CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, making it a valuable asset for bug bounty hunters and penetration testers.
☆135Mar 3, 2026Updated 3 months ago
Alternatives and similar repositories for chomtesh
Users that are interested in chomtesh are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆356Dec 14, 2023Updated 2 years ago
- Certina is an OSINT tool for red teamers and bug hunters to discover subdomains from web certificate data☆53Mar 7, 2024Updated 2 years ago
- Wireless Network Security Analysis Tool Modular terminal toolkit for Wi-Fi security assessment, handshake/PMKID capture, and network dia…☆20May 9, 2026Updated last month
- Mine URLs from Browser's Heap Snapshot for fun and profit☆65Aug 9, 2023Updated 2 years ago
- Gouge is a simple Burp extension to extract or gouge all URLs which are seen in JS files as you visit different websites/webpages in Burp…☆30Jul 21, 2024Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSR…☆134Sep 6, 2024Updated last year
- Elyzer is an email header analyzer, written in python, capable of detecting potential spoofing attempts.☆49Dec 18, 2024Updated last year
- Convert domain lists to resolved IP without duplicated, useful for strong large recon, and Bug Bounty☆14Apr 30, 2021Updated 5 years ago
- Automate bug bounty recon using bash alias☆15Aug 6, 2024Updated last year
- Mind map for certifcation, vulnerability finding and recon for bug bounty and professional works.☆18Mar 17, 2024Updated 2 years ago
- Nodesub is a command-line tool for finding subdomains in bug bounty programs☆148Aug 1, 2024Updated last year
- An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and…☆809May 11, 2026Updated last month
- An offensive security tool used to enumerate and spray passwords for O365 accounts on both Managed and Federated AD services.☆48Nov 17, 2022Updated 3 years ago
- Smart context-based SSRF vulnerability scanner.☆364May 5, 2022Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- My useful files for penetration tests, security assessments, bug bounty and other security related stuff☆211Jun 26, 2026Updated last week
- [Automated | UpToDate] Daily Dumps of CertStream Subdomains Data For the World 🌐☆16Feb 15, 2025Updated last year
- SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accu…☆248Sep 6, 2024Updated last year
- Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environment…☆148May 17, 2024Updated 2 years ago
- Simple PoC for demonstrating Race Conditions on Websockets☆54Sep 14, 2023Updated 2 years ago
- Search for sensitive data in Postman public library. Original work from https://github.com/cosad3s/postleaks☆33Feb 13, 2026Updated 4 months ago
- A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vect…☆76Sep 6, 2024Updated last year
- A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning☆520Jul 5, 2023Updated 2 years ago
- Web Security Scanner☆385Nov 13, 2025Updated 7 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.☆68Nov 12, 2025Updated 7 months ago
- SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty☆782Jun 21, 2026Updated last week
- CORS Exploit POC for WordPress REST API☆10Oct 27, 2024Updated last year
- A Multi-Processing Tool for collecting and extracting information to an Excel file from a Burp Suite output file.☆10Apr 8, 2024Updated 2 years ago
- ☆17Apr 17, 2026Updated 2 months ago
- Vagrant Files to create a Virtualbox VM for Malware Analysis☆13Jun 1, 2021Updated 5 years ago
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆266May 17, 2026Updated last month
- ☆15May 6, 2023Updated 3 years ago
- Melee: Tool to Detect Infections in MySQL Instances☆23Aug 6, 2023Updated 2 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Collection of Stuff☆14Nov 2, 2023Updated 2 years ago
- A Lightning-Fast DNS Resolver written in Rust 🦀☆70Nov 19, 2024Updated last year
- This repository contains fully disclosed accepted reports for the null Ahmedabad's Bug Bounty CTF.☆10Oct 31, 2023Updated 2 years ago
- [Custom || Automated] Curation & Collection of BugBounty Wordlists☆72Jun 26, 2026Updated last week
- Stealing MFA/2FA tokens and using them to logon with VPN clients☆16Jun 4, 2018Updated 8 years ago
- Svendsen Tech's PowerShell nmap-like port scanner accepting IPv4 CIDR notation☆54Apr 26, 2026Updated 2 months ago
- DrShell is a cutting-edge tool designed for the dynamic management of reverse shell sessions. Whether you are a seasoned security profess…☆18Aug 20, 2025Updated 10 months ago