More Tools
Last updated
Last updated
: Brute force domain names asynchronously
: Subdomain bruteforce
: Check if web servers in a domain are accessible
: Subdomain discovery
: Subdomain discovery in github
: Fast port scanning
: Subdomains and URLs from JS files in a web
: Web files dictionary
: BurpExtension to avoid dozens repeater tabs
: Obtain assets
: Google dorks
: Web BugBounty checklist
: Check a list of domain against Open Redirection
: Burp plugin, offline analysis to discover domains, subdomains and IPs
: List of different tools
: BurpSuite Plugingto find vulns (SQLi, XSS, SSTI)
: Chrome extension for tracking post-messages functions
: Automatic authentication tests (remove cookies and try to send the request)
: XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
: Lateral movements
: LOL bins
(): Persistence
: Windows Process Injection techniques
: Red Team scripts
: find security-related misconfigurations in Active Directory Group Policy.
: Securestring obfuscation
: Parent PID Spoofing
: Encrypt Powershell payloads
: Stealth C2
: Series of logs about Windows Internals
: Track who open a document
: Active Directory Cheat Sheet
Como extraer firmware si no lo encontramos online:
Aqui un firware con vulnerabilidades para analizar:
y por aqui la metodologia owasp para analizar firmware:
: Static code analysis
: Bluetooth LE CTF
: SSH tarpit that slowly sends an endless banner.
AWS and Cloud tools:
IFS (Interplanetary File System) for phising:
IP rotation services:
Linux rootkit:
: Online IDE
: Resources for starting on BugBounties
: IOS pentesting tools
: Keywords
: Hacking IoT (Wifi, BLE, SSDP, MDNS)
: automating scanning
: This list aims to cover Electron.js security related topics.
: Info about BB programs