righettod/toolbox-pentest-web external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

righettod/toolbox-pentest-web

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/righettod/toolbox-pentest-web)

Close

righettod / toolbox-pentest-webView on GitHubMore

• External links
• Readme badge

Docker toolbox for pentest of web based application.

☆183May 4, 2026Updated this week

Alternatives and similar repositories for toolbox-pentest-web

Users that are interested in toolbox-pentest-web are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• righettod / website-passive-reconnaissance

  View on GitHub
  Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment.
  ☆39Apr 26, 2026Updated last week
• righettod / burp-piper-custom-scripts

  View on GitHub
  Custom scripts for the PIPER Burp extensions.
  ☆97Sep 24, 2023Updated 2 years ago
• Leoid / NonPublishedExploits

  View on GitHub
  A Collection of Proof of Concepts for non-published Web Exploits and Common CVEs
  ☆10Nov 29, 2020Updated 5 years ago
• vineethsai / asi

  View on GitHub
  Threat models, verification standards, and security controls for AI agent architectures. Built on OWASP AISVS and NIST AI RMF.
  ☆21Feb 17, 2026Updated 2 months ago
• xerohackcom / webrecon

  View on GitHub
  Automated Web Recon Shell Scripts
  ☆54Dec 6, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• lc / brute53

  View on GitHub
  A tool to bruteforce nameservers when working with subdomain delegations to AWS.
  ☆58Aug 22, 2019Updated 6 years ago
• bugbountyhunters / Iris-JS

  View on GitHub
  #JavascriptRecon #bugbounty
  ☆21Aug 18, 2021Updated 4 years ago
• 1ultimat3 / tld-scan

  View on GitHub
  Top level domain scanner in Go
  ☆30Sep 24, 2023Updated 2 years ago
• Abdulrahman-Kamel / dpfilter

  View on GitHub
  BugBounty , sort and delete duplicates param value without missing original value
  ☆22Jul 31, 2021Updated 4 years ago
• vp777 / metahttp

  View on GitHub
  A bash script that automates the scanning of a target network for HTTP resources through XXE
  ☆38Dec 2, 2020Updated 5 years ago
• 254Labs / awesome-bambdas

  View on GitHub
  A collection of Burp Suite Lambda Filters ~ Bambdas
  ☆30Oct 1, 2024Updated last year
• lanmaster53 / pyscripter-er

  View on GitHub
  A framework built on top of Burp's Python Scripter extension.
  ☆92Dec 28, 2023Updated 2 years ago
• Leoid / AWSBurpCollaborator

  View on GitHub
  Deploy a Private Burpsuite Collaborator using boto3 Python Library
  ☆57Feb 20, 2020Updated 6 years ago
• kleiton0x00 / HTTP-Smuggling-Calculator

  View on GitHub
  Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.
  ☆73Mar 12, 2022Updated 4 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• akabe1 / OAUTHScan

  View on GitHub
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security
  ☆176Oct 26, 2024Updated last year
• boringthegod / ss

  View on GitHub
  Subdomain Scanner - the most exhaustive tool for sub-domain recognition and mapping to related IPs and ASNs
  ☆18Jul 4, 2025Updated 10 months ago
• karthi-the-hacker / pr0xyP4rs3

  View on GitHub
  Load your data into burp
  ☆11Apr 26, 2023Updated 3 years ago
• DK9510 / automate-with-actions

  View on GitHub
  ☆18Apr 7, 2022Updated 4 years ago
• abdallaabdalrhman / Wordlist-for-Bug-Bounty

  View on GitHub
  I collected it to help the bug hunter get a reward
  ☆57Sep 7, 2022Updated 3 years ago
• AdmiralGaust / bountyReconV2

  View on GitHub
  Framework to automate Bug Bounty Reconnaissance
  ☆43Jan 4, 2021Updated 5 years ago
• ethicalhackingplayground / endzy

  View on GitHub
  Endpoint monitor tool
  ☆21Sep 16, 2020Updated 5 years ago
• dreadnode / burpference

  View on GitHub
  A research project to add some brrrrrr to Burp
  ☆209Feb 16, 2026Updated 2 months ago
• e11i0t4lders0n / my_aws_blogs

  View on GitHub
  ☆12Dec 26, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• victoni / Bug-Bounty-Scripts

  View on GitHub
  The scripts I write to help me on my bug bounty hunting
  ☆125Jan 8, 2022Updated 4 years ago
• mzfr / takeover

  View on GitHub
  A tool for testing subdomain takeover possibilities at a mass scale.
  ☆50May 23, 2021Updated 4 years ago
• NagliNagli / Shockwave-OSS

  View on GitHub
  ☆755Jun 26, 2024Updated last year
• michael1026 / trashcompactor

  View on GitHub
  ☆65Nov 29, 2022Updated 3 years ago
• jjogal / shodan-dorks

  View on GitHub
  ☆25Jun 15, 2025Updated 10 months ago
• Static-Flow / BurpGraphQLViewer

  View on GitHub
  This extension provides a central location for viewing all GraphQL requests/responses within a Burp project. It provides a clean UI that …
  ☆15Feb 24, 2022Updated 4 years ago
• righettod / injection-cheat-sheets

  View on GitHub
  Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).
  ☆10Nov 11, 2020Updated 5 years ago
• kelbyludwig / saml-attack-surface

  View on GitHub
  ☆29Jan 15, 2017Updated 9 years ago
• z3dc0ps / 0x0p1n3r

  View on GitHub
  0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover
  ☆57Dec 15, 2020Updated 5 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• BitTheByte / WayRobots

  View on GitHub
  Tool to find stored robots.txt files from the past
  ☆19Jun 4, 2023Updated 2 years ago
• iustin24 / chameleon

  View on GitHub
  ☆383May 17, 2023Updated 2 years ago
• th3hack3rwiz / Fu-JS

  View on GitHub
  This tool aims at accumulating javascript files from a given set of subdomains to discover hidden endpoints. It swims through JS files to…
  ☆72Dec 28, 2022Updated 3 years ago
• GangGreenTemperTatum / stickyburp

  View on GitHub
  A Productivity-Boosting Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing…
  ☆13Oct 8, 2025Updated 7 months ago
• justmorpheus / burp-automation

  View on GitHub
  Performing automated scan using Burp Suite Pro & Vmware Burp Rest API
  ☆53Sep 30, 2022Updated 3 years ago
• BlackFan / CVE_PoCs

  View on GitHub
  CVE PoCs
  ☆21Jul 16, 2020Updated 5 years ago
• Dheerajmadhukar / karma_v1

  View on GitHub
  KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Po…
  ☆59Sep 6, 2021Updated 4 years ago