🎯 HunterVault

Complete Bug Bounty Tools Repository - 200+ Tools

Written by Aryan Giri

Comprehensive collection of 200+ bug bounty hunting tools and resources

📝 Wordlists

cewl
CeWL (Custom Word List generator) is a ruby app which spiders a given URL, up to a specified depth, and returns a list of words which can then be used for password crackers such as John the Ripper.
cUPP
CUPP tool is an automated script written in python that interacts with the user and answers fundamental questions about the victim like Name, Company Name, Partner's Name, etc.
crunch
Crunch is a wordlist generator where you can specify a standard character set or any set of characters to be used in generating wordlists.
pydictor
A powerful and useful hacker dictionary builder for brute-force attacks.
rsmangler
RSMangler takes a wordlist and performs various manipulations on it similar to John the Ripper, generating permutations and acronyms before applying mangles.
rockyou.txt
Kali Linux provides this dictionary file as part of its standard installation.
seclists
SecLists is a collection of multiple types of lists used during security assessments including usernames, passwords, URLs, fuzzing payloads, and more.

☁️ Cloud Storage

GCPBucketBrute
A script to enumerate Google Storage buckets, determine access levels, and check for privilege escalation possibilities.
spaces-finder
A tool to hunt for publicly accessible DigitalOcean Spaces.

💉 Command Injection

Commix
Automated All-in-One OS command injection and exploitation tool.

🗄️ SQL Injection

sqlmap
Automatic SQL injection and database takeover tool - http://sqlmap.org
Sqliv
Massive SQL injection vulnerability scanner.
Sqlmate
A friend of SQLmap which will do what you always expected from SQLmap.
NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
SQLiScanner
Automatic SQL injection with Charles and sqlmap api.
SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points for use with SQLmap.
mssqlproxy
Toolkit for lateral movement through compromised Microsoft SQL Server via socket reuse.
sqli-hunter
HTTP/HTTPS proxy server and SQLMAP API wrapper that makes digging SQLi easy.
waybackSqliScanner
Gather URLs from Wayback Machine then test each GET parameter for SQL injection.
ESC
Evil SQL Client (ESC) - interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration.
mssqli-duet
SQL injection script for MSSQL that extracts domain users.
burp-to-sqlmap
Performing SQL injection tests on Burp Suite Bulk Requests using SQLMap.
BurpSQLTruncSanner
BurpSuite plugin for SQL Truncation vulnerabilities.
andor
Blind SQL Injection Tool with Golang.
Blinder
Python library to automate time-based blind SQL injection.
nosqli
NoSQL Injection CLI tool for finding vulnerable websites using MongoDB.

⚡ XSS Injection

XSStrike
Most advanced XSS scanner.
XSS-keylogger
A keystroke logger to exploit XSS vulnerabilities in a site.
xssor2
Hack with JavaScript.
xsscrapy
66/66 wavsep XSS detected.
sleepy-puppy
Sleepy Puppy XSS Payload Management Framework.
ezXSS
Easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
xsshunter
The XSS Hunter service - a portable version of XSSHunter.com.
dalfox
DalFox (Finder Of XSS) - Parameter Analysis and XSS Scanning tool based on golang.
xsser
Cross Site "Scripter" - automatic framework to detect, exploit and report XSS vulnerabilities.
XSpear
Powerful XSS Scanning and Parameter analysis tool & gem.
weaponised-XSS-payloads
XSS payloads designed to turn alert(1) into P1.
tracy
Tool to assist with finding all sinks and sources of a web application.
xssValidator
Burp intruder extender for automation and validation of XSS vulnerabilities.
JSShell
Interactive multi-user web JS shell.
bXSS
Utility to identify Blind Cross-Site Scripting for bug hunters and organizations.
docem
Utility to embed XXE and XSS payloads in docx, odt, pptx, etc (OXML_XEE on steroids).
XSS-Radar
Tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
BruteXSS
Tool written in python to find XSS vulnerabilities in web applications.
findom-xss
Fast DOM based XSS vulnerability scanner with simplicity.
domdig
DOM XSS scanner for Single Page Applications.
femida
Automated blind-xss search for Burp Suite.
domxssscanner
Online tool to scan source code for DOM based XSS vulnerabilities.
xsshunter_client
Correlated injection proxy tool for XSS Hunter.
extended-xss-search
Better version of xssfinder tool - scans for different types of XSS on a list of URLs.
xssmap
Tool based on Python3 to detect XSS vulnerabilities.
XSSCon
Simple XSS Scanner tool.
BitBlinder
BurpSuite extension to inject custom cross-site scripting payloads on every form/request to detect blind XSS.
XSSOauthPersistence
Maintaining account persistence via XSS and Oauth.
shadow-workers
Free and open source C2 and proxy for exploitation of XSS and malicious Service Workers.
rexsser
Burp plugin that extracts keywords from response using regexes and tests for reflected XSS.
xss-flare
XSS hunter on cloudflare serverless workers.
Xss-Sql-Fuzz
Burpsuite plugin automatically adds XSS SQL payload to fuzz all GET/POST parameters.
vaya-ciego-nen
Detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.
dom-based-xss-finder
Chrome extension that finds DOM based XSS vulnerabilities.
XSSTerminal
Develop your own XSS Payload using interactive typing.
xss2png
PNG IDAT chunks XSS payload generator.
XSSwagger
Simple Swagger-ui scanner that detects old versions vulnerable to XSS attacks.

🔑 API Security

Secretx
Extracting apt keys and secrets by requesting each URL in your list.

🪣 AWS S3 Bucket Tools

s3brute
S3 brute force tool.
S3-bucket-finder
Find AWS S3 buckets and extract data.
bucket-stream
Find interesting Amazon S3 Buckets by watching certificate.
slurp
Enumerate S3 buckets via certstream, domain, or keywords.
lazys3
Ruby script to bruteforce for AWS S3 buckets using different permutations.
cred scanner
Simple file-based scanner to look for potential AWS access and secret keys in files.
DumpsterDiver
Tool to analyze big volumes of various file types in search of hardcoded secrets like AWS keys, SSH keys, or passwords.
S3Scanner
Scan for open AWS S3 buckets and dump the contents.
AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets.
CloudScraper
Tool to enumerate targets in search of cloud resources: S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
s3viewer
Publicly Open Amazon AWS S3 Bucket Viewer.
festin
S3 Bucket Weakness Discovery.
s3reverse
Convert various S3 bucket formats into one format for bugbounty and security testing.
mass-s3-bucket-tester
Tests a list of S3 buckets to see if they have directory listings enabled or if they are uploadable.
S3BucketList
Firefox plugin that lists Amazon S3 Buckets found in requests.
dirlstr
Finds Directory Listings or open S3 buckets from a list of URLs.
Burp-AnonymousCloud
Burp extension that performs passive scan to identify cloud buckets and test for publicly accessible vulnerabilities.
kicks3
S3 bucket finder from HTML, JS and bucket misconfiguration testing tool.
2tearsinabucket
Enumerate S3 buckets for a specific target.
s3_objects_check
Whitebox evaluation of effective S3 object permissions to identify publicly accessible files.
s3tk
Security toolkit for Amazon S3.
CloudBrute
Awesome cloud enumerator.
s3cario
Gets CNAME first if it's a valid Amazon S3 bucket, otherwise checks if domain is a bucket name.
S3Cruze
All-in-one AWS S3 bucket tool for pentesters.

📜 JavaScript Analysis

JSParser
Python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files.
relative-url-extractor
Small tool that extracts relative URLs from a file.
sub.js
Tool to get JavaScript files from a list of URLs or subdomains.
LinkFinder
Python script that finds endpoints in JavaScript files.
JS-Scan
.js scanner built in PHP designed to scrape URLs and other info.
LinksDumper
Extract links/possible endpoints from responses & filter them via decoding/sorting.
GoLinkFinder
Fast and minimal JS endpoint extractor.
BurpJSLinkFinder
Burp Extension for passive scanning JS files for endpoint links.
getJS
Tool to quickly get all JavaScript sources/files.
linx
Reveals invisible links within JavaScript files.

🔍 Code Audit

Cobra
Source Code Security Audit tool.

🕷️ Crawlers

waybackMachine
Use Wayback Machine data to pull a list of paths.
meg
Fetch many paths for many hosts without killing the hosts.
hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within web applications.
igoturls
WaybackURLS + OtxURLS + CommonCrawl.
urlgrab
Golang utility to spider through a website searching for additional links.
waybackurls
Fetch all URLs that the Wayback Machine knows about for a domain.

⚙️ Frameworks

Sniper
Automated pentest framework for offensive security experts.
XRay
Tool for recon, mapping and OSINT gathering from public networks.
Datasploit
OSINT Framework to perform various recon techniques on Companies, People, Phone Numbers, Bitcoin Addresses, etc.
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning.
TIDoS-Framework
The Offensive Manual Web Application Penetration Testing Framework.
discover
Custom bash scripts to automate penetration testing tasks including recon, scanning, parsing, and creating malicious payloads.
lazyrecon
Script to automate reconnaissance process in an organized fashion.
003Recon
Tools to automate recon - 003random.
Vulmap
Web vulnerability scanning and verification tool with vulnerability verification function.

🔍 Subdomain Enumeration

Findomain
Fastest and cross-platform subdomain enumerator.
chaos-client
Go client to communicate with Chaos DNS API.
domained
Multi Tool Subdomain Enumeration.
bugcrowd-levelup-subdomain-enumeration
Material from "Esoteric sub-domain enumeration techniques" talk at Bugcrowd LevelUp 2017.
shuffledns
shuffleDNS wrapper around massdns for enumerating valid subdomains with wildcard handling.
censys-subdomain-finder
Perform subdomain enumeration using certificate transparency logs from Censys.
Turbolist3r
Subdomain enumeration tool with analysis features for discovered domains.
censys-enumeration
Extract subdomains/emails using SSL/TLS certificate dataset on Censys.
tugarecon
Fast subdomains enumeration tool for penetration testers.
as3nt
Another Subdomain ENumeration Tool.
Subra
Web-UI for subdomain enumeration (subfinder).
Substr3am
Passive reconnaissance/enumeration by watching for SSL certificates being issued.
enumall.py
Setup script for Recon-ng.
altdns
Generates permutations, alterations and mutations of subdomains and then resolves them.
brutesubs
Automation framework for running multiple subdomain bruteforcing tools in parallel via Docker Compose.
dns-parallel-prober
Parallelised domain name prober to find subdomains as fast as possible.
dnscan
Python wordlist-based DNS subdomain scanner.
hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
dnsx
Fast multi-purpose DNS toolkit to run multiple DNS queries with user-supplied resolvers.
crtndstry
Yet another subdomain finder.
VHostScan
Virtual host scanner that performs reverse lookups.
scilla
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.
sub3suite
Research-grade suite of tools for subdomain enumeration, intelligence gathering and attack surface mapping.
Aquatone
Tool for Domain Flyovers.
Knockpy
Python tool to enumerate subdomains on a target domain through a wordlist.
subbrute
DNS meta-query spider that enumerates DNS records and subdomains.
Assetfinder
Find domains and subdomains related to a given domain.
Rsdl
Subdomain Scan with the Ping Method.
Massdns
High-performance DNS stub resolver for bulk lookups and reconnaissance.
Subfinder
Subdomain discovery tool that discovers valid subdomains for websites - useful for bug bounties.
Amass
In-depth Attack Surface Mapping and Asset Discovery.
Sub.sh
Online Subdomain Detect Script.
Sublist3r
Fast subdomains enumeration tool for penetration testers.
Sudomy
Subdomain enumeration tool to collect subdomains and analyze domains for bug hunting.
dnsenum
Multithreaded perl script to enumerate DNS information and discover non-contiguous IP blocks.

🔌 Port Scanning

masscan
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
RustScan
The Modern Port Scanner.
naabu
Fast port scanner written in Go with focus on reliability and simplicity.
nmap
Nmap - the Network Mapper.
sandmap
Nmap on steroids. Simple CLI with pure Nmap engine, 31 modules with 459 scan profiles.
ScanCannon
Combines the speed of masscan with the reliability and detailed enumeration of nmap.

📸 Screenshots

EyeWitness
Takes screenshots of websites, provides server header info, and identifies default credentials.
aquatone
Tool for visual inspection of websites across many hosts for HTTP-based attack surface overview.
screenshoteer
Make website screenshots and mobile emulations from the command line.
gowitness
Golang web screenshot utility using Chrome Headless.
WitnessMe
Web Inventory tool with screenshots using Pyppeteer (headless Chrome/Chromium).
eyeballer
Convolutional neural network for analyzing pentest screenshots.
scrying
Tool for collecting RDP, web and VNC screenshots all in one place.
Depix
Recovers passwords from pixelized screenshots.
httpscreenshot
Tool for grabbing screenshots and HTML of large numbers of websites.

🔧 Technologies

wappalyzer
Identify technology on websites.
webanalyze
Port of Wappalyzer to automate mass scanning of website technologies.
python-builtwith
BuiltWith API client.
whatweb
Next generation web scanner.
retire.js
Scanner detecting use of JavaScript libraries with known vulnerabilities.
httpx
Fast multi-purpose HTTP toolkit using retryablehttp library for reliable results.
fingerprintx
Standalone utility for service discovery on open ports that works with bug bounty tools.

🗂️ Content Discovery

gobuster
Directory/File, DNS and VHost busting tool written in Go.
Feroxbuster
Fast, simple, recursive content discovery tool written in Rust.
Ffuf
Fast web fuzzer written in Go.
dirsearch
Web path scanner.
recursebuster
Rapid content discovery tool for recursively querying webservers.
filebuster
Extremely fast and flexible web fuzzer.
dirstalk
Extremely fast and flexible web fuzzer.
dirbuster-ng
Extremely fast and flexible web fuzzer.
gospider
Fast web spider written in Go.
crawley
Fast, feature-rich unix-way web scraper/crawler written in Golang.

🔗 Parameters

parameth
Tool for brute discovery of GET and POST parameters.
param-miner
Burp extension identifying hidden, unlinked parameters, useful for web cache poisoning vulnerabilities.
ParamPamPam
Tool for brute discover of GET and POST parameters.
Arjun
HTTP parameter discovery suite.
ParamSpider
Mining parameters from dark corners of Web Archives.

🌀 Fuzzing

wfuzz
Web application fuzzer.
ffuf
Fast web fuzzer written in Go.
fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection.
IntruderPayloads
Collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads.
fuzz.txt
Potentially dangerous files.
fuzzilli
JavaScript Engine Fuzzer.
fuzzapi
Tool for REST API pentesting using API_Fuzzer gem.
vaf
Very advanced (web) fuzzer written in Nim.

🎯 CORS Misconfiguration

Corsy
CORS Misconfiguration Scanner.
CORStest
Simple CORS misconfiguration scanner.
cors-scanner
Multi-threaded scanner that helps identify CORS flaws/misconfigurations.
CorsMe
Cross Origin Resource Sharing MisConfiguration Scanner.

↵ CRLF Injection

CRLFsuite
Fast tool specially designed to scan CRLF injection.
crlfuzz
Fast tool to scan CRLF vulnerability written in Go.
CRLF-Injection-Scanner
Command line tool for testing CRLF injection on a list of domains.
Injectus
CRLF and open redirect fuzzer.

🔄 CSRF Injection

XSRFProbe
Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

📁 Directory Traversal

dotdotpwn
The Directory Traversal Fuzzer.
FDsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
off-by-slash
Burp extension to detect alias traversal via NGINX misconfiguration at scale.
liffier
Short snippet to increment ../ on the URL for path traversal testing.

📄 File Inclusion

liffy
Local file inclusion exploitation tool.
Burp-LFI-tests
Fuzzing for LFI using Burpsuite.
LFI-Enum
Scripts to execute enumeration via LFI.
LFISuite
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner.
LFI-files
Wordlist to bruteforce for LFI.

📊 GraphQL Injection

inql
Burp Extension for GraphQL Security Testing.
GraphQLmap
Scripting engine to interact with GraphQL endpoints for pentesting.
shapeshifter
GraphQL security testing tool.
graphql_beautifier
Burp Suite extension to make GraphQL requests more readable.
clairvoyance
Obtain GraphQL API schema despite disabled introspection.

📋 Header Injection

headi
Customisable and automated HTTP header injection.

⚗️ Insecure Deserialization

ysoserial
Proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
GadgetProbe
Probe endpoints consuming Java serialized objects to identify classes, libraries, and versions.
ysoserial.net
Deserialization payload generator for .NET formatters.
phpggc
Library of PHP unserialize() payloads with tool to generate them.

🔓 Insecure Direct Object References

Autorize
Automatic authorization enforcement detection extension for Burp Suite.

↪️ Open Redirect

Oralyzer
Open Redirection Analyzer.
dom-red
Small script to check a list of domains against open redirect vulnerability.
OpenRedireX
Fuzzer for OpenRedirect issues.

🏁 Race Condition

razzer
Kernel fuzzer focusing on race bugs.
racepwn
Race Condition framework.
requests-racer
Small Python library to exploit race conditions in web apps with Requests.
turbo-intruder
Burp Suite extension for sending large numbers of HTTP requests and analyzing results.
race-the-web
Tests for race conditions in web applications with RESTful API for CI integration.

📦 Request Smuggling

http-request-smuggling
HTTP Request Smuggling Detection Tool.
smuggler
HTTP Request Smuggling / Desync testing tool written in Python 3.
h2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c).
tiscripts
Scripts to create Request Smuggling Desync payloads for CLTE and TECL style attacks.

🌐 Server Side Request Forgery (SSRF)

SSRFmap
Automatic SSRF fuzzer and exploitation tool.
Gopherus
Generates gopher links for exploiting SSRF and gaining RCE in various servers.
ground-control
Collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities.
SSRFire
Automated SSRF finder with options for XSS and open redirects.
httprebind
Automatic tool for DNS rebinding-based SSRF attacks.
ssrf-sheriff
Simple SSRF-testing sheriff written in Go.
B-XSSRF
Toolkit to detect and track Blind XSS, XXE & SSRF.
extended-ssrf-search
Smart SSRF scanner using parameter brute forcing in POST and GET.
gaussrf
Fetch URLs from AlienVault, Wayback Machine, Common Crawl and filter for SSRF parameters.
ssrfDetector
Server-side request forgery detector.
grafana-ssrf
Authenticated SSRF in Grafana.
sentrySSRF
Tool to search sentry config on page or in JavaScript files and check blind SSRF.
lorsrf
Bruteforcing on hidden parameters to find SSRF vulnerability using GET and POST methods.
singularity
DNS rebinding attack framework.
whonow
"Malicious" DNS server for executing DNS Rebinding attacks on the fly.
dns-rebind-toolkit
Front-end JavaScript toolkit for creating DNS rebinding attacks.
dref
DNS Rebinding Exploitation Framework.
rbndr
Simple DNS Rebinding Service.
dnsFookup
DNS rebinding toolkit.

📄 XXE Injection

dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
xxeserv
Mini webserver with FTP support for XXE payloads.
xxexploiter
Tool to help exploit XXE vulnerabilities.
XXEinjector
Tool for automatic exploitation of XXE vulnerability using direct and out of band methods.
oxml_xxe
Tool for embedding XXE/XML exploits into different filetypes.

🔑 Passwords

thc-hydra
Parallelized login cracker supporting numerous protocols.
DefaultCreds-cheat-sheet
Collection of default credentials for Blue/Red team activities.
changeme
Default credential scanner.
BruteX
Automatically brute force all services running on a target.
patator
Multi-purpose brute-forcer with modular design and flexible usage.

🕵️ Secrets

git-secrets
Prevents committing secrets and credentials into git repositories.
gitleaks
Scan git repos for secrets using regex and entropy.
truffleHog
Searches through git repositories for high entropy strings and secrets in commit history.
gitGraber
Monitors GitHub to search and find sensitive data in real time.
talisman
Git pre-push hook that validates outgoing changeset for suspicious content like tokens and keys.
GitGot
Semi-automated, feedback-driven tool to search through public GitHub data for secrets.
git-all-secrets
Captures all git secrets by leveraging multiple open source git searching tools.
github-search
Tools to perform basic search on GitHub.
git-vuln-finder
Finding potential software vulnerabilities from git commit messages.
commit-stream
OSINT tool for finding GitHub repositories by extracting commit logs in real time.
gitrob
Reconnaissance tool for GitHub organizations.
repo-supervisor
Scan code for security misconfiguration, passwords and secrets.
GitMiner
Tool for advanced mining for content on Github.
shhgit
Find GitHub secrets in real time.
detect-secrets
Enterprise friendly way of detecting and preventing secrets in code.
rusty-hog
Suite of secret scanners built in Rust for performance (based on TruffleHog).
whispers
Identify hardcoded secrets and dangerous behaviours.
yar
Tool for plunderin' organizations, users and/or repositories.
dufflebag
Search exposed EBS volumes for secrets.
secret-bridge
Monitors Github for leaked secrets.
earlybird
Sensitive data detection tool for scanning source code repositories.
Trufflehog-Chrome-Extension
Git

🐙 Git Tools

GitTools
Repository with 3 tools for pwn'ing websites with .git repositories available.
gitjacker
Leak git repositories from misconfigured websites.
git-dumper
Tool to dump a git repository from a website.
GitHunter
Tool for searching a Git repository for interesting content.
dvcs-ripper
Rip web accessible version control systems: SVN/GIT/HG.

🏗️ CMS

wpscan
Free black box WordPress security scanner for non-commercial use.
CMSeek
CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 170+ other CMSs.
Droopescan
Plugin-based scanner for identifying issues with Drupal, Silverstripe and other CMSs.
Drupwn
Drupal enumeration & exploitation tool.
WPSpider
Centralized dashboard for running and scheduling WordPress scans powered by wpscan.
wprecon
Wordpress Recon.
CMSmap
Python open source CMS scanner automating detection of security flaws in popular CMSs.
joomscan
OWASP Joomla Vulnerability Scanner Project.
pyfiscan
Free web-application vulnerability and version scanner.

🎫 JSON Web Token (JWT)

jwt_tool
Toolkit for testing, tweaking and cracking JSON Web Tokens.
c-jwt-cracker
JWT brute force cracker written in C.
jwt-heartbreaker
Burp extension to check JWT for keys from known public sources.
jwtear
Modular command-line tool to parse, create and manipulate JWT tokens for hackers.
jwt-key-id-injector
Simple python script to check against hypothetical JWT vulnerability.
jwt-hack
Tool for hacking/security testing JWT.
jwt-cracker
Simple HS256 JWT token brute force cracker.

💬 postMessage

postMessage-tracker
Chrome Extension to track postMessage usage (URL, domain and stack).
PostMessage_Fuzz_Tool
WebDeveloper Tool.

🎭 Subdomain Takeover

subjack
Subdomain Takeover tool written in Go.
Subdomain-takeover
Sub-Domain TakeOver Vulnerability Scanner.
Sub0ver
Powerful Subdomain Takeover Tool.
autoSubTakeover
Tool to check if CNAME resolves to scope address for possible takeover.
NSBrute
Python utility to takeover domains vulnerable to AWS NS Takeover.
can-i-take-over-xyz
List of services and how to claim (sub)domains with dangling DNS records.
cnames
Take list of resolved subdomains and output corresponding CNAMES en masse.
subHijack
Hijacking forgotten & misconfigured subdomains.
tko-subs
Tool to detect and takeover subdomains with dead DNS records.
HostileSubBruteforcer
Bruteforce for existing subdomains and check if 3rd party host is properly setup.
second-order
Second-order subdomain takeover scanner.
takeover
Tool for testing subdomain takeover possibilities at mass scale.
dnsReaper
Sub-domain takeover tool with emphasis on accuracy, speed and number of signatures.

📊 Vulnerability Scanners

nuclei
Fast tool for configurable targeted scanning based on templates with massive extensibility.
Sn1per
Automated pentest framework for offensive security experts.
metasploit-framework
Metasploit Framework.
nikto
Nikto web server scanner.
arachni
Web Application Security Scanner Framework.
jaeles
Swiss Army knife for automated Web Application Testing.
getsploit
Command line utility for searching and downloading exploits.
flan
Pretty sweet vulnerability scanner.
Findsploit
Find exploits in local and online databases instantly.
BlackWidow
Python web application scanner to gather OSINT and fuzz for OWASP vulnerabilities.
backslash-powered-scanner
Finds unknown classes of injection vulnerabilities.
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web vulnerabilities.
OWASP ZAP
World's most popular free web security tools maintained by international volunteers.

📦 Uncategorized

JSONBee
Ready to use JSONP endpoints/payloads to help bypass content security policy (CSP).
CyberChef
Cyber Swiss Army Knife - web app for encryption, encoding, compression and data analysis.
bountyplz
Automated security reporting from markdown templates (HackerOne and Bugcrowd supported).
PayloadsAllTheThings
List of useful payloads and bypass for Web Application Security and Pentest/CTF.
bounty-targets-data
Hourly-updated data dumps of bug bounty platform scopes (Hackerone/Bugcrowd/Intigriti/etc).
android-security-awesome
Collection of android security related resources.
awesome-mobile-security
Single place for all useful android and iOS security related stuff.
awesome-vulnerable-apps
Awesome Vulnerable Applications.
XFFenum
X-Forwarded-For [403 forbidden] enumeration.
Assetnote Wordlists
wordlists.assetnote.io

Total Categories

31

Total Tools

200+

Last Updated

December 2025