针对SpringBoot的渗透工具，Spring漏洞利用工具

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive inf…

Header Exploitation HTTP

OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

HTTP parameter discovery suite.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

A tool for adding new lines to files, skipping duplicates

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, …

Resolve and quickly portscan a list of (sub)domains.

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

A script to set up a quick Ubuntu 17.10 x64 box with tools I use.

Web path scanner

This script is intended to automate your reconnaissance process in an organized fashion

A simple script to screenshot a list of websites

Knock Subdomain Scan

APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains. Supports HTTP/HTTPS, multi-threading, and flexible input/output options. Ideal for API security testing.

Datasets, tools, and benchmarks for representation learning of code.

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

A next-generation crawling and spidering framework.

crawler for finding reflected parameters and reflecting special characters!

In-depth attack surface mapping and asset discovery

A Tool for Domain Flyovers

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

An open source application scanning tool

Prevents you from committing secrets and credentials into git repositories

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

Find secrets with Gitleaks 🔑

Automated NoSQL database enumeration and web application exploitation tool.

Modern framework for fast, powerful React apps