Unleash the power of cloud

Finds Documents On Cloud Assets Using grayhatwarfare API for short urls

A curated list of various bug bounty tools

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration

A browser extension for OSINT search

Quickly discover exposed hosts on the internet using multiple search engines.

A powerful browser crawler for web vulnerability scanners

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations

Archive of Potential Insider Threats

Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

A tool for enumerating expired domains in CNAME records

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Standalone utility for service discovery on open ports!

An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.