psiinon / open-source-web-scanners

Related projects ⓘ

Alternatives and complementary repositories for open-source-web-scanners

• stark0de / nginxpwner
  Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
  ☆1,474Updated 8 months ago
• hakluke / hakoriginfinder
  Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  ☆845Updated 9 months ago
• hisxo / ReconAIzer
  A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…
  ☆827Updated last year
• trickest / wordlists
  Real-world infosec wordlists, updated regularly
  ☆1,394Updated this week
• BishopFox / jsluice
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,412Updated 5 months ago
• edoardottt / cariddi
  Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
  ☆1,528Updated last week
• t3l3machus / toxssin
  An XSS exploitation command-line interface and payload generator.
  ☆1,260Updated 3 months ago
• nemesida-waf / waf-bypass
  Check your WAF before an attacker does
  ☆1,294Updated this week
• xnl-h4ck3r / waymore
  Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!
  ☆1,725Updated 4 months ago
• 0xKayala / NucleiFuzzer
  NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications
  ☆1,302Updated last month
• Hackmanit / Web-Cache-Vulnerability-Scanner
  Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…
  ☆871Updated this week
• mazen160 / secrets-patterns-db
  Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
  ☆1,041Updated 9 months ago
• Hari-prasaanth / Web-App-Pentest-Checklist
  A OWASP Based Checklist With 500+ Test Cases
  ☆636Updated 2 years ago
• devploit / nomore403
  Tool to bypass 403/40X response codes.
  ☆1,107Updated 3 months ago
• BishopFox / sj
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
  ☆526Updated 3 weeks ago
• xnl-h4ck3r / xnLinkFinder
  A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target
  ☆1,202Updated 3 months ago
• projectdiscovery / cvemap
  Navigate the CVE jungle with ease.
  ☆1,745Updated this week
• erev0s / VAmPI
  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
  ☆918Updated 2 months ago
• sh377c0d3 / Payloads
  Payload Arsenal for Pentration Tester and Bug Bounty Hunters
  ☆891Updated last year
• six2dez / pentest-book
  ☆1,566Updated last month
• trickest / inventory
  Asset inventory of over 800 public bug bounty programs.
  ☆1,261Updated this week
• projectdiscovery / alterx
  Fast and customizable subdomain wordlist generator using DSL
  ☆722Updated this week
• topscoder / nuclei-wordfence-cve
  The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.
  ☆920Updated this week
• Proviesec / google-dorks
  Useful Google Dorks for WebSecurity and Bug Bounty
  ☆979Updated 7 months ago
• laluka / bypass-url-parser
  bypass-url-parser
  ☆1,018Updated last week
• 0xsha / CloudBrute
  Awesome cloud enumerator
  ☆868Updated 3 months ago
• yeswehack / vulnerable-code-snippets
  Twitter vulnerable snippets
  ☆935Updated last week
• xnl-h4ck3r / GAP-Burp-Extension
  Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
  ☆1,246Updated 3 months ago
• HackTricks-wiki / hacktricks-cloud
  ☆577Updated this week