Here's a list of github repos and tools that I believe are awesome and should be promoted and used.
- Semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- RegexPassive - Collection of regexp pattern for security passive scanning
- PayloadAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- OneListForAll - Rockyou for web fuzzing by six2dez
- Prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
- PurplePanda - Identify privilege escalation paths within and across different clouds
- Tornado - Anonymously Reverse Shell over Tor Network using Hidden services without Portforwarding.
- Hakoriginfinder - Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
- Nemesis - URL scanner for recon, vulnerabilities, secrets and more!
- reconFTW - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
- rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
- Inventory - Asset inventory on public bug bounty programs.
- HowToHunt - Tutorials and Things to Do while Hunting Vulnerability.
- Keyhacks - Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
- TruffleHog - Find credentials all over the place on Github Repos
- Buggyapp - Android - Buggyapp is an vulnerable android application. This app can be used by pentesters, security researchers to practice Android application pentesting. This is build for beginners to learn basics about Android application pentesting
All about bug bounty (bypasses, payloads, and etc
Useful Match and Replace BurpSuite Rules
a free, open source, cross platform Intelligence gathering tool
Automated Recon for Pentesting & Bug Bounty
Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more
Authenticated Scanning
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
crawls the website and finds broken social media links that can be hijacked
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
The most exhaustive list of reliable DNS resolvers.
Create and Run Intelligent Automation Scripts Without learning bash scripting
A simple script just made for self use for bypassing 403
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
reNgine is an automated reconnaissance framework
PoC auto collect from GitHub.