The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

A recursive internet scanner for hackers.

WEAPOW é uma coleção de ferramentas criada para auxiliar em tarefas de segurança da informação, auditoria, PENTEST e BUGBOUNTY

SubScopeMongo is a Python-based command-line tool that helps you manage domains and subdomains in workspaces using an MongoDB database.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Web path scanner

Reversino is a tool for finding subdomains from IP ranges or CIDR subnets.

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

A keylogger designed for stealthy keystroke capture & analysis.

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

Automated All-in-One OS Command Injection Exploitation Tool.

A powerful collection of scripts for automating bug bounty hunting, vulnerability detection, and security analysis. Speed up your recon and exploitation workflows with ease!

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

GitHub Attack Toolkit - Extreme Edition

SCOPE [Subdomain Cache Observation, Poisoning & Evaluation] is a simple, yet powerful tool designed to help you find and test vulnerabilities in subdomains that might be exposed to cache poisoning attacks. If a website isn't properly handling cache, it could lead to security issues where malicious content gets stored and served to users.

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.

A heavily armed customizable phishing tool for educational purpose only

NextDisc is a discovery tool designed for analyzing applications built with Next.js. It extracts valuable information about the app’s structure, routes, and resources by parsing key files and data points commonly found in Next.js applications.

Top disclosed reports from HackerOne