process in an organized fashion
  ☆39Updated 6 years ago
• ettic-team / EndpointFinder-Burp
  ☆32Updated 6 years ago
• Static-Flow / DirectoryImporter
  This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…
  ☆36Updated 2 years ago
• securityidiots / vhost_buster
  A simple tool with the power of "Go" to find the hidden Vhosts defined at the server.
  ☆19Updated 6 years ago
• DFC302 / subseeker
  A sub-domain enumeration tool
  ☆20Updated 5 years ago
• BBerastegui / bucket-decloaker
  A simple tool to decloak/expose the bucket name behind a domain.
  ☆22Updated 6 years ago
• irsdl / BurpTabEssentials
  This changes the style of Burp Suite's Repeater tabs to help the testers
  ☆29Updated 6 years ago
• ticarpi / my-pentesting-repo
  This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…
  ☆52Updated 5 years ago
• Abss0x7tbh / massNS
  A tool that turns the authoritative nameservers of DNS providers to resolvers and resolves the target domain list. Please think of this a…
  ☆25Updated 6 years ago
• InitRoot / fransRecon
  Script will enumerate domain name using horizontal enumeration, reverse lookup. Each horziontal domain will then be vertically enumerated…
  ☆32Updated 6 years ago
• crawl3r / PortswiggerXSS
  gathers the XSS cheatsheet payloads and creates a usable wordlist
  ☆74Updated 4 years ago
• irsdl / OutlookLeakTest
  The Outlook HTML Leak Test Project
  ☆41Updated 7 years ago
• rojan-rijal / Pyrate
  Practice Web App written in python with some vulnerabilities.
  ☆34Updated 4 years ago
• ni8walk3r / JWT-Exploitation
  Collection of different exploitation scenarios of JWT.
  ☆21Updated 4 years ago
• appsecco / VyAPI
  VyAPI - A cloud based vulnerable hybrid Android App
  ☆86Updated 5 years ago
• snyff / oauthsecurity
  OAuth Security Cheatsheet
  ☆40Updated 11 years ago
• Lerhan / Deeplack
  Deeplack is a python script designed for comparing images (screenshots) using DeepAI to detect changes on websites.
  ☆14Updated 6 years ago
• twelvesec / BearerAuthToken
  This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP…
  ☆47Updated 6 years ago
• EdOverflow / curate
  A tool for fetching archived URLs (to be rewritten in Go).
  ☆41Updated 7 years ago