fr34k8 / awesome-pentestLinks
A collection of awesome penetration testing resources, tools and other shiny things
☆17Updated 4 months ago
Alternatives and similar repositories for awesome-pentest
Users that are interested in awesome-pentest are comparing it to the libraries listed below
Sorting:
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Updated 6 years ago
- Collection of scripts that aid in penetration testing of JSON Web Tokens☆59Updated 6 years ago
- subdomain bruteforce list☆102Updated last year
- A simple framework for sending test payloads for known web CVEs.☆133Updated 4 years ago
- XXRF Shots - Useful for testing SSRF vulnerability☆74Updated 2 years ago
- Burp Suite extension to discover assets from HTTP response.☆230Updated 10 months ago
- Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdom…☆101Updated 2 years ago
- A python script that filters, checks the validity, generates clickable link(s) of subdomain(s), and reports their status☆89Updated 5 years ago
- Actarus is a custom tool for bug bounty☆77Updated 6 years ago
- XSS Hunter Burp Plugin☆150Updated 7 years ago
- This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level…☆61Updated 6 years ago
- Local File Inclusion Exploitation Tool (mirror)☆127Updated 8 years ago
- BugBounty Tool☆41Updated 6 years ago
- ☆93Updated 2 years ago
- Tool that checks for path traversal traces in a given web application url, plus it is capable of multi-threading, set timeout and 5-layer…☆46Updated 7 years ago
- An entry level resource to learning bug bounty.☆28Updated 7 years ago
- A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys☆152Updated 2 years ago
- Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.☆64Updated 6 years ago
- The Cleveridge Subdomain Scanner finds subdomains of a given domain.☆36Updated 5 years ago
- A tool to hunt for publicly accessible DigitalOcean Spaces☆157Updated 5 years ago
- Finds all public bug reports on reported on Hackerone☆95Updated 9 years ago
- A list to discover work of red team tooling and methodology for penetration testing and security assessment☆78Updated 6 years ago
- Collection of scanner checks missing in Burp☆31Updated 5 years ago
- Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature☆37Updated 8 years ago
- Resolve and quickly portscan a list of (sub)domains.☆87Updated 9 years ago
- A better version of my xssfinder tool - scans for different types of xss on a list of urls.☆188Updated 6 years ago
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆158Updated 4 months ago
- Simple Server Side Request Forgery services enumeration tool.☆55Updated 7 years ago
- The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters☆107Updated last year
- dork scanner with Sqli and Lfi testing☆28Updated 7 years ago