[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-7757":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":18,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":24,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":35,"readmeContent":36,"aiSummary":37,"trendingCount":16,"starSnapshotCount":16,"syncStatus":15,"lastSyncTime":38,"discoverSource":39},7757,"WebHackersWeapons","hahwul\u002FWebHackersWeapons","hahwul","⚔️ Web Hacker's Weapons \u002F A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting","",null,"Ruby",4625,764,140,2,0,1,7,32,69.35,"MIT License",false,"main",true,[26,27,28,29,30,31,32,33,34],"awesome-list","bugbounty","bugbountytips","hacking","hacktoberfest","scanner","security","tools","webhacking","2026-06-12 04:00:35","\n\u003Cdiv align=\"center\">\n  \u003Cpicture>\n    \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"images\u002Fwhw-dark.png\" width=\"500px;\">\n    \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"images\u002Fwhw-light.png\" width=\"500px;\">\n    \u003Cimg alt=\"WebHackersWeapons Logo\" src=\"images\u002Fwhw-dark.png\" width=\"500px;\">\n  \u003C\u002Fpicture>\n  \u003Cp>A collection of awesome tools used by Web hackers. Happy hacking , Happy bug-hunting!\u003C\u002Fp>\n\u003C\u002Fdiv>\n\n\u003Cp align=\"center\">\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhahwul\u002FWebHackersWeapons\u002Fblob\u002Fmain\u002FCONTRIBUTING.md\">\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCONTRIBUTIONS-WELCOME-000000?style=for-the-badge&labelColor=black\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n## Family project\n[![WebHackersWeapons](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhahwul\u002FWebHackersWeapons?label=WebHackersWeapons)](https:\u002F\u002Fgithub.com\u002Fhahwul\u002FWebHackersWeapons)\n[![MobileHackersWeapons](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhahwul\u002FMobileHackersWeapons?label=MobileHackersWeapons)](https:\u002F\u002Fgithub.com\u002Fhahwul\u002FMobileHackersWeapons)\n\n## Table of Contents\n- [Weapons](#weapons)\n  - [Tools](#tools)\n  - [Bookmarklets](#bookmarklets)\n  - [Browser Addons](#browser-addons)\n  - [Burpsuite, Caido and ZAP Addons](#burpsuite-caido-and-zap-addons)\n- [Contribute](CONTRIBUTING.md)\n- [Thanks to contributor](#thanks-to-contributor)\n\n## Weapons\n*Attributes*\n|       | Attributes                                        |\n|-------|---------------------------------------------------|\n| Types | `Army-Knife` `Proxy` `Recon` `Fuzzer` `Scanner` `Exploit` `Env` `Utils` `Etc`|\n| Tags  | [`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md) [`live-audit`](\u002Fcategorize\u002Ftags\u002Flive-audit.md) [`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md) [`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md) [`recon`](\u002Fcategorize\u002Ftags\u002Frecon.md) [`forensics`](\u002Fcategorize\u002Ftags\u002Fforensics.md) [`social-engineering`](\u002Fcategorize\u002Ftags\u002Fsocial-engineering.md) [`steganography`](\u002Fcategorize\u002Ftags\u002Fsteganography.md) [`pentest`](\u002Fcategorize\u002Ftags\u002Fpentest.md) [`exploit`](\u002Fcategorize\u002Ftags\u002Fexploit.md) [`infra`](\u002Fcategorize\u002Ftags\u002Finfra.md) [`http`](\u002Fcategorize\u002Ftags\u002Fhttp.md) [`repeater`](\u002Fcategorize\u002Ftags\u002Frepeater.md) [`asn`](\u002Fcategorize\u002Ftags\u002Fasn.md) [`network-mapping`](\u002Fcategorize\u002Ftags\u002Fnetwork-mapping.md) [`cloud`](\u002Fcategorize\u002Ftags\u002Fcloud.md) [`asset-discovery`](\u002Fcategorize\u002Ftags\u002Fasset-discovery.md) [`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md) [`apk`](\u002Fcategorize\u002Ftags\u002Fapk.md) [`url`](\u002Fcategorize\u002Ftags\u002Furl.md) [`endpoint`](\u002Fcategorize\u002Ftags\u002Fendpoint.md) [`csp`](\u002Fcategorize\u002Ftags\u002Fcsp.md) [`param`](\u002Fcategorize\u002Ftags\u002Fparam.md) [`ssl`](\u002Fcategorize\u002Ftags\u002Fssl.md) [`tls`](\u002Fcategorize\u002Ftags\u002Ftls.md) [`certificates`](\u002Fcategorize\u002Ftags\u002Fcertificates.md) [`attack-surface`](\u002Fcategorize\u002Ftags\u002Fattack-surface.md) [`port`](\u002Fcategorize\u002Ftags\u002Fport.md) [`favicon`](\u002Fcategorize\u002Ftags\u002Ffavicon.md) [`js-analysis`](\u002Fcategorize\u002Ftags\u002Fjs-analysis.md) [`takeover`](\u002Fcategorize\u002Ftags\u002Ftakeover.md) [`portscan`](\u002Fcategorize\u002Ftags\u002Fportscan.md) [`domain`](\u002Fcategorize\u002Ftags\u002Fdomain.md) [`online`](\u002Fcategorize\u002Ftags\u002Fonline.md) [`graphql`](\u002Fcategorize\u002Ftags\u002Fgraphql.md) [`wordlist`](\u002Fcategorize\u002Ftags\u002Fwordlist.md) [`permutation`](\u002Fcategorize\u002Ftags\u002Fpermutation.md) [`cache-vuln`](\u002Fcategorize\u002Ftags\u002Fcache-vuln.md) [`path-traversal`](\u002Fcategorize\u002Ftags\u002Fpath-traversal.md) [`prototypepollution`](\u002Fcategorize\u002Ftags\u002Fprototypepollution.md) [`prototype-pollution`](\u002Fcategorize\u002Ftags\u002Fprototype-pollution.md) [`smuggle`](\u002Fcategorize\u002Ftags\u002Fsmuggle.md) [`fuzz`](\u002Fcategorize\u002Ftags\u002Ffuzz.md) [`ssrf`](\u002Fcategorize\u002Ftags\u002Fssrf.md) [`jwt`](\u002Fcategorize\u002Ftags\u002Fjwt.md) [`crlf`](\u002Fcategorize\u002Ftags\u002Fcrlf.md) [`header`](\u002Fcategorize\u002Ftags\u002Fheader.md) [`ssti`](\u002Fcategorize\u002Ftags\u002Fssti.md) [`vulnerability-scanner`](\u002Fcategorize\u002Ftags\u002Fvulnerability-scanner.md) [`dependency-scanning`](\u002Fcategorize\u002Ftags\u002Fdependency-scanning.md) [`xss`](\u002Fcategorize\u002Ftags\u002Fxss.md) [`s3`](\u002Fcategorize\u002Ftags\u002Fs3.md) [`container-security`](\u002Fcategorize\u002Ftags\u002Fcontainer-security.md) [`sbom`](\u002Fcategorize\u002Ftags\u002Fsbom.md) [`broken-link`](\u002Fcategorize\u002Ftags\u002Fbroken-link.md) [`cors`](\u002Fcategorize\u002Ftags\u002Fcors.md) [`sqli`](\u002Fcategorize\u002Ftags\u002Fsqli.md) [`lfi`](\u002Fcategorize\u002Ftags\u002Flfi.md) [`rfi`](\u002Fcategorize\u002Ftags\u002Frfi.md) [`open-redirect`](\u002Fcategorize\u002Ftags\u002Fopen-redirect.md) [`nosqli`](\u002Fcategorize\u002Ftags\u002Fnosqli.md) [`oast`](\u002Fcategorize\u002Ftags\u002Foast.md) [`web-scanner`](\u002Fcategorize\u002Ftags\u002Fweb-scanner.md) [`aaa`](\u002Fcategorize\u002Ftags\u002Faaa.md) [`dependency-confusion`](\u002Fcategorize\u002Ftags\u002Fdependency-confusion.md) [`403`](\u002Fcategorize\u002Ftags\u002F403.md) [`secret-scanning`](\u002Fcategorize\u002Ftags\u002Fsecret-scanning.md) [`credentials`](\u002Fcategorize\u002Ftags\u002Fcredentials.md) [`sast`](\u002Fcategorize\u002Ftags\u002Fsast.md) [`code-analysis`](\u002Fcategorize\u002Ftags\u002Fcode-analysis.md) [`aws`](\u002Fcategorize\u002Ftags\u002Faws.md) [`security`](\u002Fcategorize\u002Ftags\u002Fsecurity.md) [`terraform`](\u002Fcategorize\u002Ftags\u002Fterraform.md) [`xxe`](\u002Fcategorize\u002Ftags\u002Fxxe.md) [`RMI`](\u002Fcategorize\u002Ftags\u002FRMI.md) [`rop`](\u002Fcategorize\u002Ftags\u002Frop.md) [`authentication`](\u002Fcategorize\u002Ftags\u002Fauthentication.md) [`zipbomb`](\u002Fcategorize\u002Ftags\u002Fzipbomb.md) [`cidr`](\u002Fcategorize\u002Ftags\u002Fcidr.md) [`network`](\u002Fcategorize\u002Ftags\u002Fnetwork.md) [`ip-manipulation`](\u002Fcategorize\u002Ftags\u002Fip-manipulation.md) [`deserialize`](\u002Fcategorize\u002Ftags\u002Fdeserialize.md) [`web3`](\u002Fcategorize\u002Ftags\u002Fweb3.md) [`gRPC-Web`](\u002Fcategorize\u002Ftags\u002FgRPC-Web.md) [`notify`](\u002Fcategorize\u002Ftags\u002Fnotify.md) [`documents`](\u002Fcategorize\u002Ftags\u002Fdocuments.md) [`cookie`](\u002Fcategorize\u002Ftags\u002Fcookie.md) [`note`](\u002Fcategorize\u002Ftags\u002Fnote.md) [`blind-xss`](\u002Fcategorize\u002Ftags\u002Fblind-xss.md) [`encode`](\u002Fcategorize\u002Ftags\u002Fencode.md) [`payload`](\u002Fcategorize\u002Ftags\u002Fpayload.md) [`darkmode`](\u002Fcategorize\u002Ftags\u002Fdarkmode.md) [`nuclei-templates`](\u002Fcategorize\u002Ftags\u002Fnuclei-templates.md) [`package-manager`](\u002Fcategorize\u002Ftags\u002Fpackage-manager.md) [`tools-management`](\u002Fcategorize\u002Ftags\u002Ftools-management.md) [`dom`](\u002Fcategorize\u002Ftags\u002Fdom.md) [`race-condition`](\u002Fcategorize\u002Ftags\u002Frace-condition.md) [`diff`](\u002Fcategorize\u002Ftags\u002Fdiff.md) [`clipboard`](\u002Fcategorize\u002Ftags\u002Fclipboard.md) [`json`](\u002Fcategorize\u002Ftags\u002Fjson.md) [`browser-record`](\u002Fcategorize\u002Ftags\u002Fbrowser-record.md) [`report`](\u002Fcategorize\u002Ftags\u002Freport.md)                         |\n| Langs | [`Java`](\u002Fcategorize\u002Flangs\u002FJava.md) [`Python`](\u002Fcategorize\u002Flangs\u002FPython.md) [`Ruby`](\u002Fcategorize\u002Flangs\u002FRuby.md) [`Go`](\u002Fcategorize\u002Flangs\u002FGo.md) [`Shell`](\u002Fcategorize\u002Flangs\u002FShell.md) [`JavaScript`](\u002Fcategorize\u002Flangs\u002FJavaScript.md) [`Rust`](\u002Fcategorize\u002Flangs\u002FRust.md) [`Kotlin`](\u002Fcategorize\u002Flangs\u002FKotlin.md) [`Crystal`](\u002Fcategorize\u002Flangs\u002FCrystal.md) [`C`](\u002Fcategorize\u002Flangs\u002FC.md) [`Perl`](\u002Fcategorize\u002Flangs\u002FPerl.md) [`C#`](\u002Fcategorize\u002Flangs\u002FC%23.md) [`TypeScript`](\u002Fcategorize\u002Flangs\u002FTypeScript.md) [`Txt`](\u002Fcategorize\u002Flangs\u002FTxt.md) [`HTML`](\u002Fcategorize\u002Flangs\u002FHTML.md) [`BlitzBasic`](\u002Fcategorize\u002Flangs\u002FBlitzBasic.md) [`CSS`](\u002Fcategorize\u002Flangs\u002FCSS.md) [`C++`](\u002Fcategorize\u002Flangs\u002FC++.md) [`PHP`](\u002Fcategorize\u002Flangs\u002FPHP.md)                        |\n\n### Tools\n| Type | Name | Description | Star | Tags | Badges |\n| --- | --- | --- | --- | --- | --- |\n|Army-Knife|[ZAP](https:\u002F\u002Fgithub.com\u002Fzaproxy\u002Fzaproxy)|The ZAP core project|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fzaproxy\u002Fzaproxy?label=%20)|[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md) [`live-audit`](\u002Fcategorize\u002Ftags\u002Flive-audit.md) [`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)![zap](\u002Fimages\u002Fzap.png)[![Java](\u002Fimages\u002Fjava.png)](\u002Fcategorize\u002Flangs\u002FJava.md)|\n|Army-knife|[Baudrillard Suite](https:\u002F\u002Fgithub.com\u002Fbad-antics\u002Fbaudrillard-suite)|Cross-platform security research toolkit with OSINT aggregation, memory forensics, social engineering tools, steganography, and predictive threat modeling.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbad-antics\u002Fbaudrillard-suite?label=%20)|[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md) [`recon`](\u002Fcategorize\u002Ftags\u002Frecon.md) [`forensics`](\u002Fcategorize\u002Ftags\u002Fforensics.md) [`social-engineering`](\u002Fcategorize\u002Ftags\u002Fsocial-engineering.md) [`steganography`](\u002Fcategorize\u002Ftags\u002Fsteganography.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Army-Knife|[Metasploit](https:\u002F\u002Fgithub.com\u002Frapid7\u002Fmetasploit-framework)|The world’s most used penetration testing framework|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Frapid7\u002Fmetasploit-framework?label=%20)|[`pentest`](\u002Fcategorize\u002Ftags\u002Fpentest.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Ruby](\u002Fimages\u002Fruby.png)](\u002Fcategorize\u002Flangs\u002FRuby.md)|\n|Army-Knife|[BurpSuite](https:\u002F\u002Fportswigger.net\u002Fburp)|The BurpSuite Project||[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md) [`live-audit`](\u002Fcategorize\u002Ftags\u002Flive-audit.md) [`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)![burp](\u002Fimages\u002Fburp.png)[![Java](\u002Fimages\u002Fjava.png)](\u002Fcategorize\u002Flangs\u002FJava.md)|\n|Army-knife|[Ronin](https:\u002F\u002Fronin-rb.dev)|Free and Open Source Ruby Toolkit for Security Research and Development||[`pentest`](\u002Fcategorize\u002Ftags\u002Fpentest.md) [`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md) [`recon`](\u002Fcategorize\u002Ftags\u002Frecon.md) [`exploit`](\u002Fcategorize\u002Ftags\u002Fexploit.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Ruby](\u002Fimages\u002Fruby.png)](\u002Fcategorize\u002Flangs\u002FRuby.md)|\n|Army-Knife|[jaeles](https:\u002F\u002Fgithub.com\u002Fjaeles-project\u002Fjaeles)|The Swiss Army knife for automated Web Application Testing |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fjaeles-project\u002Fjaeles?label=%20)|[`live-audit`](\u002Fcategorize\u002Ftags\u002Flive-audit.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Army-Knife|[axiom](https:\u002F\u002Fgithub.com\u002Fpry0cc\u002Faxiom)|A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fpry0cc\u002Faxiom?label=%20)|[`infra`](\u002Fcategorize\u002Ftags\u002Finfra.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Proxy|[Glorp](https:\u002F\u002Fgithub.com\u002Fdenandz\u002Fglorp)|A CLI-based HTTP intercept and replay proxy|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdenandz\u002Fglorp?label=%20)|[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Proxy|[Caido](https:\u002F\u002Fcaido.io)|A lightweight web security auditing toolkit||[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)![caido](\u002Fimages\u002Fcaido.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Proxy|[proxify](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fproxify)|Swiss Army knife Proxy tool for HTTP\u002FHTTPS traffic capture, manipulation and replay|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fproxify?label=%20)|[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Proxy|[hetty](https:\u002F\u002Fgithub.com\u002Fdstotijn\u002Fhetty)|Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdstotijn\u002Fhetty?label=%20)|[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Proxy|[mitmproxy](https:\u002F\u002Fgithub.com\u002Fmitmproxy\u002Fmitmproxy)|An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmitmproxy\u002Fmitmproxy?label=%20)|[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Proxy|[EvilProxy](https:\u002F\u002Fgithub.com\u002Fbbtfr\u002Fevil-proxy)|A ruby http\u002Fhttps proxy to do EVIL things.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbbtfr\u002Fevil-proxy?label=%20)|[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Ruby](\u002Fimages\u002Fruby.png)](\u002Fcategorize\u002Flangs\u002FRuby.md)|\n|Proxy|[Echo Mirage](https:\u002F\u002Fsourceforge.net\u002Fprojects\u002Fechomirage.oldbutgold.p\u002F)|A generic network proxy that uses DLL injection to capture and alter TCP traffic.||[`mitmproxy`](\u002Fcategorize\u002Ftags\u002Fmitmproxy.md)|![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[lazyrecon](https:\u002F\u002Fgithub.com\u002Fnahamsec\u002Flazyrecon)|This script is intended to automate your reconnaissance process in an organized fashion |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fnahamsec\u002Flazyrecon?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[asnmap](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fasnmap)|Go CLI and Library for quickly mapping organization network ranges using ASN information|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fasnmap?label=%20)|[`asn`](\u002Fcategorize\u002Ftags\u002Fasn.md) [`network-mapping`](\u002Fcategorize\u002Ftags\u002Fnetwork-mapping.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[uncover](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Funcover)|Quickly discover exposed hosts on the internet using multiple search engine.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Funcover?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[parameth](https:\u002F\u002Fgithub.com\u002FmaK-\u002Fparameth)|This tool can be used to brute discover GET and POST parameters|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FmaK-\u002Fparameth?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[Chaos Web](https:\u002F\u002Fchaos.projectdiscovery.io)| actively scan and maintain internet-wide assets' data. enhance research and analyse changes around DNS for better insights.|||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[cloudlist](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fcloudlist)|Cloudlist is a tool for listing Assets from multiple Cloud Providers|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fcloudlist?label=%20)|[`cloud`](\u002Fcategorize\u002Ftags\u002Fcloud.md) [`asset-discovery`](\u002Fcategorize\u002Ftags\u002Fasset-discovery.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[puredns](https:\u002F\u002Fgithub.com\u002Fd3mondev\u002Fpuredns)|Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fd3mondev\u002Fpuredns?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[spiderfoot](https:\u002F\u002Fgithub.com\u002Fsmicallef\u002Fspiderfoot)|SpiderFoot automates OSINT collection so that you can focus on analysis.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsmicallef\u002Fspiderfoot?label=%20)|[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[subs_all](https:\u002F\u002Fgithub.com\u002Femadshanab\u002Fsubs_all)|Subdomain Enumeration Wordlist. 8956437 unique words. Updated. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Femadshanab\u002Fsubs_all?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[hakrevdns](https:\u002F\u002Fgithub.com\u002Fhakluke\u002Fhakrevdns)|Small, fast tool for performing reverse DNS lookups en masse. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhakluke\u002Fhakrevdns?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[3klCon](https:\u002F\u002Fgithub.com\u002Feslam3kl\u002F3klCon)|Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Feslam3kl\u002F3klCon?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[apkleaks](https:\u002F\u002Fgithub.com\u002Fdwisiswant0\u002Fapkleaks)|Scanning APK file for URIs, endpoints & secrets. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdwisiswant0\u002Fapkleaks?label=%20)|[`apk`](\u002Fcategorize\u002Ftags\u002Fapk.md) [`url`](\u002Fcategorize\u002Ftags\u002Furl.md) [`endpoint`](\u002Fcategorize\u002Ftags\u002Fendpoint.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[waybackurls](https:\u002F\u002Fgithub.com\u002Ftomnomnom\u002Fwaybackurls)|Fetch all the URLs that the Wayback Machine knows about for a domain |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ftomnomnom\u002Fwaybackurls?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[csprecon](https:\u002F\u002Fgithub.com\u002Fedoardottt\u002Fcsprecon)|Discover new target domains using Content Security Policy|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fedoardottt\u002Fcsprecon?label=%20)|[`csp`](\u002Fcategorize\u002Ftags\u002Fcsp.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[dirsearch](https:\u002F\u002Fgithub.com\u002Fmaurosoria\u002Fdirsearch)|Web path scanner |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmaurosoria\u002Fdirsearch?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[meg](https:\u002F\u002Fgithub.com\u002Ftomnomnom\u002Fmeg)|Fetch many paths for many hosts - without killing the hosts |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ftomnomnom\u002Fmeg?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[tlsx](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Ftlsx)|Fast and configurable TLS grabber focused on TLS based data collection|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Ftlsx?label=%20)|[`ssl`](\u002Fcategorize\u002Ftags\u002Fssl.md) [`tls`](\u002Fcategorize\u002Ftags\u002Ftls.md) [`certificates`](\u002Fcategorize\u002Ftags\u002Fcertificates.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[rusolver](https:\u002F\u002Fgithub.com\u002FEdu4rdSHL\u002Frusolver)|Fast and accurate DNS resolver.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FEdu4rdSHL\u002Frusolver?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Recon|[Osmedeus](https:\u002F\u002Fgithub.com\u002Fj3ssie\u002FOsmedeus)|Fully automated offensive security framework for reconnaissance and vulnerability scanning |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fj3ssie\u002FOsmedeus?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[Sudomy](https:\u002F\u002Fgithub.com\u002Fscreetsec\u002FSudomy)|subdomain enumeration tool to collect subdomains and analyzing domains|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fscreetsec\u002FSudomy?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[ParamWizard](https:\u002F\u002Fgithub.com\u002Fiamunixtz\u002FParamWizard)|ParamWizard is a powerful Python-based tool designed for extracting and identifying URLs with parameters from a specified website.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fiamunixtz\u002FParamWizard?label=%20)|[`param`](\u002Fcategorize\u002Ftags\u002Fparam.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[sn0int](https:\u002F\u002Fgithub.com\u002Fkpcyrd\u002Fsn0int)|Semi-automatic OSINT framework and package manager|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fkpcyrd\u002Fsn0int?label=%20)|[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Recon|[pagodo](https:\u002F\u002Fgithub.com\u002Fopsdisk\u002Fpagodo)|pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fopsdisk\u002Fpagodo?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[reconftw](https:\u002F\u002Fgithub.com\u002Fsix2dez\u002Freconftw)|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsix2dez\u002Freconftw?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[gauplus](https:\u002F\u002Fgithub.com\u002Fbp0lr\u002Fgauplus)|A modified version of gau for personal usage. Support workers, proxies and some extra things.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbp0lr\u002Fgauplus?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[SecretFinder](https:\u002F\u002Fgithub.com\u002Fm4ll0k\u002FSecretFinder)|SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fm4ll0k\u002FSecretFinder?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[Parth](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FParth)|Heuristic Vulnerable Parameter Scanner |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fs0md3v\u002FParth?label=%20)|[`param`](\u002Fcategorize\u002Ftags\u002Fparam.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[waymore](https:\u002F\u002Fgithub.com\u002Fxnl-h4ck3r\u002Fwaymore)|Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fxnl-h4ck3r\u002Fwaymore?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[htcat](https:\u002F\u002Fgithub.com\u002Fhtcat\u002Fhtcat)|Parallel and Pipelined HTTP GET Utility |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhtcat\u002Fhtcat?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[github-endpoints](https:\u002F\u002Fgithub.com\u002Fgwen001\u002Fgithub-endpoints)|Find endpoints on GitHub.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fgwen001\u002Fgithub-endpoints?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[scilla](https:\u002F\u002Fgithub.com\u002Fedoardottt\u002Fscilla)|🏴‍☠️ Information Gathering tool 🏴‍☠️ dns\u002Fsubdomain\u002Fport enumeration|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fedoardottt\u002Fscilla?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md) [`port`](\u002Fcategorize\u002Ftags\u002Fport.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[urx](https:\u002F\u002Fgithub.com\u002Fhahwul\u002Furx)|Extracts URLs from OSINT Archives for Security Insights|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhahwul\u002Furx?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Recon|[zdns](https:\u002F\u002Fgithub.com\u002Fzmap\u002Fzdns)|Fast CLI DNS Lookup Tool|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fzmap\u002Fzdns?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[bbot](https:\u002F\u002Fgithub.com\u002Fblacklanternsecurity\u002Fbbot)|OSINT automation for hackers|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fblacklanternsecurity\u002Fbbot?label=%20)|[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[favirecon](https:\u002F\u002Fgithub.com\u002Fedoardottt\u002Ffavirecon)|Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fedoardottt\u002Ffavirecon?label=%20)|[`favicon`](\u002Fcategorize\u002Ftags\u002Ffavicon.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[httpx](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fhttpx)|httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fhttpx?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[CT_subdomains](https:\u002F\u002Fgithub.com\u002Finternetwache\u002FCT_subdomains)|An hourly updated list of subdomains gathered from certificate transparency logs |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Finternetwache\u002FCT_subdomains?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[shosubgo](https:\u002F\u002Fgithub.com\u002Fincogbyte\u002Fshosubgo)|Small tool to Grab subdomains using Shodan api.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fincogbyte\u002Fshosubgo?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[noir](https:\u002F\u002Fgithub.com\u002Fnoir-cr\u002Fnoir)|Attack surface detector that identifies endpoints by static analysis|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fnoir-cr\u002Fnoir?label=%20)|[`endpoint`](\u002Fcategorize\u002Ftags\u002Fendpoint.md) [`url`](\u002Fcategorize\u002Ftags\u002Furl.md) [`attack-surface`](\u002Fcategorize\u002Ftags\u002Fattack-surface.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)[![Crystal](\u002Fimages\u002Fcrystal.png)](\u002Fcategorize\u002Flangs\u002FCrystal.md)|\n|Recon|[gowitness](https:\u002F\u002Fgithub.com\u002Fsensepost\u002Fgowitness)|🔍 gowitness - a golang, web screenshot utility using Chrome Headless |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsensepost\u002Fgowitness?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[Shodan](https:\u002F\u002Fwww.shodan.io\u002F)| World's first search engine for Internet-connected devices||[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[altdns](https:\u002F\u002Fgithub.com\u002Finfosec-au\u002Faltdns)|Generates permutations, alterations and mutations of subdomains and then resolves them |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Finfosec-au\u002Faltdns?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md) [`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[xnLinkFinder](https:\u002F\u002Fgithub.com\u002Fxnl-h4ck3r\u002FxnLinkFinder)|A python tool used to discover endpoints (and potential parameters) for a given target|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fxnl-h4ck3r\u002FxnLinkFinder?label=%20)|[`js-analysis`](\u002Fcategorize\u002Ftags\u002Fjs-analysis.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[go-dork](https:\u002F\u002Fgithub.com\u002Fdwisiswant0\u002Fgo-dork)|The fastest dork scanner written in Go. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdwisiswant0\u002Fgo-dork?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[gobuster](https:\u002F\u002Fgithub.com\u002FOJ\u002Fgobuster)|Directory\u002FFile, DNS and VHost busting tool written in Go |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FOJ\u002Fgobuster?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[JSFScan.sh](https:\u002F\u002Fgithub.com\u002FKathanP19\u002FJSFScan.sh)|Automation for javascript recon in bug bounty. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FKathanP19\u002FJSFScan.sh?label=%20)|[`js-analysis`](\u002Fcategorize\u002Ftags\u002Fjs-analysis.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[dnsx](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fdnsx)|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fdnsx?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[goverview](https:\u002F\u002Fgithub.com\u002Fj3ssie\u002Fgoverview)|goverview - Get an overview of the list of URLs|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fj3ssie\u002Fgoverview?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[BLUTO](https:\u002F\u002Fgithub.com\u002Fdarryllane\u002FBluto)|DNS Analysis Tool|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdarryllane\u002FBluto?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[crawlergo](https:\u002F\u002Fgithub.com\u002FQianlitp\u002Fcrawlergo)|A powerful browser crawler for web vulnerability scanners|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FQianlitp\u002Fcrawlergo?label=%20)|[`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[recon_profile](https:\u002F\u002Fgithub.com\u002Fnahamsec\u002Frecon_profile)|Recon profile (bash profile) for bugbounty |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fnahamsec\u002Frecon_profile?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[Sub404](https:\u002F\u002Fgithub.com\u002Fr3curs1v3-pr0xy\u002Fsub404)|A python tool to check subdomain takeover vulnerability|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fr3curs1v3-pr0xy\u002Fsub404?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`takeover`](\u002Fcategorize\u002Ftags\u002Ftakeover.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[Arjun](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FArjun)|HTTP parameter discovery suite. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fs0md3v\u002FArjun?label=%20)|[`param`](\u002Fcategorize\u002Ftags\u002Fparam.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[xurlfind3r](https:\u002F\u002Fgithub.com\u002Fhueristiq\u002Fxurlfind3r)|A command-line utility designed to discover URLs for a given domain in a simple, efficient way.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhueristiq\u002Fxurlfind3r?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[HydraRecon](https:\u002F\u002Fgithub.com\u002Faufzayed\u002FHydraRecon)|All In One, Fast, Easy Recon Tool|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Faufzayed\u002FHydraRecon?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[cariddi](https:\u002F\u002Fgithub.com\u002Fedoardottt\u002Fcariddi)|Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fedoardottt\u002Fcariddi?label=%20)|[`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[knock](https:\u002F\u002Fgithub.com\u002Fguelfoweb\u002Fknock)|Knock Subdomain Scan |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fguelfoweb\u002Fknock?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[Sublist3r](https:\u002F\u002Fgithub.com\u002Faboul3la\u002FSublist3r)|Fast subdomains enumeration tool for penetration testers |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Faboul3la\u002FSublist3r?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[uro](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002Furo)|declutters url lists for crawling\u002Fpentesting|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fs0md3v\u002Furo?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[OneForAll](https:\u002F\u002Fgithub.com\u002Fshmilylty\u002FOneForAll)|OneForAll是一款功能强大的子域收集工具 |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fshmilylty\u002FOneForAll?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[Silver](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FSilver)|Mass scan IPs for vulnerable services |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fs0md3v\u002FSilver?label=%20)|[`port`](\u002Fcategorize\u002Ftags\u002Fport.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[haktrails](https:\u002F\u002Fgithub.com\u002Fhakluke\u002Fhaktrails)|Golang client for querying SecurityTrails API data|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhakluke\u002Fhaktrails?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[dmut](https:\u002F\u002Fgithub.com\u002Fbp0lr\u002Fdmut)|A tool to perform permutations, mutations and alteration of subdomains in golang.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbp0lr\u002Fdmut?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[assetfinder](https:\u002F\u002Fgithub.com\u002Ftomnomnom\u002Fassetfinder)|Find domains and subdomains related to a given domain |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ftomnomnom\u002Fassetfinder?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[gospider](https:\u002F\u002Fgithub.com\u002Fjaeles-project\u002Fgospider)|Gospider - Fast web spider written in Go |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fjaeles-project\u002Fgospider?label=%20)|[`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[megplus](https:\u002F\u002Fgithub.com\u002FEdOverflow\u002Fmegplus)|Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED] |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FEdOverflow\u002Fmegplus?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[naabu](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fnaabu)|A fast port scanner written in go with focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fnaabu?label=%20)|[`portscan`](\u002Fcategorize\u002Ftags\u002Fportscan.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[dnsprobe](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fdnsprobe)|DNSProb (beta) is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fdnsprobe?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[longtongue](https:\u002F\u002Fgithub.com\u002Fedoardottt\u002Flongtongue)|Customized Password\u002FPassphrase List inputting Target Info|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fedoardottt\u002Flongtongue?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[GitMiner](https:\u002F\u002Fgithub.com\u002FUnkL4b\u002FGitMiner)|Tool for advanced mining for content on Github |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FUnkL4b\u002FGitMiner?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[ParamSpider](https:\u002F\u002Fgithub.com\u002Fdevanshbatham\u002FParamSpider)|Mining parameters from dark corners of Web Archives |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdevanshbatham\u002FParamSpider?label=%20)|[`param`](\u002Fcategorize\u002Ftags\u002Fparam.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[urlhunter](https:\u002F\u002Fgithub.com\u002Futkusen\u002Furlhunter)|a recon tool that allows searching on URLs that are exposed via shortener services|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Futkusen\u002Furlhunter?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[hakrawler](https:\u002F\u002Fgithub.com\u002Fhakluke\u002Fhakrawler)|Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhakluke\u002Fhakrawler?label=%20)|[`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[github-subdomains](https:\u002F\u002Fgithub.com\u002Fgwen001\u002Fgithub-subdomains)|Find subdomains on GitHub|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fgwen001\u002Fgithub-subdomains?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[BugBountyScanner](https:\u002F\u002Fgithub.com\u002Fchvancooten\u002FBugBountyScanner)|A Bash script and Docker image for Bug Bounty reconnaissance.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fchvancooten\u002FBugBountyScanner?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Recon|[x8](https:\u002F\u002Fgithub.com\u002FSh1Yo\u002Fx8)|Hidden parameters discovery suite|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FSh1Yo\u002Fx8?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Recon|[gitrob](https:\u002F\u002Fgithub.com\u002Fmichenriksen\u002Fgitrob)|Reconnaissance tool for GitHub organizations |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmichenriksen\u002Fgitrob?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[Hunt3r](https:\u002F\u002Fgithub.com\u002FEasyRecon\u002FHunt3r)|Made your bugbounty subdomains reconnaissance easier with Hunt3r the web application reconnaissance framework|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FEasyRecon\u002FHunt3r?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Ruby](\u002Fimages\u002Fruby.png)](\u002Fcategorize\u002Flangs\u002FRuby.md)|\n|Recon|[aquatone](https:\u002F\u002Fgithub.com\u002Fmichenriksen\u002Faquatone)|A Tool for Domain Flyovers |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmichenriksen\u002Faquatone?label=%20)|[`domain`](\u002Fcategorize\u002Ftags\u002Fdomain.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[DNSDumpster](https:\u002F\u002Fdnsdumpster.com)| Online dns recon & research, find & lookup dns records||[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md) [`online`](\u002Fcategorize\u002Ftags\u002Fonline.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[dnsvalidator](https:\u002F\u002Fgithub.com\u002Fvortexau\u002Fdnsvalidator)|Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fvortexau\u002Fdnsvalidator?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[STEWS](https:\u002F\u002Fgithub.com\u002FPalindromeLabs\u002FSTEWS)|A Security Tool for Enumerating WebSockets|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FPalindromeLabs\u002FSTEWS?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[Amass](https:\u002F\u002Fgithub.com\u002FOWASP\u002FAmass)|In-depth Attack Surface Mapping and Asset Discovery |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FOWASP\u002FAmass?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[SubBrute](https:\u002F\u002Fgithub.com\u002Faboul3la\u002FSublist3r)|https:\u002F\u002Fgithub.com\u002FTheRook\u002Fsubbrute|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Faboul3la\u002FSublist3r?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[getJS](https:\u002F\u002Fgithub.com\u002F003random\u002FgetJS)|A tool to fastly get all javascript sources\u002Ffiles|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F003random\u002FgetJS?label=%20)|[`js-analysis`](\u002Fcategorize\u002Ftags\u002Fjs-analysis.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[HostHunter](https:\u002F\u002Fgithub.com\u002FSpiderLabs\u002FHostHunter)|Recon tool for discovering hostnames using OSINT techniques.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FSpiderLabs\u002FHostHunter?label=%20)|[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[masscan](https:\u002F\u002Fgithub.com\u002Frobertdavidgraham\u002Fmasscan)|TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Frobertdavidgraham\u002Fmasscan?label=%20)|[`portscan`](\u002Fcategorize\u002Ftags\u002Fportscan.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![C](\u002Fimages\u002Fc.png)](\u002Fcategorize\u002Flangs\u002FC.md)|\n|Recon|[subgen](https:\u002F\u002Fgithub.com\u002Fpry0cc\u002Fsubgen)|A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fpry0cc\u002Fsubgen?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[shuffledns](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fshuffledns)|shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fshuffledns?label=%20)|[`dns`](\u002Fcategorize\u002Ftags\u002Fdns.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[subfinder](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fsubfinder)|Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fsubfinder?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[Photon](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002FPhoton)|Incredibly fast crawler designed for OSINT. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fs0md3v\u002FPhoton?label=%20)|[`osint`](\u002Fcategorize\u002Ftags\u002Fosint.md) [`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[Lepus](https:\u002F\u002Fgithub.com\u002Fgfek\u002FLepus)|Subdomain finder|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fgfek\u002FLepus?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[SubOver](https:\u002F\u002Fgithub.com\u002FIce3man543\u002FSubOver)|A Powerful Subdomain Takeover Tool|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FIce3man543\u002FSubOver?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`takeover`](\u002Fcategorize\u002Ftags\u002Ftakeover.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[SecurityTrails](https:\u002F\u002Fsecuritytrails.com)| Online dns \u002F subdomain \u002F recon tool||[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`online`](\u002Fcategorize\u002Ftags\u002Fonline.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)|\n|Recon|[rengine](https:\u002F\u002Fgithub.com\u002Fyogeshojha\u002Frengine)|reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fyogeshojha\u002Frengine?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![JavaScript](\u002Fimages\u002Fjavascript.png)](\u002Fcategorize\u002Flangs\u002FJavaScript.md)|\n|Recon|[graphw00f](https:\u002F\u002Fgithub.com\u002Fdolevf\u002Fgraphw00f)|GraphQL Server Engine Fingerprinting utility|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdolevf\u002Fgraphw00f?label=%20)|[`graphql`](\u002Fcategorize\u002Ftags\u002Fgraphql.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[jsluice](https:\u002F\u002Fgithub.com\u002FBishopFox\u002Fjsluice)|Extract URLs, paths, secrets, and other interesting bits from JavaScript|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FBishopFox\u002Fjsluice?label=%20)|[`js-analysis`](\u002Fcategorize\u002Ftags\u002Fjs-analysis.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[subjs](https:\u002F\u002Fgithub.com\u002Flc\u002Fsubjs)|Fetches javascript file from a list of URLS or subdomains.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Flc\u002Fsubjs?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md) [`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[katana](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fkatana)|A next-generation crawling and spidering framework.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fkatana?label=%20)|[`crawl`](\u002Fcategorize\u002Ftags\u002Fcrawl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[subzy](https:\u002F\u002Fgithub.com\u002FLukaSikic\u002Fsubzy)|Subdomain takeover vulnerability checker|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FLukaSikic\u002Fsubzy?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`takeover`](\u002Fcategorize\u002Ftags\u002Ftakeover.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[RustScan](https:\u002F\u002Fgithub.com\u002Fbrandonskerritt\u002FRustScan)|Faster Nmap Scanning with Rust |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbrandonskerritt\u002FRustScan?label=%20)|[`portscan`](\u002Fcategorize\u002Ftags\u002Fportscan.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Recon|[subjack](https:\u002F\u002Fgithub.com\u002Fhaccer\u002Fsubjack)|Subdomain Takeover tool written in Go |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhaccer\u002Fsubjack?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`takeover`](\u002Fcategorize\u002Ftags\u002Ftakeover.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[gau](https:\u002F\u002Fgithub.com\u002Flc\u002Fgau)|Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Flc\u002Fgau?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[chaos-client](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fchaos-client)|Go client to communicate with Chaos DNS API. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Fchaos-client?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[cc.py](https:\u002F\u002Fgithub.com\u002Fsi9int\u002Fcc.py)|Extracting URLs of a specific target based on the results of \"commoncrawl.org\" |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fsi9int\u002Fcc.py?label=%20)|[`url`](\u002Fcategorize\u002Ftags\u002Furl.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[intrigue-core](https:\u002F\u002Fgithub.com\u002Fintrigueio\u002Fintrigue-core)|Discover Your Attack Surface |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fintrigueio\u002Fintrigue-core?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Ruby](\u002Fimages\u002Fruby.png)](\u002Fcategorize\u002Flangs\u002FRuby.md)|\n|Recon|[Smap](https:\u002F\u002Fgithub.com\u002Fs0md3v\u002Fsmap\u002F)|a drop-in replacement for Nmap powered by shodan.io|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fs0md3v\u002Fsmap\u002F?label=%20)|[`port`](\u002Fcategorize\u002Ftags\u002Fport.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[fhc](https:\u002F\u002Fgithub.com\u002FEdu4rdSHL\u002Ffhc)|Fast HTTP Checker.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FEdu4rdSHL\u002Ffhc?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Recon|[alterx](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Falterx)|Fast and customizable subdomain wordlist generator using DSL|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fprojectdiscovery\u002Falterx?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md) [`wordlist`](\u002Fcategorize\u002Ftags\u002Fwordlist.md) [`permutation`](\u002Fcategorize\u002Ftags\u002Fpermutation.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Recon|[FavFreak](https:\u002F\u002Fgithub.com\u002Fdevanshbatham\u002FFavFreak)|Making Favicon.ico based Recon Great again ! |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdevanshbatham\u002FFavFreak?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[LinkFinder](https:\u002F\u002Fgithub.com\u002FGerbenJavado\u002FLinkFinder)|A python script that finds endpoints in JavaScript files |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FGerbenJavado\u002FLinkFinder?label=%20)|[`js-analysis`](\u002Fcategorize\u002Ftags\u002Fjs-analysis.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Recon|[findomain](https:\u002F\u002Fgithub.com\u002FEdu4rdSHL\u002Ffindomain)|The fastest and cross-platform subdomain enumerator, do not waste your time. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FEdu4rdSHL\u002Ffindomain?label=%20)|[`subdomains`](\u002Fcategorize\u002Ftags\u002Fsubdomains.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Fuzzer|[ParamPamPam](https:\u002F\u002Fgithub.com\u002FBo0oM\u002FParamPamPam)|This tool for brute discover GET and POST parameters.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FBo0oM\u002FParamPamPam?label=%20)|[`param`](\u002Fcategorize\u002Ftags\u002Fparam.md) [`cache-vuln`](\u002Fcategorize\u002Ftags\u002Fcache-vuln.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[wfuzz](https:\u002F\u002Fgithub.com\u002Fxmendez\u002Fwfuzz)|Web application fuzzer |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fxmendez\u002Fwfuzz?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[dotdotpwn](https:\u002F\u002Fgithub.com\u002Fwireghoul\u002Fdotdotpwn)|DotDotPwn - The Directory Traversal Fuzzer |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fwireghoul\u002Fdotdotpwn?label=%20)|[`path-traversal`](\u002Fcategorize\u002Ftags\u002Fpath-traversal.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Perl](\u002Fimages\u002Fperl.png)](\u002Fcategorize\u002Flangs\u002FPerl.md)|\n|Fuzzer|[ppfuzz](https:\u002F\u002Fgithub.com\u002Fdwisiswant0\u002Fppfuzz)|A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdwisiswant0\u002Fppfuzz?label=%20)|[`prototypepollution`](\u002Fcategorize\u002Ftags\u002Fprototypepollution.md) [`prototype-pollution`](\u002Fcategorize\u002Ftags\u002Fprototype-pollution.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Fuzzer|[Clairvoyance](https:\u002F\u002Fgithub.com\u002Fnikitastupin\u002Fclairvoyance)|Obtain GraphQL API schema even if the introspection is disabled|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fnikitastupin\u002Fclairvoyance?label=%20)|[`graphql`](\u002Fcategorize\u002Ftags\u002Fgraphql.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[SmuggleFuzz](https:\u002F\u002Fgithub.com\u002FMoopinger\u002Fsmugglefuzz\u002F)|A rapid HTTP downgrade smuggling scanner written in Go.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FMoopinger\u002Fsmugglefuzz\u002F?label=%20)|[`smuggle`](\u002Fcategorize\u002Ftags\u002Fsmuggle.md) [`fuzz`](\u002Fcategorize\u002Ftags\u002Ffuzz.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[BatchQL](https:\u002F\u002Fgithub.com\u002Fassetnote\u002Fbatchql)|GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fassetnote\u002Fbatchql?label=%20)|[`graphql`](\u002Fcategorize\u002Ftags\u002Fgraphql.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[SSRFmap](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FSSRFmap)|Automatic SSRF fuzzer and exploitation tool |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fswisskyrepo\u002FSSRFmap?label=%20)|[`ssrf`](\u002Fcategorize\u002Ftags\u002Fssrf.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[fuzzparam](https:\u002F\u002Fgithub.com\u002F0xsapra\u002Ffuzzparam)|A fast go based param miner to fuzz possible parameters a URL can have.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F0xsapra\u002Ffuzzparam?label=%20)|[`param`](\u002Fcategorize\u002Ftags\u002Fparam.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[SSRFire](https:\u002F\u002Fgithub.com\u002Fksharinarayanan\u002FSSRFire)|An automated SSRF finder. Just give the domain name and your server and chill|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fksharinarayanan\u002FSSRFire?label=%20)|[`ssrf`](\u002Fcategorize\u002Ftags\u002Fssrf.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Fuzzer|[kiterunner](https:\u002F\u002Fgithub.com\u002Fassetnote\u002Fkiterunner)|Contextual Content Discovery Tool|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fassetnote\u002Fkiterunner?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[c-jwt-cracker](https:\u002F\u002Fgithub.com\u002Fbrendan-rius\u002Fc-jwt-cracker)|JWT brute force cracker written in C |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fbrendan-rius\u002Fc-jwt-cracker?label=%20)|[`jwt`](\u002Fcategorize\u002Ftags\u002Fjwt.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![C](\u002Fimages\u002Fc.png)](\u002Fcategorize\u002Flangs\u002FC.md)|\n|Fuzzer|[ffuf](https:\u002F\u002Fgithub.com\u002Fffuf\u002Fffuf)|Fast web fuzzer written in Go |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fffuf\u002Fffuf?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[crlfuzz](https:\u002F\u002Fgithub.com\u002Fdwisiswant0\u002Fcrlfuzz)|A fast tool to scan CRLF vulnerability written in Go |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdwisiswant0\u002Fcrlfuzz?label=%20)|[`crlf`](\u002Fcategorize\u002Ftags\u002Fcrlf.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Fuzzer|[hashcat](https:\u002F\u002Fgithub.com\u002Fhashcat\u002Fhashcat\u002F)|World's fastest and most advanced password recovery utility |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhashcat\u002Fhashcat\u002F?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![C](\u002Fimages\u002Fc.png)](\u002Fcategorize\u002Flangs\u002FC.md)|\n|Fuzzer|[BruteX](https:\u002F\u002Fgithub.com\u002F1N3\u002FBruteX)|Automatically brute force all services running on a target.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F1N3\u002FBruteX?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Fuzzer|[thc-hydra](https:\u002F\u002Fgithub.com\u002Fvanhauser-thc\u002Fthc-hydra)|hydra |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fvanhauser-thc\u002Fthc-hydra?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![C](\u002Fimages\u002Fc.png)](\u002Fcategorize\u002Flangs\u002FC.md)|\n|Fuzzer|[medusa](https:\u002F\u002Fgithub.com\u002Friza\u002Fmedusa)|Fastest recursive HTTP fuzzer, like a Ferrari. |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Friza\u002Fmedusa?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[headerpwn](https:\u002F\u002Fgithub.com\u002Fdevanshbatham\u002Fheaderpwn)|A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fdevanshbatham\u002Fheaderpwn?label=%20)|[`header`](\u002Fcategorize\u002Ftags\u002Fheader.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[jwt-hack](https:\u002F\u002Fgithub.com\u002Fhahwul\u002Fjwt-hack)|🔩 jwt-hack is tool for hacking \u002F security testing to JWT. Supported for En\u002Fdecoding JWT, Generate payload for JWT attack and very fast cracking(dict\u002Fbrutefoce)|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhahwul\u002Fjwt-hack?label=%20)|[`jwt`](\u002Fcategorize\u002Ftags\u002Fjwt.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Fuzzer|[CrackQL](https:\u002F\u002Fgithub.com\u002Fnicholasaleks\u002FCrackQL)|CrackQL is a GraphQL password brute-force and fuzzing utility.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fnicholasaleks\u002FCrackQL?label=%20)|[`graphql`](\u002Fcategorize\u002Ftags\u002Fgraphql.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[feroxbuster](https:\u002F\u002Fgithub.com\u002Fepi052\u002Fferoxbuster)|A fast, simple, recursive content discovery tool written in Rust.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fepi052\u002Fferoxbuster?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Rust](\u002Fimages\u002Frust.png)](\u002Fcategorize\u002Flangs\u002FRust.md)|\n|Fuzzer|[SSTImap](https:\u002F\u002Fgithub.com\u002Fvladko312\u002FSSTImap)|Automatic SSTI detection tool with interactive interface|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fvladko312\u002FSSTImap?label=%20)|[`ssti`](\u002Fcategorize\u002Ftags\u002Fssti.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[GraphQLmap](https:\u002F\u002Fgithub.com\u002Fswisskyrepo\u002FGraphQLmap)|GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fswisskyrepo\u002FGraphQLmap?label=%20)|[`graphql`](\u002Fcategorize\u002Ftags\u002Fgraphql.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Fuzzer|[jwt-cracker](https:\u002F\u002Fgithub.com\u002Flmammino\u002Fjwt-cracker)|Simple HS256 JWT token brute force cracker |![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Flmammino\u002Fjwt-cracker?label=%20)|[`jwt`](\u002Fcategorize\u002Ftags\u002Fjwt.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![JavaScript](\u002Fimages\u002Fjavascript.png)](\u002Fcategorize\u002Flangs\u002FJavaScript.md)|\n|Scanner|[web_cache_poison](https:\u002F\u002Fgithub.com\u002Ffngoo\u002Fweb_cache_poison)|web cache poison - Top 1 web hacking technique of 2019|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ffngoo\u002Fweb_cache_poison?label=%20)|[`cache-vuln`](\u002Fcategorize\u002Ftags\u002Fcache-vuln.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Shell](\u002Fimages\u002Fshell.png)](\u002Fcategorize\u002Flangs\u002FShell.md)|\n|Scanner|[ws-smuggler](https:\u002F\u002Fgithub.com\u002Fhahwul\u002Fws-smuggler)|WebSocket Connection Smuggler|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fhahwul\u002Fws-smuggler?label=%20)|[`smuggle`](\u002Fcategorize\u002Ftags\u002Fsmuggle.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Scanner|[Oralyzer](https:\u002F\u002Fgithub.com\u002Fr0075h3ll\u002FOralyzer)|Open Redirection Analyzer|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fr0075h3ll\u002FOralyzer?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Scanner|[osv-scanner](https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fosv-scanner)|Vulnerability scanner which uses the OSV database to find vulnerabilities in open source projects|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fgoogle\u002Fosv-scanner?label=%20)|[`vulnerability-scanner`](\u002Fcategorize\u002Ftags\u002Fvulnerability-scanner.md) [`dependency-scanning`](\u002Fcategorize\u002Ftags\u002Fdependency-scanning.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Go](\u002Fimages\u002Fgo.png)](\u002Fcategorize\u002Flangs\u002FGo.md)|\n|Scanner|[PwnXSS](https:\u002F\u002Fgithub.com\u002Fpwn0sec\u002FPwnXSS)|Vulnerability (XSS) scanner exploit|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fpwn0sec\u002FPwnXSS?label=%20)|[`xss`](\u002Fcategorize\u002Ftags\u002Fxss.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Scanner|[HRS](https:\u002F\u002Fgithub.com\u002FSafeBreach-Labs\u002FHRS)|HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper HTTP Request Smuggling in 2020.|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FSafeBreach-Labs\u002FHRS?label=%20)||![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Perl](\u002Fimages\u002Fperl.png)](\u002Fcategorize\u002Flangs\u002FPerl.md)|\n|Scanner|[AWSBucketDump](https:\u002F\u002Fgithub.com\u002Fjordanpotti\u002FAWSBucketDump)|Security Tool to Look For Interesting Files in S3 Buckets|![](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fjordanpotti\u002FAWSBucketDump?label=%20)|[`s3`](\u002Fcategorize\u002Ftags\u002Fs3.md)|![linux](\u002Fimages\u002Flinux.png)![macos](\u002Fimages\u002Fapple.png)![windows](\u002Fimages\u002Fwindows.png)[![Python](\u002Fimages\u002Fpython.png)](\u002Fcategorize\u002Flangs\u002FPython.md)|\n|Scanner|[nmap](https:\u002F\u002Fgithub.com\u002Fnmap\u002Fnmap)|Nm","WebHackersWeapons 是一个集合了多种用于Web安全测试和漏洞挖掘工具的项目。该项目主要使用Ruby语言开发，包含了从侦察、扫描到漏洞利用等多个阶段所需的工具，如代理、模糊测试器等，并支持多种网络安全技术特性，例如中间人攻击检测、在线审计和爬虫等。它适用于网络安全研究人员、渗透测试人员以及对Web安全感兴趣的开发者进行网站安全性评估和漏洞发现工作。","2026-06-11 03:14:11","top_language"]