Bug Bounty Security Tools

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

Scan for misconfigured S3 buckets across S3-compatible APIs!

IP lookup by favicon using Shodan

A fast tool to scan CRLF vulnerability written in Go

Gau Plus

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

DNS Enumeration Script

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Gospider - Fast web spider written in Go

Gotator is a tool to generate DNS wordlists through permutations.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

Find subdomains on GitHub.

Fetch all the URLs that the Wayback Machine knows about for a domain

In-depth attack surface mapping and asset discovery