Recon
- nuclei recon
- Asnmap
- Nuclei
- Nuclei Forge - Visual Editor & Builder for Nuclei Templates nuclei
- BishopFox/GitGot: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets. leaked-secrets
- intruder-io/autoswagger: Autoswagger by Intruder - detect API auth weaknesses broken-access-control
- Secrets Ninja info-disclose leaked-secrets
- musana/fuzzuli: fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain. backup-files
- Profundis – Hosts Search Engine recon
- mrh0wl/Cloudmare: Cloudflare, Sucuri, Incapsula real IP tracker. recon WAF
- Index of /: wordlists of Assetnote.
- KingOfBugbounty/enumrust: Subdomain Enumerator and Simple Crawler recon
- Default 404 Pages | 0xdf hacks stuff
- KeysKit leaked-secrets
- Google Dorks for Bug Bounty
- dorking g0d.pdf cheat-sheet
- DorkSearch
- IP.THC.ORG - Reverse-DNS, Subdomain and CNAME Lookups
Network
- GitHub - gojue/ecapture: Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
- Pennyw0rth/NetExec: The Network Execution Tool network-hacking
- FlareSolverr/FlareSolverr: Proxy server to bypass Cloudflare protection cloudflare proxy
- PortSwigger/bypass-bot-detection: Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection burp-suite
- 0b1d1 on X: “🛡️ cf-hero – Technical Overview cf-hero is an open-source CLI tool that reveals the real IP addresses of websites hidden behind Cloudflare’s reverse proxy protection. GITHUB Link 🔗 ⤵️⤵️ https://t.co/3wLVGUoY9c” / X recon
- haad/proxychains: proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: “user/pass” for SOCKS4/5, “basic” for HTTP. proxy
- TheSpeedX/PROXY-List: Get PROXY List that gets updated everyday proxy
Scanner
- r0oth3x49/ghauri: An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws SQLi
- Chocapikk/wpprobe: A fast WordPress plugin enumeration tool wordpress
- Moopinger/smugglefuzz: A rapid HTTP downgrade smuggling scanner written in Go.
IDOR
XSS
- XSS Payloads
- fransr/postMessage-tracker: A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon postmessage
- swoops/eval_villain: A Firefox Web Extension to improve the discovery of DOM XSS. XSS
- ClobberX: generate DOM clobbering payloads DOM-clobbering
- Eval Villain
- DOMLogger++
- adrgs/fontleak: Fast exfiltration of text using only CSS and Ligatures CSS-injection
- CSP Evaluator CSP
- mXSS cheatsheet mXSS
- JS-DOMestify obfuscation
CSRF
SSRF
- Hackability inspector | PortSwigger Research: check the hackability of the browser used for rendering the page.
- 1u.ms: SSRF with DNS rebinding.
- SSRFUtility - SSRF Exploitation Tool: similar with Burp Suite Collaborator and Interact.sh
SSTI
SQL Injection
JWT
GraphQL
WebSocket
- PalindromeLabs/STEWS: A Security Tool for Enumerating WebSockets web-socket-vulns
- hahwul/ws-smuggler: WebSocket Connection Smuggler web-socket-vulns
Brute-Force
- mufeedvh/pdfrip: A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks. password-attacking
- WebCrack GPU
Web Extensions
API
Red Team
- AD-Security/AD_Miner: AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the Bloodhound graph database to uncover security weaknesses redteam active-directory
- 0xdea/blindsight: Red teaming tool to dump LSASS memory, bypassing basic countermeasures. redteam dump-memory
- Aur3ns/LsassStealer: Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testing only! redteam
- Maldev-Academy/Alphabetfuscation: Convert your shellcode into an ASCII string development
- jakehildreth/Locksmith: A small tool built to find and fix common misconfigurations in Active Directory Certificate Services. active-directory
- BloodHound Query Library bloodhound active-directory
- xaitax/NTSleuth: Comprehensive Windows Syscall Extraction & Analysis Framework system-call
- WinRM
- Relyze - Interactive x86, x64, ARM32 and ARM64 software reverse engineering reversing
- 0xflux/Wyrm: The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments. C2
- GitHub - TwoSevenOneT/EDR-Freeze: EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state. EDR
- GitHub - 0xNinjaCyclone/AsmLdr: Dynamic shellcode loader with sophisticated evasion capabilities loader
- googleprojectzero/symboliclink-testing-tools
- GitHub - cyberark/PipeViewer: A tool that shows detailed information about named pipes in Windows named-pipe
- GitHub - trailofbits/RpcInvestigator: Exploring RPC interfaces on Windows RPC
- GitHub - cyberark/RPCMon: RPC Monitor tool based on Event Tracing for Windows
- GitHub - cyberark/DLLSpy: DLL Hijacking Detection Tool
OSINT
- eyedex - open directory search engine
- 0b1d1 on X: “🕷️ SpiderFoot: Automated OSINT Tool Your go-to solution for gathering open-source intelligence on domains, IPs, emails, usernames, and more. ⤵️Learn More Plus GitHub Repo👇🏻⤵️ https://t.co/hUrFoSdgmD” / X OSINT
- p1ngul1n0/blackbird: An OSINT tool to search for accounts by username and email in social networks. OSINT redteam
- mxrch/GHunt: 🕵️♂️ Offensive Google framework. OSINT redteam
- GreyNoise Visualizer | GreyNoise Visualizer: search for IP addresses and see their activity on the internet OSINT
- Clats97/ClatScope: ClatScope Info Tool – The best and most versatile OSINT utility for retrieving geolocation, DNS, WHOIS, phone, email, data breach information and much more (70+ features). Perfect for investigators, pentesters, or anyone looking for an effective reconnaissance / OSINT tool. OSINT
- AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time OSINT threat-intelligence
- Cisco Talos Intelligence Group - Comprehensive Threat Intelligence threat-intelligence
- Title Unavailable | Site Unreachable
AI
- ASCII Smuggler Tool: Crafting Invisible Text and Decoding Hidden Codes · Embrace The Red
- BishopFox/BrokenHill: A productionized greedy coordinate gradient (GCG) attack tool for large language models (LLMs) (for GCG only)
- Fcrespo04/FuzzyAI: A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential jailbreaks in their LLM APIs. (this is a forked with custom results management. Has many attack types and can generate dynamic payloads, can attack system prompt or HTTP request).
- Giskard-AI/giskard-oss: 🐢 Open-Source Evaluation & Testing library for LLM Agents (works as a library)
- GitHub - utkusen/promptmap: a security scanner for custom LLM applications (only the prompts are valuable)
- IoPC Registry - Indicators of Prompt Compromise (works like a cheatsheet of prompts)
- LLAMATOR-Core/llamator: Framework for testing vulnerabilities of large language models (LLM). (works as a library, has many attack types)
- NVIDIA/garak: the LLM vulnerability scanner (can test the model, REST API)
- promptfoo/promptfoo: Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration. (has many attacks, web UI, easy to config and really powerful).
- prompt-security/ps-fuzz: Make your GenAI Apps Safe & Secure Test & harden your system prompt (great against system prompt but using hardcoded payloads)
- protectai/llm-guard: The Security Toolkit for LLM Interactions (WAF for AI applications)
- PyRIT — PyRIT Documentation
- ReversecLabs/spikee (can test the model and AI application)
- splx-ai/agentic-radar: A security scanner for your LLM agentic workflows AI-agent-hacking (for testing AI agents/workflows)
- trailofbits/anamorpher: image scaling attacks for multi-modal prompt injection image-downscale-attack (for image downscale attack - related to visual prompt injection)
- InjectPrompt - Jailbreaks cheat-sheet
- InjectPrompt - System Prompts cheat-sheet
- GitHub - msoedov/agentic_security: Agentic LLM Vulnerability Scanner / AI red teaming kit 🧪 AI-agent-hacking
- Ideogram: for visual prompt injection
- GitHub - invoke-ai/InvokeAI: Invoke is a leading creative engine for Stable Diffusion models, empowering professionals, artists, and enthusiasts to generate and create visual media using the latest AI-driven technologies. The solution offers an industry leading WebUI, and serves as the foundation for multiple commercial products.: for visual prompt injection stable-diffusion
- TokenBuster: playing with Special Token Injection
- GitHub - greshake/llm-security: New ways of breaking app-integrated LLMs
Cloud
- Hacking The Cloud - Hacking The Cloud
- MuhammadKhizerJaved/Insecure-Firebase-Exploit: A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both “read” & “write” an attacker can probably dump database and write his own data to firebase db. firebase
Audit
Web3
- nascentxyz/pyrometer: A tool for analyzing the security and parameters of a solidity smart contract smart-contract-audit
- EVM-Storage.codes | EVM Smart Contract Storage Viewer and Comparator
- Scaffold-ETH 2 - Open source toolkit to build dApps on Ethereum: visualize smart contracts
- Dashboard - Alchemy: monitor failed transactions
- Signature Database: database for function selectors lookup to avoid signature collisions in smart contracts.
- DefiLlama - DeFi Dashboard: provides a current snapshot of the DeFi industry.
Mobile
Misc
- Bulk Data Access | ip.thc.org
- GitHub - zack0x01/CVE-2025-55182-advanced-scanner-
- streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they’re valid. info-disclose leaked-secrets
- Trufflehog alternative: mongodb/kingfisher: Kingfisher is a blazingly fast secret‑scanning and validation tool built in Rust leaked-secrets
- UndeadSec/DockerSpy: DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. OSINT info-disclose leaked-secrets
- Playground | recheck ReDoS : ReDoS checker
- avlidienbrunn/archivealchemist: Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities. archive-attacks
- jonaslejon/malicious-pdf: 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh pdf
- GitHub - irsdl/auraditor: A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities. salesforce
- XSinator - XS-Leak Browser Test Suite xs-leak
- A better zip bomb archive-attacks DoS
- Webpack Exploder electron
- GitHub - doyensec/electronegativity: Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications. electron