Discovery

404checker

Auxiliary script thought to be used in Red Team exercises to check if a URL redirects to a masked 404 (such as 200 that redirects to a Not found page or similars). URLs must be passed sorted in order to improve performance.

Discovery

anew

Append lines from stdin to a file, but only if they don't already appear in the file. Outputs new lines to stdout too, making it a bit like a tee -a that removes duplicates.

Discovery

apkurlgrep

ApkUrlGrep is a tool that allows extract endpoints from APK files.

Discovery

aquatone

Aquatone is a tool for visual inspection of websites across a large number of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.

Discovery

aws-s3-data-finder

Find suspicious files (e.g. data backups, PII, credentials) across a large set of AWS S3 buckets and write the first 200k keys (by default) of listable buckets to a .json or .xml file (in buckets/) via AWS CLI or unauthenticated via HTTP requests.

Discovery

bfac

BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application's source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.

Discovery

cariddi

Take a list of domains, crawl URLs, and scan for endpoints, secrets, API keys, file extensions, tokens, and more...

Discovery

carlospolop-hakoriginfinder

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

Discovery

cloudscraper

CloudScraper is a Tool to spider and scrape targets in search of cloud resources. Plug in a URL and it will spider and search the source of spidered pages for strings such as 's3.amazonaws.com', 'windows.net' and 'digitaloceanspaces'. AWS, Azure, Digital Ocean resources are currently supported.

Discovery

crawlergo

A powerful browser crawler for web vulnerability scanners

Discovery

dirsearch

Web path scanner

Discovery

dora

Find exposed API keys based on RegEx and get exploitation methods for some of the keys that are found.

Discovery

fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Discovery

feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Discovery

fuzzuli

URL fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

Discovery

gau

getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain.

Discovery

gauplus

A modified version of (http://wwww.github.com/lc/gau)

Discovery

getjs

getJS is a tool to extract all the javascript files from a set of given urls. The urls can also be piped to gets, or you can specify a single url.

Discovery

gittools-dumper

Download .git repositories from webservers which do not have directory listing enabled

Discovery

gittools-dumper-extractor

Download .git repositories from webservers which do not have directory listing enabled and try to recover incomplete repositories

Discovery

gittools-extractor

Try to recover incomplete git repositories; this can be used in combination with gittools-dumper in case the downloaded repository is incomplete

Discovery

gittools-finder

Identify websites with publicly accessible .git repositories

Discovery

git-wild-hunt

A tool to hunt for credentials in the GitHub wild AKA git*hunt.

Discovery

gobuster-dir

A tool to brute-force directories and files in web sites.

Discovery

golinkfinder

A minimal JS endpoint extractor. It's used to extract endpoints in both HTML source and embedded javascript files. Useful for bug hunters, red teamers, infosec ninjas.

Discovery

gospider

Fast web spider written in Go

Discovery

gowitness

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.

Discovery

gowitness-db

gowitness version that outputs a sqlite3 database. gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.

Discovery

gowitness-nmap

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.

Discovery

hakcheckurl

Takes a list of URLs and returns their HTTP response codes.

Discovery

hakrawler

Fast golang web crawler for gathering URLs and JavaSript file locations. This is basically a simple implementation of the awesome Gocolly library.

Discovery

httpx-screenshot

Take screenshots with httpx. Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads

Discovery

httpx-screenshot-zip

Take screenshots with httpx and export them to a zip archive. Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads

Discovery

jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Discovery

katana

A next-generation crawling and spidering framework.

Discovery

kiterunner

Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning-fast speeds but also brute-forcing routes/endpoints in modern applications.

Discovery

linkfinder

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.

Discovery

mass-gitfinder

Identify websites with publicly accessible .git repositories

Discovery

mass-linkfinder

A wrapper around LinkFinder to input a list of JS URLs. LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.

Discovery

meg

Meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.

Discovery

scanless

This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf. Scanners list: hackertaget: https://hackertarget.com; ipfingerprints: https://www.ipfingerprints.com; spirderip: https://spiderip.com; standingtech: https://portscanner.standingtech.com; t1shopper: http://www.t1shopper.com; viewdns: https://viewdns.info; yougetsignal: https://www.yougetsignal.com.

Discovery

securitytrails-sql

Query Securitytrails API endpoint and embed the desired SQL queries.

Discovery

sourcemapper

Extract JavaScript source trees from Sourcemap files

Discovery

urlhunter

Urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. It works by brute forcing the URL shortener services and publishing matched results on a daily basis. Urlhunter downloads their collections and lets you analyse them.

Discovery

wappalyzer

Wappalyzer identifies technologies on websites, including content management systems, eCommerce platforms, JavaScript frameworks, analytics tools and much more.

Discovery

waybackrobots

Enumerate old versions of robots.txt paths using Wayback Machine for content discovery

Discovery

webanalyze

This is a port of Wappalyzer in Go. This tool is designed to be performant and allows to test huge lists of hosts.

Discovery

webscreenshot

A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script.

Discovery

witnessme-grab

WitnessMe grab mode. WitnessMe is a primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.

Discovery

witnessme-screenshot

WitnessMe screenshot mode. WitnessMe is a primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.

Discovery

xnlinkfinder

A python tool used to discover endpoints (and potential parameters) for a given target

Discovery

xurlfind3r

xurlfind3r is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.