AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Top disclosed reports from HackerOne

Fast passive subdomain enumeration tool.

Subdomain takeover vulnerability checker

A repo to showcase web3 hacks

The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.

Fast web fuzzer written in Go

A curated list of awesome OSCP resources

Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Scan for misconfigured S3 buckets across S3-compatible APIs!

Smart Contract Audit Reports

The Web3 Security Resources Hub is a comprehensive collection of curated tools, guides, and best practices for securing decentralized systems and smart contracts in the blockchain space.

SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

Find secrets with Gitleaks 🔑

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

PowerSploit - A PowerShell Post-Exploitation Framework

Take a list of domains and probe for working HTTP and HTTPS servers

Find domains and subdomains related to a given domain

A list of interesting payloads, tips and tricks for bug bounty hunters.

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

In-depth attack surface mapping and asset discovery

Find, verify, and analyze leaked credentials

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security teste…

⚙️ An efficient tool to do in-depth comparison of two android apps.

Django application that performs SAST and Malware Analysis for Android APKs