Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

A basic IP address counter for large, complex, or discontinuous ranges.

Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server

Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

a simple command line tool to get RiseupVPN up and running

A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces

🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Easy subdomain finder from a list of company names, IP ranges or domains.

Go CLI and Library for quickly mapping organization network ranges using ASN information.

Utility program to perform multiple operations for a given subnet/CIDR ranges.

HackerOne "in scope" domains

HTTP Request Smuggling Detection Tool

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Tools and Techniques for Red Team / Penetration Testing

discontinued

Fancy reverse and bind shell handler

A WordPress detect tool

Find web directories without bruteforce

php backdoors collection

Open-source tool to bypass windows and linux passwords from bootable usb

A curated list wordlists for bruteforcing and fuzzing

Find, verify, and analyze leaked credentials

HTTP parameter discovery suite.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Some of the best web shells that you might need!

An open-source intelligence (OSINT) analysis tool leveraging GPT-powered embeddings and vector search engines for efficient data processing

Making Favicon.ico based Recon Great again !