OWASP Amass
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. Information Gathering Techniques Used: Technique Data Sources APIs 360PassiveDNS, Ahrefs, AnubisDB, BeVigil, BinaryEdge, BufferOver, BuiltWith, C99, Chaos, CIRCL, DNSDB, DNSRepo, Deepinfo, Detectify, FOFA, FullHunt, GitHub, GitLab, GrepApp, Greynoise, HackerTarget, Hunter, IntelX, LeakIX, Maltiverse, Mnemonic, Netlas, Pastebin, PassiveTotal, PentestTools, Pulsedive, Quake, SOCRadar, Searchcode, Shodan, Spamhaus, Sublist3rAPI, SubdomainCenter, ThreatBook, ThreatMiner, URLScan, VirusTotal, Yandex, ZETAlytics, ZoomEye Certificates Active pulls (optional), Censys, CertCentral, CertSpotter, Crtsh, Digitorus, FacebookCT DNS Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing Routing ASNLookup, BGPTools, BGPView, BigDataCloud, IPdata, IPinfo, RADb, Robtex, ShadowServer, TeamCymru Scraping AbuseIPDB, Ask, Baidu, Bing, CSP Header, DNSDumpster, DNSHistory, DNSSpy, DuckDuckGo, Gists, Google, HackerOne, HyperStat, PKey, RapidDNS
FEATURES
ALTERNATIVES
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
Python Exploit Development Assistance for GDB with enhanced debugging features and commands for exploit development.
A set of YARA rules for identifying files containing sensitive information
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.