Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-bbht

https://github.com/QWERTSKIHACK/awesome-bbht

Last synced: about 6 hours ago
JSON representation

Subdomain-enum
- aquatone - A Tool for Domain Flyovers
- knockpy - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
- subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
- assetfinder - Find domains and subdomains related to a given domain
- rsdl - Subdomain Scan with the Ping Method
- subDomainizer - A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
- domain_analyzer - Analyze the security of any domain by finding all the information possible. Made in python.
- massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
- sub.sh - Online Subdomain Detect Script
- sublist3r - Fast subdomains enumeration tool for penetration testers
- Sudomy - Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way . Report output in HTML or CSV format https://github.com/Screetsec/
- domain-finder
- amass - In-depth Attack Surface Mapping and Asset Discovery
- subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Content Discovery
- AWS S3 Bucket
  - s3brute - s3 brute force tool
  - s3-bucket-finder - Find aws s3 buckets and extract datas.
  - bucket-stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs.
  - slurp - Enumerate S3 buckets via certstream, domain, or keywords.
  - lazys3 - A Ruby script to bruteforce for AWS s3 buckets using different permutations.
  - cred_scanner
  - DumpsterDiver - A tool used to analyze big volumes of various file types in search of harcoded secrets like keys (AWS Access Key, Azuer Share Key or SSH keys) or passwords.
  - S3Scanner - Scan for open AWS S3 buckets and dump the contents
- Inspecting JS Files
  - JSParser - A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files.
  - relative-url-extractor - A small tool that extracts relative URLs from a file.
  - sub.js - A tool to get javascript files from a list of URLS or subdomains
  - LinkFinder - A python script that finds endpoints in JavaScript files
  - github-search
- Crawlers
  - Crawler - Crawl website extract links
  - waybackMachine - Use wayback Machine data to pull a list of paths.
  - meg - Fetch many paths for many hosts - without killing the hosts
  - hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
  - igoturls - WaybackURLS + OtxURLS + CommonCrawl
- Directory Bruteforcers & Fuzzers
  - gobuster - Directory/File, DNS and VHost busting tool written in Go
  - ffuf - Fast web fuzzer written in Go
  - dirsearch - Web path scanner
- API
  - secretx - Extracting api keys and secrets by requesting each url in your list.
Exploitation
- Subdomain Takeover
  - subjack - Subdomain Takeover tool written in Go
  - subdomain-takeover - Subdomain Takeover Scanner | Subdomain Takeover Tool | by 0x94
  - SubOver - A Powerful Subdomain Takeover Tool
  - takeover - Sub-Domain TakeOver Vulnerability Scanner
- Google Cloud Storage
  - GCPBucketBrute - A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
- Digital Ocean
  - spaces-finder - A tool to hunt for publicly accessible DigitalOcean Spaces
- XXE
  - XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
- CSRF
  - XSRFProbe - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
- Command Injection
  - commix - Automated All-in-One OS command injection and exploitation tool. https://commixproject.com
- SQLi
  - sqlmap - Automatic SQL injection and database takeover tool http://sqlmap.org
  - sqliv - massive SQL injection vulnerability scanner
  - sqlmate - A friend of SQLmap which will do what you always expected from SQLmap.
- XSS
  - XSStrike - Most advanced XSS scanner.
  - XSS-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site - for my personal Educational purposes only
  - XSS-Finder - World's most Powerful and Advanced Cross Site Scripting Software
- Open Redirect
  - open-redirect-scanner - open redirect subdomains scanner
CMS
- Open Redirect
  - CMSmap - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
  - CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 170 other CMSs
  - wpscan - WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites
  - Drupwn - Drupal enumeration & exploitation tool
Frameworks
- Open Redirect
  - Sn1per - Automated pentest framework for offensive security experts
  - XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  - datasploit - An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
  - Osmedeus - Fully automated offensive security framework for reconnaissance and vulnerability scanning
  - TIDoS-Framework - The Offensive Manual Web Application Penetration Testing Framework.
  - discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
  - lazyrecon - This script is intended to automate your reconnaissance process in an organized fashion
  - 003Recon - Some tools to automate recon - 003random
  - LazyRecon - An automated approach to performing recon for bug bounty hunting and penetration testing.
Wordlists
- Open Redirect
  - SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
  - Jhaddix Wordlist
  - Nahamsec list
Other
- Open Redirect
  - altdns - Generates permutations, alterations and mutations of subdomains and then resolves them
  - Blazy - Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF.
  - httprobe
  - broken-link-checker
  - nmap - network mapper

Programming Languages

Python 31 Go 16 Shell 5 Ruby 4 JavaScript 2 PHP 2 PowerShell 1 C 1

Ecosyste.ms: Awesome

awesome-bbht

Subdomain-enum

Content Discovery

AWS S3 Bucket

Inspecting JS Files

Crawlers

Directory Bruteforcers & Fuzzers

API

Exploitation

Subdomain Takeover

Google Cloud Storage

Digital Ocean

XXE

CSRF

Command Injection

SQLi

XSS

Open Redirect

CMS

Open Redirect

Frameworks

Open Redirect

Wordlists

Open Redirect

Other

Open Redirect