Bug Bounty Security Tools

A tool to check a bunch of URLs that contain reflecting params.

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Jeeves SQLI Finder

Find secrets with Gitleaks 🔑

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

A next-generation crawling and spidering framework.

The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.

CRLF and open redirect fuzzer

CORS Misconfiguration Scanner

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Fast passive subdomain enumeration tool.

A Python program to scrape secrets from GitHub through usage of a large repository of dorks.

Scan for misconfigured S3 buckets across S3-compatible APIs!

IP lookup by favicon using Shodan

A fast tool to scan CRLF vulnerability written in Go

Gau Plus

Scan only once by IP address and reduce scan times with Nmap for large amounts of data.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

DNS Enumeration Script

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Gospider - Fast web spider written in Go

Gotator is a tool to generate DNS wordlists through permutations.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.