Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

Take a list of domains/subdomains and probe for working http/https server.

A Burp Suite extension to extract datas from source code while browsing.

HTTP parameter discovery suite.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Javascript security analysis (JSA) is a program for javascript analysis during web application security assessment.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

A script that you can run in the background!

VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

侦查守卫(ObserverWard)的指纹库

The official command-line client for spyse.com

A powerful browser crawler for web vulnerability scanners

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

a Go code to detect leaks in JS files via regex patterns

Go scripts for finding sensitive data like API key / some keywords in the github repository

Tool to scan for secret files on HTTP servers

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…

Attack surface mapping

Go scripts for checking API key / access token validity

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Hidden parameters discovery suite

KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Ports.

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.

A high performance TCP SYN port scanner.

Tool to search secrets in various filetypes.