owasp-noir / noir
Attack surface detector that identifies endpoints by static analysis
☆555Updated this week
Related projects: ⓘ
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆477Updated this week
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆333Updated last week
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆524Updated 9 months ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆371Updated last month
- Golang client for querying SecurityTrails API data☆529Updated last year
- Fast and customizable vulnerability scanner For JIRA written in Python☆318Updated 7 months ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆297Updated 4 months ago
- GraphQL automated security testing toolkit☆296Updated 6 months ago
- Fast and customizable subdomain wordlist generator using DSL☆699Updated this week
- A Security Tool for Enumerating WebSockets☆320Updated 2 years ago
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆41Updated 4 months ago
- ☆189Updated 3 months ago
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆318Updated 11 months ago
- Security Auditor Utility for GraphQL APIs☆346Updated last week
- ☆332Updated 4 months ago
- APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and …☆294Updated last month
- ☆424Updated 4 months ago
- Vulnerability Scan with Nuclei☆238Updated last month
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆853Updated 3 months ago
- Discover new target domains using Content Security Policy☆360Updated this week
- ☆286Updated this week
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆444Updated 5 months ago
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆312Updated 9 months ago
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.☆351Updated 2 years ago
- Nuclei AI - Browser Extension for Rapid Nuclei Template Generation☆424Updated 10 months ago
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆206Updated this week
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆823Updated last year
- Awesome cloud enumerator☆856Updated last month
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆469Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,362Updated 3 months ago