Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit

A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers

Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

JSHawk is a powerful, context-aware JavaScript security scanner that hunts for exposed credentials, API keys, and sensitive information in JavaScript files with surgical precision.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

HardeningKitty - Checks and hardens your Windows configuration

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

Gotator is a tool to generate DNS wordlists through permutations.

Scrape domain names from SSL certificates of arbitrary hosts

Micro-agent framework for Caido

best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect

The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cl…

🎉 CVE Monitor v1.0

web cache deception detect

XSS'OR - Hack with JavaScript.

unleashed ffuf

A fast, minimalistic scanner for time-based SQL injection (SQLi) detection – built in Go.

一款长亭自研的完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

This is go CLI tool for send fast Multiple get HTTP request.

jxscout superpowers JavaScript analysis for security researchers

Entity graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights.

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Analyse your malware to surgically obfuscate it

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!