owasp-noir / noir
Attack surface detector that identifies endpoints by static analysis
☆644Updated this week
Alternatives and similar repositories for noir:
Users that are interested in noir are comparing it to the libraries listed below
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆619Updated last year
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆575Updated 2 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆412Updated this week
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆56Updated 8 months ago
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆938Updated last week
- Black box fuzzer for web applications☆419Updated 6 months ago
- ☆398Updated last week
- Discover new target domains using Content Security Policy☆391Updated this week
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆396Updated last week
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆329Updated 2 months ago
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆448Updated 10 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆853Updated last year
- Golang client for querying SecurityTrails API data☆545Updated last year
- Security Auditor Utility for GraphQL APIs☆409Updated this week
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆330Updated last year
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…��☆314Updated this week
- ☆195Updated 8 months ago
- ProjectDiscovery's Open Source Tool Manager☆769Updated this week
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆842Updated last year
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆232Updated this week
- Fast and customizable subdomain wordlist generator using DSL☆762Updated this week
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,471Updated 8 months ago
- ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.☆682Updated last year
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆896Updated this week
- APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and …☆309Updated 2 months ago
- Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.☆371Updated 3 months ago
- Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration test…☆348Updated this week
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆515Updated 3 weeks ago
- Fast and customizable vulnerability scanner For JIRA written in Python☆318Updated 3 weeks ago
- ☆462Updated 9 months ago