CyberSecTools | Find Cybersecurity Tools and Resources

GitRob

A reconnaissance tool for GitHub organizations

0

Free

GitRob

A reconnaissance tool for GitHub organizations

0

+2

XSStrike

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

0

XSStrike

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

0

+1

Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

0

Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

0

+1

Blinder

A Python library for automating time-based blind SQL injection attacks

0

Blinder

A Python library for automating time-based blind SQL injection attacks

0

s3tk

A security toolkit for Amazon S3

0

s3tk

A security toolkit for Amazon S3

0

BlackWidow

A Python-based web application scanner for OSINT and fuzzing OWASP vulnerabilities

0

BlackWidow

A Python-based web application scanner for OSINT and fuzzing OWASP vulnerabilities

0

+3

Andor

A blind SQL injection tool written in Golang

0

Andor

A blind SQL injection tool written in Golang

0

censys-enumeration

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

0

censys-enumeration

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

0

+3

oxml_xxe

A tool for embedding XXE/XML exploits into different filetypes

0

Free

Honeypots

Xxe

oxml_xxe

A tool for embedding XXE/XML exploits into different filetypes

0

Free

Honeypots

Xxe

httprebind

Automatic tool for DNS rebinding-based SSRF attacks

0

Web Application Security

httprebind

Automatic tool for DNS rebinding-based SSRF attacks

0

+2

python-builtwith

BuiltWith API client

0

Free

Vulnerability Management

python-builtwith

BuiltWith API client

0

Free

Vulnerability Management

Api Metadata

Cloud

Cloud Security

+6

2tearsinabucket

A tool to enumerate S3 buckets for a specific target

0

2tearsinabucket

A tool to enumerate S3 buckets for a specific target

0

+4

surf

A tool to escalate SSRF vulnerabilities on modern cloud environments

0

Vulnerability Scanning

Security Testing

Pentest

surf

A tool to escalate SSRF vulnerabilities on modern cloud environments

0

Vulnerability Scanning

+2

fuzz.txt

A GitHub repository for fuzzing and testing file formats

0

fuzz.txt

A GitHub repository for fuzzing and testing file formats

0

HostileSubBruteforcer

A tool for bruteforcing subdomains of a given domain

0

HostileSubBruteforcer

A tool for bruteforcing subdomains of a given domain

0

+2

DOMdig

DOM XSS scanner for Single Page Applications

0

DOMdig

DOM XSS scanner for Single Page Applications

0

+1

BurpJSLinkFinder

A Burp extension for scanning JavaScript files for endpoint links

0

Vulnerability Detection

BurpJSLinkFinder

A Burp extension for scanning JavaScript files for endpoint links

0

+1

cariddi

A tool for security researchers and penetration testers to automate the process of finding sensitive information on a target domain.

0

cariddi

A tool for security researchers and penetration testers to automate the process of finding sensitive information on a target domain.

0

+1

Nosey Parker

A command-line program for finding secrets and sensitive information in textual data and Git history.

0

Nosey Parker

A command-line program for finding secrets and sensitive information in textual data and Git history.

0

+2

XSSOauthPersistence

Maintaining account persistence via XSS and Oauth

0

Free

Offensive Security

Xss

XSSOauthPersistence

Maintaining account persistence via XSS and Oauth

0

Free

Offensive Security

Xss

jwt_tool

A toolkit for testing, tweaking and cracking JSON Web Tokens

0

jwt_tool

A toolkit for testing, tweaking and cracking JSON Web Tokens

0

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

0

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

0

+3

Secret Bridge

Monitors GitHub for leaked secrets

0

Secret Bridge

Monitors GitHub for leaked secrets

0

+2

Nuclei

Fast and customizable vulnerability scanner

0

Free

Vulnerability Management

Vulnerability Scanner

Yaml

Customizable

Scanner

Nuclei

Fast and customizable vulnerability scanner

0

Free

Vulnerability Management

Vulnerability Scanner

Yaml

Customizable

+1

The Largest Collection of Cybersecurity Tools

Join Mandos Brief

PINNED

LATEST ADDITIONS

GitRob

GitRob

XSStrike

XSStrike

Can I take over XYZ?

Can I take over XYZ?

Blinder

Blinder

s3tk

s3tk

BlackWidow

BlackWidow

Andor

Andor

censys-enumeration

censys-enumeration

oxml_xxe

oxml_xxe

httprebind

httprebind

python-builtwith

python-builtwith

2tearsinabucket

2tearsinabucket

surf

surf

fuzz.txt

fuzz.txt

HostileSubBruteforcer

HostileSubBruteforcer

DOMdig

DOMdig

BurpJSLinkFinder

BurpJSLinkFinder

cariddi

cariddi

Nosey Parker

Nosey Parker

XSSOauthPersistence

XSSOauthPersistence

jwt_tool

jwt_tool

ysoserial

ysoserial

Secret Bridge

Secret Bridge

Nuclei

Nuclei