A Security Tool for Bug Bounty, Pentest and Red Teaming.

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

Get some useful data from Clouds for your targets

Go tool that detects which email addresses have domains which are able to be registered

Little Bug Bounty & Hacking Tools⚔️

A faster LFI Fuzzer.

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

Multi-threaded DNS resolvers fetch and validation

A command-line interface (CLI) based passive subdomain discovery utility. It is designed to efficiently identify known subdomains of given domains by tapping into a multitude of curated online passive sources.

OSINT tools and more but without API key

A Workflow Engine for Offensive Security

HackerOne target retreival - for fetching HackerOne bug bounty targets via the HackerOne API, and filtering them.

Go HackerOne API client for bug bounty target selection

Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.

Distributed network and vulnerability scanner

Parameter Extractor written in golang

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it